1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

(wpa_supplicant) IEEE8021X authentication

Discussion in 'TinyPEAP Firmware' started by furchi, Nov 17, 2005.

  1. furchi

    furchi Network Guru Member

    hi,

    I have flashed the firmware of my Linksys WRT54GS router to secure my wlan with TinyPeap.
    Everything works fine with the windows clients, but I have troubles with the configuration of my linux notebook (ubuntu 5.10).
    The client gets authenticated but I have no connection to the network.

    Sorry for my long excerpt of the wpasupplicant log, but I'm a real noob and don't know exactly which part is important for solving the problem...

    Here is my wpa-supplicant file:

    ctrl_interface=/var/run/wpa_supplicant
    eapol_version=1
    ap_scan=2
    fast_reauth=1
    network={
    ssid="ssid"
    scan_ssid=1
    key_mgmt=IEEE8021X
    pairwise=TKIP
    group=TKIP
    eap=PEAP
    identity="username"
    password="password"
    ca_cert="/etc/cert/cert.crt"
    phase1="peaplabel=0 include_tls_length=1"
    phase2="auth=MSCHAPV2"
    priority=10
    }

    and now an excerpt of the wpasupplicant log:
    .
    .
    .
    SSL: SSL_connect:SSLv3 read server certificate A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 read server done A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 write client key exchange A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 write change cipher spec A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 write finished A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 flush data
    SSL: (where=0x1002 ret=0xffffffff)
    SSL: SSL_connect:error in SSLv3 read finished A
    SSL: SSL_connect - want more data
    SSL: 190 bytes pending from ssl_out
    SSL: 190 bytes left to be sent out (of total 190 bytes)
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=3
    EAP: EAP entering state METHOD
    SSL: Received packet(len=61) - Flags 0x80
    SSL: TLS Message Length: 51
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 read finished A
    SSL: (where=0x20 ret=0x1)
    SSL: (where=0x1002 ret=0x1)
    SSL: 0 bytes pending from ssl_out
    SSL: No data to be sent out
    EAP-PEAP: TLS done, proceed to Phase 2
    EAP-PEAP: using label 'client EAP encryption' in key derivation
    EAP-PEAP: Derived key - hexdump(len=64): [REMOVED]
    EAP-PEAP: Workaround - allow outer EAP-Success to terminate PEAP resumption
    SSL: Building ACK
    EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=4
    EAP: EAP entering state METHOD
    SSL: Received packet(len=64) - Flags 0x00
    EAP-PEAP: received 58 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1): 01
    EAP-PEAP: received Phase 2: code=1 identifier=4 length=5
    EAP-PEAP: Phase 2 Request: type=1
    EAP: using real identity - hexdump_ascii(len=7):
    ...........................................
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=12): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=5
    EAP: EAP entering state METHOD
    SSL: Received packet(len=104) - Flags 0x00
    EAP-PEAP: received 98 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=40): .................................................
    EAP-PEAP: received Phase 2: code=1 identifier=5 length=44
    EAP-PEAP: Phase 2 Request: type=26
    EAP-MSCHAPV2: RX identifier 5 mschapv2_id 5
    EAP-MSCHAPV2: Received challenge
    EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=18):
    ...................................... Wireless Auth v2
    ...............
    EAP-MSCHAPV2: Generating Challenge Response
    EAP-MSCHAPV2: auth_challenge - hexdump(len=16): ..................
    EAP-MSCHAPV2: peer_challenge - hexdump(len=16): ..................
    EAP-MSCHAPV2: username - hexdump_ascii(len=7):
    ..........................
    EAP-MSCHAPV2: password - hexdump_ascii(len=10): [REMOVED]
    EAP-MSCHAPV2: response - hexdump(len=24): .........................
    EAP-MSCHAPV2: TX identifier 5 mschapv2_id 5 (response)
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=66): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=6
    EAP: EAP entering state METHOD
    SSL: Received packet(len=112) - Flags 0x00
    EAP-PEAP: received 106 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): .............................
    EAP-PEAP: received Phase 2: code=1 identifier=6 length=51
    EAP-PEAP: Phase 2 Request: type=26
    EAP-MSCHAPV2: RX identifier 6 mschapv2_id 5
    EAP-MSCHAPV2: Received success
    EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
    EAP-MSCHAPV2: Authentication succeeded
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=7
    EAP: EAP entering state METHOD
    SSL: Received packet(len=72) - Flags 0x00
    EAP-PEAP: received 66 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): ........................
    EAP-PEAP: received Phase 2: code=1 identifier=7 length=11
    EAP-PEAP: Phase 2 Request: type=33
    EAP-TLV: Received TLVs - hexdump(len=6): ................
    EAP-TLV: Result TLV - hexdump(len=2): .....
    EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Success
    EAP: Workaround for unexpected identifier field in EAP Success: reqId=8 lastId=7 (these are supposed to be same)
    EAP: EAP entering state SUCCESS
    CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
    EAPOL: SUPP_BE entering state RECEIVE
    EAPOL: SUPP_BE entering state SUCCESS
    EAPOL: SUPP_BE entering state IDLE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAPOL-Key frame
    EAPOL: KEY_RX entering state KEY_RECEIVE
    EAPOL: processKey
    EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x0
    EAPOL: EAPOL-Key key signature verified
    EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
    EAPOL: Setting dynamic WEP key: broadcast keyidx 0 len 13
    wpa_driver_ipw_set_key: alg=WEP key_idx=0 set_tx=0 seq_len=0 key_len=13
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAPOL-Key frame
    EAPOL: KEY_RX entering state KEY_RECEIVE
    EAPOL: processKey
    EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0x83
    EAPOL: EAPOL-Key key signature verified
    EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): [REMOVED]
    EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
    wpa_driver_ipw_set_key: alg=WEP key_idx=3 set_tx=128 seq_len=0 key_len=13
    EAPOL: all required EAPOL-Key frames received
    WPA: EAPOL processing complete
    Cancelling authentication timeout
    Removed BSSID xx:xx:xx:xx:xx:xx from blacklist
    State: ASSOCIATED -> COMPLETED
    CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx:xx completed (reauth)
    EAPOL: SUPP_PAE entering state AUTHENTICATED
    EAPOL: authWhile --> 0
    EAPOL: startWhen --> 0
    EAPOL: idleWhile --> 0



    thank you in advance!
    Yours sincerely Thomas
     

Share This Page