Thank you for your answer. There is a document about how to use
Maybe you are interest in it. All my testing are based on the document, but I
also use Windows IAS server to replace FreeRADIUS,
but the client dirver I use madwifi0802. Maybe, the madwifi can't work with
"Martin Usher" <martin@...> on 09/04/2003 12:28:34 AM
To: Eric SY Huang/WNC/Wistron@..., madwifi-devel@...
This document is classified as Normal
Subject: RE: [Madwifi-devel] madwifi and 802.1x?
You may have associated but then got thrown off -- disassociated -- when
you failed to authenticate. The AP should then reject any further
attempts at association for a period of up to a minute, a provision in
the standard that's designed to foil Denial of Service attacks by
repeated authentication attempts.
This exchange happens very quickly so if you're not looking for it you
can easily miss it.
The driver doesn't look as if its set up to handle 1x. It needs code
that can detect EAPOL frames (reserved Ethertype on the SNAP header, I
think its 0x888E) and send them through unencrypted. The receive code
will also need to check for EAPOL frames and let them through even
though they are unencrpyted.
The driver will also need to support two keys, one for multicast and one
for unicast. The AP will tell you which key numbers to use -- this is
important -- so there will need to be some Ioctl call or other mechanism
to assign those keys.
I have not spent any significant amount of time with xSupplicant. Most
of my experience has been in Access Points with only a very small amount
of Windows driver work to complement it. If anyone can point me at some
reliable information about setting it up (and verifying it) then I don't
mind tweaking the madwifi driver to make it work. It is important to
verify what you're doing at each step. Security protocols can be a real
pain to work on because the features that make them hacker-proof also
make them developer-proof. (And it only gets worse -- 1x/WEP will look
trivial compared to WPA.)