Hello again,
I made some progress with trying to configure hostapd and
wpa_supplicant for EAP-TLS but now I have hit another roadblock.
Authentication fails with the error message above.
I see from the wpa_supplicant debug log that the Identity request
comes in and wpa_supplicant sends the identity but it is rejected by
the hostapd server
Here is my hostap config
interface=ap1-wlan1
driver=nl80211
ssid=simplewifi
wds_sta=1
hw_mode=g
channel=1
ap_isolate=1
eap_server=1
ieee8021x=1
wpa=2
eap_message=howdy
eapol_version=2
wpa_key_mgmt=WPA-EAP
logger_syslog=-1
logger_syslog_level=0
ca_cert=/home/mranga/openssl/ca.crt
server_cert=/home/mranga/openssl/server.crt
private_key=/home/mranga/openssl/server.key
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
Here is my wpa_supplicant config
ctrl_interface=/var/run/wpa_supplicant
eapol_version=2
network={
key_mgmt=WPA-EAP
scan_ssid=1
identity="mranga@xxxxxxxxxxx"
eap=TLS
ssid="simplewifi"
ca_cert="/home/mranga/openssl/ca.crt"
client_cert="/home/mranga/openssl/client.crt"
private_key="/home/mranga/openssl/client.key"
}
Following is a snippet of my hostap syslog
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
IEEE 802.1X: unauthorizing port
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:01:00
WPA: event 3 notification
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
WPA: event 3 notification
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:01:00
MLME: MLME-DEAUTHENTICATE.indication(02:00:00:00:01:00, 23)
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:01:00
MLME: MLME-DELETEKEYS.request(02:00:00:00:01:00)
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
MLME: MLME-DEAUTHENTICATE.indication(02:00:00:00:00:00, 23)
Sep 13 15:38:44 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
MLME: MLME-DELETEKEYS.request(02:00:00:00:00:00)
Sep 13 15:38:49 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:01:00
IEEE 802.11: deauthenticated due to local deauth request
Sep 13 15:38:49 mininet-wifi hostapd: ap1-wlan1: STA 02:00:00:00:00:00
IEEE 802.11: deauthenticated due to local deauth request
Following is a snippet of my wpa_supplicant log file
l2_packet_receive: src=02:00:00:00:02:00 len=14
sta1-wlan0: RX EAPOL from 02:00:00:00:02:00
RX EAPOL - hexdump(len=14): 02 00 00 0a 01 67 00 0a 01 68 6f 77 64 79
sta1-wlan0: Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=103 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
sta1-wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=5):
68 6f 77 64 79 howdy
EAP: using real identity - hexdump_ascii(len=15):
6d 72 61 6e 67 61 40 6e 69 73 74 2e 67 6f 76 mranga@xxxxxxxxxxx
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=02:00:00:00:02:00
TX EAPOL - hexdump(len=24): 02 00 00 14 02 67 00 14 01 6d 72 61 6e 67
61 40 6e 69 73 74 2e 67 6f 76
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=02:00:00:00:02:00 len=8
sta1-wlan0: RX EAPOL from 02:00:00:00:02:00
RX EAPOL - hexdump(len=8): 02 00 00 04 04 67 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
sta1-wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
--
M. Ranganathan
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
