(Finally getting a chance to try using hostapd again.) Authentication has not been successful. Perhaps I need more configuration than I understand: I have enabled verbose debugging In the hopes of understanding what I am doing incorrectly Here is the journalctl for hostapd during two cable insertions (hardwired): duane@nuvo:~$ sudo journalctl -u hostapd --follow -- Logs begin at Tue 2020-04-07 21:03:33 UTC. -- Jun 19 21:44:42 nuvo systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator... Jun 19 21:44:42 nuvo hostapd[31715]: Configuration file: /etc/hostapd/hostapd.conf Jun 19 21:44:42 nuvo hostapd[31715]: enp7s0: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 19 21:44:42 nuvo hostapd[31715]: Using interface enp7s0 with hwaddr 78:d0:04:28:6f:ca and ssid "" Jun 19 21:44:42 nuvo hostapd[31715]: enp7s0: interface state UNINITIALIZED->ENABLED Jun 19 21:44:42 nuvo hostapd[31715]: enp7s0: AP-ENABLED Jun 19 21:44:42 nuvo hostapd[31715]: enp7s0: IEEE 802.11 Fetching hardware channel/rate support not supported. Jun 19 21:44:42 nuvo systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator. Jun 19 21:59:05 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: start authentication Jun 19 21:59:05 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: received EAPOL-Start from STA Jun 19 21:59:05 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: unauthorizing port Jun 19 21:59:05 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 110) Jun 19 21:59:08 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 110) Jun 19 21:59:14 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 110) Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: received EAP packet (code=2 id=110 len=10) from STA: EAP Response-Identity (1) Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 110) Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: unauthorizing port Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: authentication failed - EAP type: 0 (unknown) Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity) Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 MLME: MLME-DEAUTHENTICATE.indication(10:65:30:67:b6:57, 23) Jun 19 21:59:20 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 MLME: MLME-DELETEKEYS.request(10:65:30:67:b6:57) Jun 19 21:59:25 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.11: deauthenticated due to local deauth request Jun 19 22:02:39 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: start authentication Jun 19 22:02:39 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: received EAPOL-Start from STA Jun 19 22:02:39 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: unauthorizing port Jun 19 22:02:39 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 44) Jun 19 22:02:42 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 44) Jun 19 22:02:48 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 44) Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: received EAP packet (code=2 id=44 len=10) from STA: EAP Response-Identity (1) Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Sending EAP Packet (identifier 44) Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: unauthorizing port Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: authentication failed - EAP type: 0 (unknown) Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity) Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 MLME: MLME-DEAUTHENTICATE.indication(10:65:30:67:b6:57, 23) Jun 19 22:02:54 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 MLME: MLME-DELETEKEYS.request(10:65:30:67:b6:57) Jun 19 22:02:59 nuvo hostapd[31725]: enp7s0: STA 10:65:30:67:b6:57 IEEE 802.11: deauthenticated due to local deauth request The hostapd.eap_user file contains: * PEAP "duane" MSCHAPV2 "password" In the "Integrated EAP server" section of hostapd.conf I have eap_server=1 eap_user_file=/etc/hostapd.eap_user The "hostapd configuration file" section of hostapd.conf has interface=enp7s0 driver=wired All the other settings are whatever the default from the recommended configuration file. The Windows client that is being connected has the configuration show below: >> Windows Authentication >> >> * Enable IEEE 8021.1x Authentication >> * Microsoft: Protected EAP (PEAP) >> * Authentication Method: Secured Password (EAP-MSCHAP v2) >> * Enable Fast Reconnect — Selected >> * Authentication Mode: User authentication Before I get too far into setting up more of the advanced configuration I'd like to prove that I can do a simple configuration. I have not installed any certificates on either system. Is there some other configuration that I might be missing? Thank you for your help! ...Duane Murphy > On Mar 1, 2020, at 9:42 AM, Jouni Malinen <j@xxxxx> wrote: > > On Fri, Feb 21, 2020 at 04:01:47PM -0800, Duane Murphy wrote: >> I’d like to validate my hostapd configuration by testing that I can login with a Windows 10 client. >> >> As a simple (?) test I thought I would use hostapd.eap_user. There are lots of nice entries pre-defined, but most of them don’t work with Windows 10. >> >> For example, Windows 10 no longer supports MD5 (out of the box). >> >> My knowledge of how to authenticate with Windows is fairly limited. Some help would be appreciated. >> >> I’ve tried several of the names and passwords in hostapd.eap_user but I have not been successful in authenticating. >> >> Do I need to configure Windows differently? Is there a different setting in hostapd.eap_user that I can use? > > It depends on what EAP method you want to use. If you just want to test > something simple, PEAP with MSCHAPv2 has been available for a long time > in various Windows versions. It could be configured with following style > hostapd.eap_use entries: > > * PEAP > "user" MSCHAPV2 "password" > >> Windows Authentication >> >> * Enable IEEE 8021.1x Authentication >> * Microsoft: Protected EAP (PEAP) >> * Authentication Method: Secured Password (EAP-MSCHAP v2) >> * Enable Fast Reconnect — Selected >> * Authentication Mode: User authentication > > Which would match those entries above. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
