wpa_supplicant eap trouble

Sun Nov 18 16:25:44 CET 2007

I have set up radiusd-CVS of 15 Nov, and can't connect to it with
wpa_supplicant 0.4.9/bsd/ath0. (I also tried vista but that's worse.)

The authentication seems to succeed:

Sun Nov 18 15:11:10 2007 : Debug: ++[sql] returns ok
Sending Access-Accept of id 1 to 192.168.200.34 port 1027
        Service-Type = Framed-User
        Framed-Protocol = PPP
        EAP-Message = 0x03010004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "test"
Sun Nov 18 15:11:10 2007 : Debug: Finished request 1.
Sun Nov 18 15:11:10 2007 : Debug: Going to the next request

But, now on the client (whose clock is 2.180s slow):

Nov 18 15:11:12.979857: EAPOL: SUPP_BE entering state RECEIVE
Nov 18 15:11:13.025776: RX EAPOL from 00:19:5b:67:d2:1c
Nov 18 15:11:13.026165: RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04
Nov 18 15:11:13.026210: EAPOL: Received EAP-Packet frame
Nov 18 15:11:13.026235: EAPOL: SUPP_BE entering state REQUEST
Nov 18 15:11:13.026259: EAPOL: getSuppRsp
Nov 18 15:11:13.026282: EAP: EAP entering state RECEIVED
Nov 18 15:11:13.026308: EAP: Received EAP-Failure
Nov 18 15:11:13.026332: EAP: EAP entering state DISCARD

Received EAP-Failure ?!

Am I right in guessing that

EAP-Message = 0x03010004 means 03 = EAP-Success, 01 = id, 0004 = 4 bytes long?

Sending... gets printed before the packet is signed, so I assume that
the correct Message-Authenticator gets computed.

How can I break the configuration files such that all communication up to
Access-Accept is OK, and yet the connection fails?

Cheers,

Patrick