<br><div class="gmail_quote"><br> I'm try eap-fast method.<br>
But error happens:<br>
4c e8 59 6b 27<br>
EAP-FAST: server_random - hexdump(len=32): 4e 5d da af 1f eb a8 e0 fa c6 27<br>
89 e5 70 a3 fb 11 19 7a 4c c6 20 77 69 de 4b cd 38 b9 d8 40 dd<br>
EAP-FAST: master_secret - hexdump(len=48): [REMOVED]<br>
SSL: (where=0x4008 ret=0x228)<br>
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:handshake<br>
failure<br>
SSL: (where=0x2002 ret=0xffffffff)<br>
SSL: SSL_accept:error in SSLv3 read client hello C<br>
OpenSSL: openssl_handshake - SSL_connect error:1408A0C1:SSL<br>
routines:SSL3_GET_CLIENT_<div>HELLO:no shared cipher<br>
SSL: 7 bytes pending from ssl_out<br>
SSL: Failed - tls_out available to report error<br>
EAP-FAST: TLS processing failed<br>
EAP-FAST: PHASE1 -> FAILURE<br>
EAP: EAP entering state SELECT_ACTION<br>
EAP: getDecision: method failed -> FAILURE<br>
EAP: EAP entering state FAILURE<br>
EAP: Building EAP-Failure (id=116)<br>
What does this mean? Is my config wrong?<br>
<br>
<br>
<br>
<br>
My Config file is as following:<br>
interface=eth2<br>
driver=wired<br>
logger_stdout=-1<br>
logger_stdout_level=1<br>
debug=2<br>
dump_file=/tmp/hostapd.dump<br>
ctrl_interface=/var/run/hostapd<br>
<br>
ieee8021x=1<br>
eap_server=1<br>
eap_user_file=/home/test/work/eap-fast/hostapd/hostapd-0.7.3/hostapd/hostapd.eap_user.wired<br>
eap_reauth_period=3600<br>
dh_file=/etc/hostapd/hostapd.dh.pem<br>
use_pae_group_addr=1<br>
pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f<br>
<br>
eap_fast_a_id=201112131415161718191a1b1c1d1e1f<br>
eap_fast_a_id_info=test server<br>
<br>
eap_fast_prov=3<br>
pac_key_lifetime=604800<br>
pac_key_refresh_time=86400<br>
<br>
##### RADIUS configuration<br>
####################################################<br>
# for IEEE 802.1X with external Authentication Server, IEEE 802.11<br>
# authentication with external ACL for MAC addresses, and accounting<br>
<br>
# The own IP address of the access point (used as NAS-IP-Address)<br>
own_ip_addr=127.0.0.1<br>
<br>
# RADIUS authentication server<br>
auth_server_addr=127.0.0.1<br>
auth_server_port=1812<br>
auth_server_shared_secret=radius*<br>
<br>
<br> And the content of hostapd.eap_user.wired is:<br>
# Phase 1 users<br>
"user" MD5 "password"<br>
"test user" MD5 "secret"<br>
"FAST-000102030405" FAST<br>
<br>
# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users<br>
"t-md5" MD5 "password" [2]<br>
"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2]<br>
"t-gtc" GTC "password" [2]<br>
"not anonymous" MSCHAPV2 "password" [2]<br>
"user" MD5,GTC,MSCHAPV2 "password" [2]<br>
"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2]<br>
"ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2<br>
"password" [2]<br>
<br>
<br>
Config for wpa_supplicant is:<br>
ctrl_interface=/var/run/wpa_supplicant<br>
<br>
ctrl_interface_group=root<br>
<br>
ap_scan=0<br>
fast_reauth=1<br>
network={<br>
ssid=""<br>
scan_ssid=0<br>
key_mgmt=IEEE8021X<br>
eap=FAST<br>
identity="user"<br>
password="password"<br>
anonymous_identity="FAST-000102030405"<br>
phase1="fast_provisioning=1"<br>
pac_file="/etc/wpa_supplicant.eap-fast-pac"<br>
<br>
}<br>
<br>
I noticed we should config certificate file for EAP-TLS/PEAP/TTLS.<br>
But do we need config certificate file for EAP-FAST?<br>
<br>
<br>
Best Regards.<br>
</div>
</div><br>