(wpa_supplicant) IEEE8021X authentication

Discussion in 'TinyPEAP Firmware' started by furchi, Nov 17, 2005.

  1. furchi

    furchi Network Guru Member

    hi,

    I have flashed the firmware of my Linksys WRT54GS router to secure my wlan with TinyPeap.
    Everything works fine with the windows clients, but I have troubles with the configuration of my linux notebook (ubuntu 5.10).
    The client gets authenticated but I have no connection to the network.

    Sorry for my long excerpt of the wpasupplicant log, but I'm a real noob and don't know exactly which part is important for solving the problem...

    Here is my wpa-supplicant file:

    ctrl_interface=/var/run/wpa_supplicant
    eapol_version=1
    ap_scan=2
    fast_reauth=1
    network={
    ssid="ssid"
    scan_ssid=1
    key_mgmt=IEEE8021X
    pairwise=TKIP
    group=TKIP
    eap=PEAP
    identity="username"
    password="password"
    ca_cert="/etc/cert/cert.crt"
    phase1="peaplabel=0 include_tls_length=1"
    phase2="auth=MSCHAPV2"
    priority=10
    }

    and now an excerpt of the wpasupplicant log:
    .
    .
    .
    SSL: SSL_connect:SSLv3 read server certificate A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 read server done A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 write client key exchange A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 write change cipher spec A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 write finished A
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 flush data
    SSL: (where=0x1002 ret=0xffffffff)
    SSL: SSL_connect:error in SSLv3 read finished A
    SSL: SSL_connect - want more data
    SSL: 190 bytes pending from ssl_out
    SSL: 190 bytes left to be sent out (of total 190 bytes)
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=3
    EAP: EAP entering state METHOD
    SSL: Received packet(len=61) - Flags 0x80
    SSL: TLS Message Length: 51
    SSL: (where=0x1001 ret=0x1)
    SSL: SSL_connect:SSLv3 read finished A
    SSL: (where=0x20 ret=0x1)
    SSL: (where=0x1002 ret=0x1)
    SSL: 0 bytes pending from ssl_out
    SSL: No data to be sent out
    EAP-PEAP: TLS done, proceed to Phase 2
    EAP-PEAP: using label 'client EAP encryption' in key derivation
    EAP-PEAP: Derived key - hexdump(len=64): [REMOVED]
    EAP-PEAP: Workaround - allow outer EAP-Success to terminate PEAP resumption
    SSL: Building ACK
    EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=4
    EAP: EAP entering state METHOD
    SSL: Received packet(len=64) - Flags 0x00
    EAP-PEAP: received 58 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1): 01
    EAP-PEAP: received Phase 2: code=1 identifier=4 length=5
    EAP-PEAP: Phase 2 Request: type=1
    EAP: using real identity - hexdump_ascii(len=7):
    ...........................................
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=12): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=5
    EAP: EAP entering state METHOD
    SSL: Received packet(len=104) - Flags 0x00
    EAP-PEAP: received 98 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=40): .................................................
    EAP-PEAP: received Phase 2: code=1 identifier=5 length=44
    EAP-PEAP: Phase 2 Request: type=26
    EAP-MSCHAPV2: RX identifier 5 mschapv2_id 5
    EAP-MSCHAPV2: Received challenge
    EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=18):
    ...................................... Wireless Auth v2
    ...............
    EAP-MSCHAPV2: Generating Challenge Response
    EAP-MSCHAPV2: auth_challenge - hexdump(len=16): ..................
    EAP-MSCHAPV2: peer_challenge - hexdump(len=16): ..................
    EAP-MSCHAPV2: username - hexdump_ascii(len=7):
    ..........................
    EAP-MSCHAPV2: password - hexdump_ascii(len=10): [REMOVED]
    EAP-MSCHAPV2: response - hexdump(len=24): .........................
    EAP-MSCHAPV2: TX identifier 5 mschapv2_id 5 (response)
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=66): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=6
    EAP: EAP entering state METHOD
    SSL: Received packet(len=112) - Flags 0x00
    EAP-PEAP: received 106 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): .............................
    EAP-PEAP: received Phase 2: code=1 identifier=6 length=51
    EAP-PEAP: Phase 2 Request: type=26
    EAP-MSCHAPV2: RX identifier 6 mschapv2_id 5
    EAP-MSCHAPV2: Received success
    EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
    EAP-MSCHAPV2: Authentication succeeded
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Request method=25 id=7
    EAP: EAP entering state METHOD
    SSL: Received packet(len=72) - Flags 0x00
    EAP-PEAP: received 66 bytes encrypted data for Phase 2
    EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): ........................
    EAP-PEAP: received Phase 2: code=1 identifier=7 length=11
    EAP-PEAP: Phase 2 Request: type=33
    EAP-TLV: Received TLVs - hexdump(len=6): ................
    EAP-TLV: Result TLV - hexdump(len=2): .....
    EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
    EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED]
    EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
    EAP: EAP entering state SEND_RESPONSE
    EAP: EAP entering state IDLE
    EAPOL: SUPP_BE entering state RESPONSE
    EAPOL: txSuppRsp
    EAPOL: SUPP_BE entering state RECEIVE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAP-Packet frame
    EAPOL: SUPP_BE entering state REQUEST
    EAPOL: getSuppRsp
    EAP: EAP entering state RECEIVED
    EAP: Received EAP-Success
    EAP: Workaround for unexpected identifier field in EAP Success: reqId=8 lastId=7 (these are supposed to be same)
    EAP: EAP entering state SUCCESS
    CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
    EAPOL: SUPP_BE entering state RECEIVE
    EAPOL: SUPP_BE entering state SUCCESS
    EAPOL: SUPP_BE entering state IDLE
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAPOL-Key frame
    EAPOL: KEY_RX entering state KEY_RECEIVE
    EAPOL: processKey
    EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x0
    EAPOL: EAPOL-Key key signature verified
    EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
    EAPOL: Setting dynamic WEP key: broadcast keyidx 0 len 13
    wpa_driver_ipw_set_key: alg=WEP key_idx=0 set_tx=0 seq_len=0 key_len=13
    RX EAPOL from xx:xx:xx:xx:xx:xx
    EAPOL: Received EAPOL-Key frame
    EAPOL: KEY_RX entering state KEY_RECEIVE
    EAPOL: processKey
    EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0x83
    EAPOL: EAPOL-Key key signature verified
    EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): [REMOVED]
    EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
    wpa_driver_ipw_set_key: alg=WEP key_idx=3 set_tx=128 seq_len=0 key_len=13
    EAPOL: all required EAPOL-Key frames received
    WPA: EAPOL processing complete
    Cancelling authentication timeout
    Removed BSSID xx:xx:xx:xx:xx:xx from blacklist
    State: ASSOCIATED -> COMPLETED
    CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx:xx completed (reauth)
    EAPOL: SUPP_PAE entering state AUTHENTICATED
    EAPOL: authWhile --> 0
    EAPOL: startWhen --> 0
    EAPOL: idleWhile --> 0



    thank you in advance!
    Yours sincerely Thomas
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice