Date: Tue, 07 Sep 2010 11:05:51 -0300 From: Paulo Fragoso <paulo@nlink.com.br> To: freebsd-isp@freebsd.org Subject: Re: Hostapd + Radius + PEAP Message-ID: <4C8646BF.4090501@nlink.com.br> In-Reply-To: <A6D60532AB304C55B4B21C22BF3A3B66@HS> References: <4C054207.9070204@nlink.com.br> <A6D60532AB304C55B4B21C22BF3A3B66@HS>
next in thread | previous in thread | raw e-mail | index | archive | help
To solve this I've created src.conf file: $ cat /etc/src.conf HOSTAPD_CFLAGS+=-DEAP_SERVER -DEAP_GTC -DEAP_AKA -DEAP_SIM -DEAP_GPSK HOSTAPD_CFLAGS+=-DEAP_PAX -DEAP_SAKE WITH_OPENSSL=YES and cd /usr/src/usr.sbin/wpa make clean all make install Now there are many strigs PEAP in hostapd: $ strings /usr/sbin/hostapd | grep EAP|grep PEAP PEAP EAP-PEAP: %s -> %s EAP-PEAP: CSK EAP-PEAP: Derived key EAP-PEAP: Invalid frame EAP-PEAP: Received TLVs EAP-PEAP: Cryptobinding TLV EAP-PEAP: CMK EAP-PEAP: Result TLV EAP-PEAP: try EAP type %d EAP-PEAP: forcing version %d EAP-PEAPv2: Identity Request EAP-PEAPv2: Not an EAP TLV EAP-PEAP: Phase 2 Success EAP-PEAP: Phase 2 Failure EAP-PEAP: TK EAP-PEAP: ISK EAP-PEAP: TempKey EAP-PEAP: IMCK (IPMKj) EAP-PEAP: IPMK (S-IPMKj) EAP-PEAP: CMK (CMKj) EAP-PEAP: Compound_MAC CMK EAP-PEAP: Compound_MAC data 1 EAP-PEAP: Compound_MAC data 2 EAP-PEAP: Compound_MAC EAP-PEAP: peer did not select the forced version (forced=%d peer=%d) - reject EAP-PEAP: peer ver=%d, own ver=%d; use version %d EAP-PEAP: Failed to derive key EAP-PEAP: Invalid EAP-TLV header EAP-PEAP: TLV underrun (tlv_len=%d left=%lu) EAP-PEAP: Unsupported TLV Type %d%s EAP-PEAP: Last TLV too short in Request (left=%lu) EAP-PEAP: Invalid cryptobinding TLV length %d EAP-PEAP: Cryptobinding TLV Version mismatch (was %d; expected %d) EAP-PEAP: Unexpected Cryptobinding TLV SubType %d EAP-PEAP: Invalid Compound_MAC in cryptobinding TLV EAP-PEAP: Cryptobinding seed data EAP-PEAP: Valid cryptobinding TLV received EAP-PEAP: No cryptobinding TLV EAP-PEAP: Too short Result TLV (len=%lu) EAP-PEAP: TLV Result - Success - requested %s EAP-PEAP: TLV Result - Failure - requested %s EAP-PEAP: Unknown TLV Result Status %d EAP-PEAP: %s - Phase2 not initialized?! EAP-PEAP: Phase2 type Nak'ed; allowed types EAP-PEAP: Phase2 check() asked to ignore the packet EAP-PEAP: Phase2 method is in pending wait state - save decrypted response EAP-PEAP: Phase2 method failed EAP-PEAP: Phase2 getKey failed EAP_PEAP: Phase2 Identity not found in the user database EAP-PEAP: %s - unexpected state %d EAP-PEAP: Encrypting Phase 2 data EAP-PEAP: Failed to initialize SSL. EAP-PEAPv2: Add EAP-Payload TLV EAP-PEAPv2: Failed to allocate memory for TLV encapsulation EAP-PEAPv2: Phase1 done, include first Phase2 payload in the same message EAP-PEAPv2: Failed to encrypt Phase 2 data EAP-PEAPv2: Encrypted Identity Request EAP-PEAP: received %lu bytes encrypted data for Phase 2 EAP-PEAP: Pending Phase 2 response - skip decryption and use old data EAP-PEAP: failed to allocate memory for decryption EAP-PEAP: Failed to decrypt Phase 2 data EAP-PEAP: Decrypted Phase 2 EAP EAP-PEAPv2: Too short Phase 2 EAP TLV EAP-PEAPv2: Invalid EAP TLV length EAP-PEAPv2: No room for full EAP packet in EAP TLV EAP-PEAP: Too short Phase 2 EAP frame (len=%lu) EAP-PEAP: Length mismatch in Phase 2 EAP frame (len=%lu hdr->length=%lu) EAP-PEAP: received Phase 2: code=%d identifier=%d length=%lu EAP-PEAP: Unexpected code=%d in Phase 2 EAP header EAP-PEAP: Unexpected state %d in %s EAP-PEAP: Failed to allocate memory for request EAP-PEAP: Phase1 done, starting Phase2 EAP-PEAP: Phase 2 method not ready EAP-PEAP: Encrypting Phase 2 TLV data If WPA2 Enterprise is top of wireless security PEAP should be compiled in default for hostapd. Paulo. Ref: http://www.pubbs.net/200911/freebsd/13308-problems-moving-hostapd-ap-config-from-64-to-80rc2.html On 01-06-2010 18:07, Dewayne Geraghty wrote: > You may need to modify the /usr/src/contrib/wpa/hostapd/defconfig > to change the build settings. On 8.1 PRERELEASE the EAP_PEAP is > included in the build configuration file (see below) > > # grep -v ^\# /usr/src/contrib/wpa/hostapd/defconfig|grep EAP > CONFIG_EAP=y > CONFIG_EAP_MD5=y > CONFIG_EAP_TLS=y > CONFIG_EAP_MSCHAPV2=y > CONFIG_EAP_PEAP=y > CONFIG_EAP_GTC=y > CONFIG_EAP_TTLS=y > > Which I've crudely verified with > # strings /usr/sbin/hostapd | grep EAP|grep PEAP > PEAP > > Regards, Phil. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C8646BF.4090501>