From owner-freebsd-isp@FreeBSD.ORG Tue Sep 7 14:32:36 2010 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C813106566B for ; Tue, 7 Sep 2010 14:32:36 +0000 (UTC) (envelope-from paulo@nlink.com.br) Received: from smtp.nlink.com.br (smtp.nlink.com.br [201.12.59.3]) by mx1.freebsd.org (Postfix) with SMTP id ACA518FC18 for ; Tue, 7 Sep 2010 14:32:34 +0000 (UTC) Received: (qmail 54113 invoked from network); 7 Sep 2010 11:05:51 -0300 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=nlink.com.br; b=ATEiKYk+xlE0jsXN6hSAKfFxo9HxD3qxg0lwQi/afWJiwKBH0oLuTfaHbiayHhrMiP5B0ydPhaktpwVq5Qep0+DSu/nJRJpCGQCefYOlMkYR9e6EATQGlcyvmS0eSZq8 ; Received: from foker.nlink.com.br (HELO ?192.168.2.194?) (paulo@intra.nlink.com.br@201.12.60.146) by smtp.nlink.com.br with SMTP; 7 Sep 2010 11:05:51 -0300 Message-ID: <4C8646BF.4090501@nlink.com.br> Date: Tue, 07 Sep 2010 11:05:51 -0300 From: Paulo Fragoso User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6 MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <4C054207.9070204@nlink.com.br> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Hostapd + Radius + PEAP X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2010 14:32:36 -0000 To solve this I've created src.conf file: $ cat /etc/src.conf HOSTAPD_CFLAGS+=-DEAP_SERVER -DEAP_GTC -DEAP_AKA -DEAP_SIM -DEAP_GPSK HOSTAPD_CFLAGS+=-DEAP_PAX -DEAP_SAKE WITH_OPENSSL=YES and cd /usr/src/usr.sbin/wpa make clean all make install Now there are many strigs PEAP in hostapd: $ strings /usr/sbin/hostapd | grep EAP|grep PEAP PEAP EAP-PEAP: %s -> %s EAP-PEAP: CSK EAP-PEAP: Derived key EAP-PEAP: Invalid frame EAP-PEAP: Received TLVs EAP-PEAP: Cryptobinding TLV EAP-PEAP: CMK EAP-PEAP: Result TLV EAP-PEAP: try EAP type %d EAP-PEAP: forcing version %d EAP-PEAPv2: Identity Request EAP-PEAPv2: Not an EAP TLV EAP-PEAP: Phase 2 Success EAP-PEAP: Phase 2 Failure EAP-PEAP: TK EAP-PEAP: ISK EAP-PEAP: TempKey EAP-PEAP: IMCK (IPMKj) EAP-PEAP: IPMK (S-IPMKj) EAP-PEAP: CMK (CMKj) EAP-PEAP: Compound_MAC CMK EAP-PEAP: Compound_MAC data 1 EAP-PEAP: Compound_MAC data 2 EAP-PEAP: Compound_MAC EAP-PEAP: peer did not select the forced version (forced=%d peer=%d) - reject EAP-PEAP: peer ver=%d, own ver=%d; use version %d EAP-PEAP: Failed to derive key EAP-PEAP: Invalid EAP-TLV header EAP-PEAP: TLV underrun (tlv_len=%d left=%lu) EAP-PEAP: Unsupported TLV Type %d%s EAP-PEAP: Last TLV too short in Request (left=%lu) EAP-PEAP: Invalid cryptobinding TLV length %d EAP-PEAP: Cryptobinding TLV Version mismatch (was %d; expected %d) EAP-PEAP: Unexpected Cryptobinding TLV SubType %d EAP-PEAP: Invalid Compound_MAC in cryptobinding TLV EAP-PEAP: Cryptobinding seed data EAP-PEAP: Valid cryptobinding TLV received EAP-PEAP: No cryptobinding TLV EAP-PEAP: Too short Result TLV (len=%lu) EAP-PEAP: TLV Result - Success - requested %s EAP-PEAP: TLV Result - Failure - requested %s EAP-PEAP: Unknown TLV Result Status %d EAP-PEAP: %s - Phase2 not initialized?! EAP-PEAP: Phase2 type Nak'ed; allowed types EAP-PEAP: Phase2 check() asked to ignore the packet EAP-PEAP: Phase2 method is in pending wait state - save decrypted response EAP-PEAP: Phase2 method failed EAP-PEAP: Phase2 getKey failed EAP_PEAP: Phase2 Identity not found in the user database EAP-PEAP: %s - unexpected state %d EAP-PEAP: Encrypting Phase 2 data EAP-PEAP: Failed to initialize SSL. EAP-PEAPv2: Add EAP-Payload TLV EAP-PEAPv2: Failed to allocate memory for TLV encapsulation EAP-PEAPv2: Phase1 done, include first Phase2 payload in the same message EAP-PEAPv2: Failed to encrypt Phase 2 data EAP-PEAPv2: Encrypted Identity Request EAP-PEAP: received %lu bytes encrypted data for Phase 2 EAP-PEAP: Pending Phase 2 response - skip decryption and use old data EAP-PEAP: failed to allocate memory for decryption EAP-PEAP: Failed to decrypt Phase 2 data EAP-PEAP: Decrypted Phase 2 EAP EAP-PEAPv2: Too short Phase 2 EAP TLV EAP-PEAPv2: Invalid EAP TLV length EAP-PEAPv2: No room for full EAP packet in EAP TLV EAP-PEAP: Too short Phase 2 EAP frame (len=%lu) EAP-PEAP: Length mismatch in Phase 2 EAP frame (len=%lu hdr->length=%lu) EAP-PEAP: received Phase 2: code=%d identifier=%d length=%lu EAP-PEAP: Unexpected code=%d in Phase 2 EAP header EAP-PEAP: Unexpected state %d in %s EAP-PEAP: Failed to allocate memory for request EAP-PEAP: Phase1 done, starting Phase2 EAP-PEAP: Phase 2 method not ready EAP-PEAP: Encrypting Phase 2 TLV data If WPA2 Enterprise is top of wireless security PEAP should be compiled in default for hostapd. Paulo. Ref: http://www.pubbs.net/200911/freebsd/13308-problems-moving-hostapd-ap-config-from-64-to-80rc2.html On 01-06-2010 18:07, Dewayne Geraghty wrote: > You may need to modify the /usr/src/contrib/wpa/hostapd/defconfig > to change the build settings. On 8.1 PRERELEASE the EAP_PEAP is > included in the build configuration file (see below) > > # grep -v ^\# /usr/src/contrib/wpa/hostapd/defconfig|grep EAP > CONFIG_EAP=y > CONFIG_EAP_MD5=y > CONFIG_EAP_TLS=y > CONFIG_EAP_MSCHAPV2=y > CONFIG_EAP_PEAP=y > CONFIG_EAP_GTC=y > CONFIG_EAP_TTLS=y > > Which I've crudely verified with > # strings /usr/sbin/hostapd | grep EAP|grep PEAP > PEAP > > Regards, Phil. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >