If you want to reproduce it, you can simply either install Kali on a system (or use a prebuilt VM) and install HostAPd-WPE: apt-get install hostapd-wpe. I used the default config and an ath9k_htc device (TP-Link TL-WN722N to be precise) if that matters. I copied the log on pastebin: http://pastebin.com/jwtn1TWN Kali is using OpenSSL 1.0.2j from Debian. Thomas On Tue, Dec 13, 2016 at 5:09 AM, Jouni Malinen <j@xxxxx> wrote: > On Mon, Dec 12, 2016 at 05:23:50PM -0500, Thomas d'Otreppe wrote: >> I have been playing with Hostapd patched for WPE on Kali. It is a >> patch to make HostAPd (2.6) an Enterprise AP and accept and log all >> credentials entered. >> >> With a stock configuration, it works just fine on most OSes (tested: >> Ubuntu 16.04, 16.10, iOS 10.1 and 10.2) but Windows 10 (14393) fails >> without much explanation. However, in a set-up where HostAPd forwards >> the request to Freeradius 3.0.12, it works just fine with Windows 10. > > I'm not sure whether WPE patches could have had an impact there, but I > cannot reproduce PEAP/MSCHAPv2 authentication issue between Windows 10 > station and hostapd as the AP and EAP authentication server. This was > with the current hostapd snapshot (but there should not really be > changes between 2.6 and this for the relevant parts) and with OpenSSL > 1.0.2j. > >> To summarize the ticket, by enabling debug (-d) when running hostapd, >> it seems like it is failing right before switching to Phase 2. It >> doesn't seem to get the data for phase 2 correctly as you can see in >> the log excerpt in the ticket. > > There is not enough context in that log to be able to tell what > happened. > >> According to some forums, Windows might have had some issue with TLS >> v1.2 so I tried to recompile with TLS v1.2 disabled but it still >> failed (and also tried disabling also v1.1, no success). I also tried >> latest hostapd git from a day or 2 ago and the problem still persists. > > Which OpenSSL version are you using? > >> If needed, I kept the success and failure logs and I can send them for analysis. > > Yes, I'd need to see the full failure log to be able to say much more > than that since this works fine in my tests. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
