problem in autehtication with EAP-MD5

shantanu choudhary shantanu_843 at yahoo.co.in
Thu May 31 07:14:29 CEST 2007 

hello,
this is my client side output:
Authentication with 00:03:7f:09:60:a0 timed out.
Added BSSID 00:03:7f:09:60:a0 into blacklist
State: ASSOCIATED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_disassociate
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=6):
     41 54 48 31 38 32                                 ATH182
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
State: SCANNING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b19 len=8
Received 1844 bytes of scan results (7 BSSes)
Scan results: 7
Selecting BSS from priority group 0
0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
   skip - SSID mismatch
1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
   skip - blacklisted
2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
   skip - no WPA/RSN IE
3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
   skip - no WPA/RSN IE
4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
   skip - no WPA/RSN IE
5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
   skip - no WPA/RSN IE
6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
   skip - no WPA/RSN IE
No APs found - clear blacklist and try again
Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear)
Selecting BSS from priority group 0
0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
   skip - SSID mismatch
1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
   selected based on RSN IE
Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: DISCONNECTED -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=14
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:03:7f:09:60:a0
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:03:7f:09:60:a0
No keys have been configured - skip key clearing
Associated with 00:03:7f:09:60:a0
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=8):
     74 65 73 74 75 73 65 72                           testuser
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
EAP: EAP entering state METHOD
EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
EAPOL: SUPP_BE entering state TIMEOUT
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=8):
     74 65 73 74 75 73 65 72                           testuser
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
EAP: EAP entering state METHOD
EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
EAPOL: SUPP_BE entering state TIMEOUT
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=8):
     74 65 73 74 75 73 65 72                           testuser
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE


the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!!
i am not able to figure out the problem output of server is same as that in earlier mail,
one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!!
it is all messed up, please do reply for this prob!!!
regards 
shantanu

tnt at kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a
problem if you are doing DHCP. Otherwise you need to return IP address,
netmask, MTU, Service-Type, DNS servers etc.

Leave that Framed-User DEFAULT entry alone - it should be there. You need
to add stuff to your user config:

testuser   Cleartext-Password:=yourpassword
                Framed-IP-Address=1.2.3.4
                Framed-MTU=yourMTU
                Framed-IP-Netmask=255.255.255.255
etc.

Ivan Kalik
Kalik Informatika ISP


Dana 30/5/2007, "shantanu choudhary"  pi¹e:

--- snip ---
>Sending Access-Accept of id 2 to 192.168.2.182 port 1028
>        EAP-Message = 0x03020004
>        Message-Authenticator = 0x00000000000000000000000000000000
>        User-Name = "testuser"
>Finished request 1
>Going to the next request
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 0 ID 1 with timestamp 465d506e
>Cleaning up request 1 ID 2 with timestamp 465d506e
>Nothing to do.  Sleeping until we see a request.
>
>it is sending ACCESS ACCEPT but no access reject or failure!!!!
>and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
>
>sorry for disturbing u again n again but can u help me out????
>please!!
>shantanu
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




       
---------------------------------
 Did you know? You can CHAT without downloading messenger.  Know how!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070531/4445674e/attachment.html>

More information about the Freeradius-Users mailing list