My hostapd version is 0.6.10, and i want to use hostapd as integrated EAP server, and support EAP FAST.<br><br>my hostapd config file is like this:<br><br><br>bridge=br0<br>interface=ath0<br>driver=atheros<br>ssid=wififast<br>
ieee8021x=1<br>eap_server=1<br>eap_user_file=/fasttest/<div id=":20">hostapd.eap_user<br>ca_cert=/test/ca.pem<br>server_cert=/test/server.pem<br>private_key=/test/server.p12<br>private_key_passwd=123456<br>dh_file=/test/dh<br>
pac_opaque_encr_key=000102030405060708090a0b0c0d0e0f<br>
eap_fast_a_id=101112131415161718191a1b1c1d1e1f<br>eap_fast_a_id_info=fast<br>eap_fast_prov=3<br>pac_key_lifetime=604800<br>pac_key_refresh_time=86400<br>wpa=2<br>wpa_key_mgmt=WPA-EAP<br>wpa_pairwise=CCMP<br>rsn_preauth=1<br>
rsn_preauth_interfaces=br0<br><br><br>My hostapd.eap_user is :<br>"client_fast" FAST<br>"client_fast" MSCHAPV2 "123456" [2].<br><br><br>when i use my wifi card connect to the ssid "wififast", it always failed. <br>
This is my hostapd log file:<br><br><br>[--WIFI---]:Association(00:25:86:21:05:05)<br><br>ath0: STA 00:25:86:21:05:05 WPA: event 1 notification<br>madwifi_del_key: addr=00:25:86:21:05:05 key_idx=0<br><br><br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: start authentication<br>
EAP: Server state machine created<br>IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state IDLE<br>IEEE 802.1X: 00:25:86:21:05:05 CTRL_DIR entering state FORCE_BOTH<br>ath0: STA 00:25:86:21:05:05 WPA: start authentication<br>
<br>WPA: 00:25:86:21:05:05 WPA_PTK entering state INITIALIZE<br>madwifi_del_key: addr=00:25:86:21:05:05 key_idx=0<br>WPA: 00:25:86:21:05:05 WPA_PTK_GROUP entering state IDLE<br>WPA: 00:25:86:21:05:05 WPA_PTK entering state AUTHENTICATION<br>
WPA: 00:25:86:21:05:05 WPA_PTK entering state AUTHENTICATION2<br>IEEE 802.1X: 00:25:86:21:05:05 AUTH_PAE entering state DISCONNECTED<br>madwifi_set_sta_authorized: addr=00:25:86:21:05:05 authorized=0<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: unauthorizing port<br>
IEEE 802.1X: 00:25:86:21:05:05 AUTH_PAE entering state RESTART<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state SELECT_ACTION<br>EAP: getDecision: no identity known yet -> CONTINUE<br>EAP: EAP entering state PROPOSE_METHOD<br>
EAP: getNextMethod: vendor 0 type 1<br>EAP: EAP entering state METHOD_REQUEST<br>EAP: building EAP-Request: Identifier 231<br>EAP: EAP entering state SEND_REQUEST<br>EAP: EAP entering state IDLE<br>EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)<br>
IEEE 802.1X: 00:25:86:21:05:05 AUTH_PAE entering state CONNECTING<br>IEEE 802.1X: 00:25:86:21:05:05 AUTH_PAE entering state AUTHENTICATING<br>IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state REQUEST<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: Sending EAP Packet (identifier 231)<br>
TX EAPOL - hexdump(len=23): 00 25 86 21 05 05 00 25 7a 16 02 0f 88 8e 02 00 00 05 01 e7 00 05 01<br>IEEE 802.1X: 20 bytes from 00:25:86:21:05:05<br> IEEE 802.1X: version=1 type=0 length=16<br>EAP: code=2 identifier=231 length=16<br>
(response)<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: received EAP packet (code=2 id=231 len=16) from STA: EAP Response-Identity (1)<br>IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state RESPONSE<br>EAP: EAP entering state RECEIVED<br>
EAP: parseEapResp: rxResp=1 respId=231 respMethod=1 respVendor=0 respVendorMethod=0<br>EAP: EAP entering state INTEGRITY_CHECK<br>EAP: EAP entering state METHOD_RESPONSE<br>EAP-Identity: Peer identity - hexdump_ascii(len=11):<br>
63 6c 69 65 6e 74 5f 66 61 73 74 client_fast <br>EAP: EAP entering state SELECT_ACTION<br><br>EAP: getDecision: another method available -> CONTINUE<br>EAP: EAP entering state PROPOSE_METHOD<br>
EAP: getNextMethod: vendor 0 type 43<br>OpenSSL: cipher suites: ADH-AES128-SHA:AES128-SHA:DHE-RSA-AES128-SHA:EAP(ath0[Authed]), Src Mac = 00:25:86:21:05:05 Dst Mac = 00:25:7a:16:02:0f <br>RC4-SHA<br>EAP: EAIs peap[0]<br>
P entering stateEAP(br0[Authed]), Src Mac = 00:25:86:21:05:05 Dst Mac = 00:25:7a:16:02:0f <br> METHOD_REQUEST<br>EAP: building EAP-Request: Identifier 232<br>EAP-FAST: START -> PHASE1<br>EAP: EAP entering state SEND_REQUEST<br>
EAP: EAP entering state IDLE<br>EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)<br>IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state REQUEST<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: Sending EAP Packet (identifier 232)<br>
<br>IEEE 802.1X: 172 bytes from 00:25:86:21:05:05<br> IEEE 802.1X: version=1 type=0 length=168<br>EAP: code=2 identifier=232 length=168<br> (response)<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: received EAP packet (code=2 id=232 len=168) from STA: EAP Response-FAST (43)<br>
IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state RESPONSE<br>EAP: EAP entering state RECEIVED<br>EAP: parseEapResp: rxResp=1 respId=232 respMethod=43 respVendor=0 respVendorMethod=0<br>EAP: EAP entering state INTEGRITY_CHECK<br>
EAP: EAP entering state METHOD_RESPONSE<br>SSL: Received packet(len=168) - Flags 0x01<br>SSL: Received packet: Flags 0x1 Message Length 0<br>SSL: (where=0x10 ret=0x1)<br>SSL: (where=0x2001 ret=0x1)<br>SSL: SSL_accept:before/accept initialization<br>
OpenSSL: tls_hello_ext_cb: type=35 length=68<br>OpenSSL: ClientHello
SessionTicket extension - hexdump(len=68): 00 02 00 40 1f 09 04 32 c6 b4
57 be ac 31 e2 54 f9 66 d8 2d 01 d7 ad 62 2f 26 4b 9e b9 d7 39 47 fc 78
b0 67 d1 e7 f4 d8 0b bf 0c 4f 57 9a 3e 71 99 5b dc 12 03 8c e9 40 f2 43
f2 35 78 23 9b 0f 53 92 df da<br>
EAP-FAST: SessionTicket callback<br>EAP-FAST: SessionTicket (PAC-Opaque)
- hexdump(len=68): 00 02 00 40 1f 09 04 32 c6 b4 57 be ac 31 e2 54 f9
66 d8 2d 01 d7 ad 62 2f 26 4b 9e b9 d7 39 47 fc 78 b0 67 d1 e7 f4 d8 0b
bf 0c 4f 57 9a 3e 71 99 5b dc 12 03 8c e9 40 f2 43 f2 35 78 23 9b 0f 53
92 df da<br>
EAP-FAST: Received PAC-Opaque - hexdump(len=64): 1f 09 04 32 c6 b4 57 be
ac 31 e2 54 f9 66 d8 2d 01 d7 ad 62 2f 26 4b 9e b9 d7 39 47 fc 78 b0 67
d1 e7 f4 d8 0b bf 0c 4f 57 9a 3e 71 99 5b dc 12 03 8c e9 40 f2 43 f2 35
78 23 9b 0f 53 92 df da<br>
EAP-FAST: Decrypted PAC-Opaque - hexdump(len=56): [REMOVED]<br>EAP-FAST: PAC-Key from decrypted PAC-Opaque - hexdump(len=32): [REMOVED]<br>EAP-FAST: Identity from PAC-Opaque - hexdump_ascii(len=11):<br> 63 6c 69 65 6e 74 5f 66 61 73 74 client_fast <br>
EAP-FAST: client_random - hexdump(len=32): 4f 33 87 11 35 42 32 e9 18 46
a0 f3 c5 7e 38 2c f9 c4 7a 1e 33 37 2b 01 d7 38 7f ff 2a 4f 5a a8<br>EAP-FAST:
server_random - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br>
EAP-FAST: master_secret - hexdump(len=48): [REMOVED]<br>SSL: (where=0x2001 ret=0x1)<br>SSL: SSL_accept:SSLv3 read client hello A<br>SSL: (where=0x2001 ret=0x1)<br>SSL: SSL_accept:SSLv3 write server hello A<br>SSL: (where=0x2001 ret=0x1)<br>
SSL: SSL_accept:SSLv3 write change cipher spec A<br>SSL: (where=0x2001 ret=0x1)<br>SSL: SSL_accept:SSLv3 write finished A<br>SSL: (where=0x2001 ret=0x1)<br>SSL: SSL_accept:SSLv3 flush data<br>SSL: (where=0x2002 ret=0xffffffff)<br>
SSL: SSL_accept:error in SSLv3 read finished A<br>SSL: SSL_accept - want more data<br>SSL: 138 bytes pending from ssl_out<br>EAP: EAP entering state METHOD_REQUEST<br>EAP: building EAP-Request: Identifier 233<br>SSL: Generating Request<br>
SSL: Sending out 138 bytes (message sent completely)<br>EAP: EAP entering state SEND_REQUEST<br>EAP: EAP entering state IDLE<br>EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)<br>IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state REQUEST<br>
ath0: STA 00:25:86:21:05:05 IEEE 802.1X: Sending EAP Packet (identifier 233)<br><br>TX
EAPOL - hexdump(len=162): 00 25 86 21 05 05 00 25 7a 16 02 0f 88 8e 02
00 00 90 01 e9 00 90 2b 01 16 03 01 00 4a 02 00 00 46 03 01 38 6d 45 af
39 c1 f4 52 3c 52 a6 b9 aa d3 46 85 a0 67 eb 44 a4 fa 86 a0 44 59 e9 36
69 9f da 26 20 d1 ac e5 0b 6e f9 c5 45 9c 66 36 fd f4 75 48 9a 41 35 e8
ec 18 94 a8 92 a7 ce ca 7b c0 e1 60 32 00 33 00 14 03 01 00 01 01 16 03
01 00 30 7d e4 dd 93 6d 60 29 61 8f 29 bd 9a cc 37 be dc 2d 86 ae 8b 2a
ba c7 3d aa 10 c8 61 a0 b2 60 3b df 05 31 ec 43 62 69 82 3d 34 e8 d9 31
ea 8b 79<br>
<br><br>IEEE 802.1X: 17 bytes from 00:25:86:21:05:05<br> IEEE 802.1X: version=1 type=0 length=13<br>EAP: code=2 identifier=233 length=13<br> (response)<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: received EAP packet (code=2 id=233 len=13) from STA: EAP Response-FAST (43)<br>
IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state RESPONSE<br>EAP: EAP entering state RECEIVED<br>EAP: parseEapResp: rxResp=1 respId=233 respMethod=43 respVendor=0 respVendorMethod=0<br>EAP: EAP entering state INTEGRITY_CHECK<br>
EAP: EAP entering state METHOD_RESPONSE<br>SSL: Received packet(len=13) - Flags 0x01<br>SSL: Received packet: Flags 0x1 Message Length 0<br><span style="background-color:rgb(255,255,255);color:rgb(255,0,0)">SSL: (where=0x4004 ret=0x214)</span><br style="background-color:rgb(255,255,255);color:rgb(255,0,0)">
<span style="background-color:rgb(255,255,255);color:rgb(255,0,0)">SSL: SSL3 alert: read (remote end reported an error):fatal:bad record mac</span><br style="background-color:rgb(255,255,255);color:rgb(255,0,0)"><span style="background-color:rgb(255,255,255);color:rgb(255,0,0)">SSL: (where=0x2002 ret=0x0)</span><br style="background-color:rgb(255,255,255);color:rgb(255,0,0)">
<span style="background-color:rgb(255,255,255);color:rgb(255,0,0)">SSL: SSL_accept:failed in SSLv3 read finished A</span><br style="background-color:rgb(255,255,255);color:rgb(255,0,0)"><span style="background-color:rgb(255,255,255);color:rgb(255,0,0)">OpenSSL: tls_connection_server_handshake - SSL_accept error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac</span><br>
<span style="color:rgb(255,0,0)">SSL: TLS processing failed</span><br style="color:rgb(255,0,0)"><span style="color:rgb(255,0,0)">EAP-FAST: TLS processing failed</span><br style="color:rgb(255,0,0)"><span style="color:rgb(255,0,0)">EAP-FAST: PHASE1 -> FAILURE</span><br style="color:rgb(255,0,0)">
<span style="color:rgb(255,0,0)">EAP: EAP entering state SELECT_ACTION</span><br style="color:rgb(255,0,0)"><span style="color:rgb(255,0,0)">EAP: getDecision: method failed -> FAILURE</span><br style="color:rgb(255,0,0)">
<span style="color:rgb(255,0,0)">EAP: EAP entering state FAILURE</span><br style="color:rgb(255,0,0)"><span style="color:rgb(255,0,0)">EAP: Building EAP-Failure (id=233)</span><br style="color:rgb(255,0,0)"><span style="color:rgb(255,0,0)">IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state FAIL</span><br style="color:rgb(255,0,0)">
<span style="color:rgb(255,0,0)">ath0: STA 00:25:86:21:05:05 IEEE 802.1X: Sending EAP Packet (identifier 233)</span><br><br>TX EAPOL - hexdump(len=22): 00 25 86 21 05 05 00 25 7a 16 02 0f 88 8e 02 00 00 04 04 e9 00 04<br>
IEEE 802.1X: 00:25:86:21:05:05 AUTH_PAE entering state HELD<br>madwifi_set_sta_authorized: addr=00:25:86:21:05:05 authorized=0<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: unauthorizing port<br>ath0: STA 00:25:86:21:05:05 IEEE 802.1X: authentication failed - EAP type: 0 (Unknown)<br>
ath0: STA 00:25:86:21:05:05 IEEE 802.1X: Supplicant used different EAP type: 43 (FAST)<br>IEEE 802.1X: 00:25:86:21:05:05 BE_AUTH entering state IDLE<br><br>Wireless event: cmd=0x8c04 len=20<br>ath0: STA 00:25:86:21:05:05 IEEE 802.11: disassociated<br>
ath0: STA 00:25:86:21:05:05 WPA: event 2 notification<br>madwifi_del_key: addr=00:25:86:21:05:05 key_idx=0<br><br><br>WPA: 00:25:86:21:05:05 WPA_PTK entering state DISCONNECTED<br><br><br><br>And:<span style="color:rgb(255,0,0)">hostapd exit after print all of that messages.</span><br>
why it can not work? can anyone help me?</div>