| View previous topic :: View next topic |
| Author |
Message |
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 927
|
 Posted: Fri Jun 08, 2007 9:59 am Post subject: Cannot get EAP to work: ath0 wpa_supplicant madwifi |
 |
|
I've been banging my head against this for a few days now ...
I'm trying to connect to a wireless AP:
- it uses EAP-TTLS with an outer EAP-TLS and inner EAP-GTC connection
- the AP authenticates against a radius server
- cipher is AES CCMP
- open authentication with EAP and network EAP
- mandatory WPA key management
Here's my attempt at a wpa_supplicant config:
| Code: |
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=1
fast_reauth=1
network={
priority=1
ssid="WIFI"
scan_ssid=1
auth_alg=OPEN
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP
ca_cert="/etc/ssl/certs/mycomprootcert.pem"
identity="xxx"
password="eyes-only"
}
|
Now I'm running
| Code: |
/sbin/wpa_supplicant -w -i ath0 -c /etc/wpa_supplicant/wpa_supplicant.conf -Dmadwifi -d
|
and get the below. Basically, I'm completely out of my depth, and have no idea why stuff is
failing, and whether I'm missing any pieces. I can't tell which parts of the process are failing,
in particular
| Code: |
WPA: Set own WPA IEioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument
|
| Code: |
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
|
| Code: |
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
|
wpa_supplicant debug output:
| Code: |
Initializing interface 'ath0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'madwifi' ctrl_interface 'N/A' bridge 'N
/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
eapol_version=1
ap_scan=1
fast_reauth=1
Priority group 1
id=0 ssid='WIFI'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=21 WE(source)=13 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:40:f4:d2:73:33
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Added interface ath0
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=4):
57 49 46 49 WIFI
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 408 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 1
0: 00:0b:85:6d:d3:4f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
1: 00:0b:85:6d:78:6f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 0 sec 0 usec
RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
Wireless event: cmd=0x8b06 len=8
Ignore event for foreign ifindex 9
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Starting AP scan (broadcast SSID)
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b19 len=8
Received 1533 bytes of scan results (7 BSSes)
Scan results: 7
Selecting BSS from priority group 1
0: 00:1b:2b:6a:d5:60 ssid='' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
skip - SSID mismatch
1: 00:19:a9:0d:14:10 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
skip - no WPA/RSN IE
2: 00:0f:f8:58:67:7e ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
skip - no WPA/RSN IE
3: 00:0d:0b:87:d5:8f ssid='Arch-Agora-Wireless' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
skip - no WPA/RSN IE
4: 00:0b:85:6d:d3:4f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
5: 00:0b:85:6d:d8:8f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
6: 00:0b:85:6d:78:6f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 5 sec 0 usec
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=4):
57 49 46 49 WIFI
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b19 len=8
Received 2021 bytes of scan results (9 BSSes)
Scan results: 9
Selecting BSS from priority group 1
0: 00:1b:2b:6a:d5:60 ssid='WIFI' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
selected based on RSN IE
Trying to associate with 00:1b:2b:6a:d5:60 (SSID='WIFI' freq=2422 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
Overriding auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 28 00
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IEioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument
default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_madwifi_associate
wpa_driver_madwifi_associate: SETMLME[ASSOC] failed
Association request to the driver failed
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:1b:2b:6a:d5:60
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:1b:2b:6a:d5:60
No keys have been configured - skip key clearing
Associated with 00:1b:2b:6a:d5:60
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:1b:2b:6a:d5:60
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=38):
00 6e 65 74 77 6f 72 6b 69 64 3d 57 49 46 49 2c _networkid=WIFI,
6e 61 73 69 64 3d 61 69 72 6f 6e 65 74 2c 70 6f nasid=aironet,po
72 74 69 64 3d 30 rtid=0
EAP: using real identity - hexdump_ascii(len=3):
58 58 58 xxx
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:1b:2b:6a:d5:60
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: EAP
EAP-TTLS: Phase2 EAP types - hexdump(len=56): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00
00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 2e 00 00 00
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
EAP-TTLS: Using TTLS version 0
TLS: Trusted root certificate(s) loaded
EAP-TTLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 89 bytes pending from ssl_out
SSL: 89 bytes left to be sent out (of total 89 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:1b:2b:6a:d5:60
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1034) - Flags 0xc0
SSL: TLS Message Length: 2611
SSL: Need 1587 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:1b:2b:6a:d5:60
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1034) - Flags 0xc0
SSL: TLS Message Length: 2611
SSL: Need 563 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:1b:2b:6a:d5:60
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=573) - Flags 0x80
SSL: TLS Message Length: 2611
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=US/ST=California/L=San Jose/O=Company, Inc./OU=SJC/CN=Compan.
/emailAddress=certadmin@company.com'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=US/ST=California/L=San Jose/O=Company/O=0fc3cfbc27e91ea60a787
de13dae3e3c/OU=Belgium/CN=radius.company.com/emailAddress=certadmin@company.com'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 198 bytes pending from ssl_out
SSL: 198 bytes left to be sent out (of total 198 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:1b:2b:6a:d5:60
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x80
SSL: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 EAP Request: type=1
EAP: using real identity - hexdump_ascii(len=3):
58 58 58 xxx
EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=8): 02 00 00 08 01 6c 71 68
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=16): [REMOVED]
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
RX EAPOL from 00:1b:2b:6a:d5:60
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:1b:2b:6a:d5:60 into blacklist
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
State: ASSOCIATED -> DISCONNECTED
|
|
|
| Back to top |
|
 |
cazze
Apprentice
Joined: 26 Mar 2003
Posts: 155
Location: Brussels - Belgium
|
| Posted: Mon Jun 11, 2007 7:58 am Post subject: |
|
|
In stead of using -Dmadwifi you could try -Dwext.
_________________
Required: Windows 95 or better, so i installed Linux!!! |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 927
|
| Posted: Thu Jun 14, 2007 11:17 pm Post subject: |
|
|
I will revisit this once I have the access point problems ironed out. At some point, I was able to
see the SSID when scanning, then I reset the ap to factory defaults and now can't see the SSID.
I'll need to play with this a bit more before testing wpa_supplicant again. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
