Menu
▾
▴
[Open1x-xsupplicant] Trying to connect with LEAP without success
|
From: Yoram G. <yor...@ho...> - 2004-09-19 11:21:02
|
Hello,
I am trying to connect to my organization wireless lan from my thinkpad
with Fedora Core 2,using LEAP and xsupplicant 1.0.1 without success (It
is working OK on Windows). It seems that the authentication process
starts, and some info is exchanged between xsupplicant and the network
but the authentication fails and xsupplicant enters an endless loop.
Any ideas ?
Thanks
Yoram
My Configuration
=================
Hardware:
--------
IBM thinkpad T41 with Intel ipw2100 802.11b wireless card.
Access Point
------------
Cisco Access Point AIR-AP1230B
Software
--------
Fedora Core2. Kernel 2.6.8.1-521
wireless_tools.27.pre25
ipw2100 drivers version 0.54
xsupplicant 1.0.1
xsupplicant configuration file
------------------------------
Note: in the following I changed the actual ESSID of the network to
MYESSID and the user name to us...@ab.... Same in xsupplicant log.
network_list = all
default_netname = MYESSID
startup_command = <BEGIN_COMMAND>ipw2100_2MYESSID<END_COMMAND>
first_auth_command = <BEGIN_COMMAND>echo "I wish to be
here"<END_COMMAND>
reauth_command = <BEGIN_COMMAND>echo "authenticated user
%i"<END_COMMAND>
logfile = /var/log/xsupplicant.log
allow_interfaces = eth1
deny_interfaces = eth0
MYESSID
{
type = wireless
wireless_control = yes
allow_types = eap-leap
identity = <BEGIN_ID>us...@ab...<END_ID>
eap-leap {
username = <BEGIN_UNAME>us...@ab...<END_UNAME>
password = <BEGIN_PASS>ToBor!2Be?Th<END_PASS>
}
}
The ipw2100_2MYESSID script used as startup_command
---------------------------------------------------
#!/bin/bash
echo "Setting eth1 for wireless..."
# clean whatever was there
ifdown eth1 2>/dev/null >/dev/null
ifconfig eth1 down 2>/dev/null >/dev/null
# Associate the network
iwconfig eth1 essid MYESSID mode managed key 123456789 open
ifconfig eth1 up
echo "Finished setting card!"
Note: I checked that manual activation of the script associates
properely the card to
the access point.
Acces Point Configuration
-------------------------
Attached is the access point configuration "censored" by our security
(names and ip addresses changed, few lines removed). I hope you can get
some usefull information from it.
Building configuration...
Current configuration : 3233 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxx
!
!
username xxx privilege 15 password xxx
ip subnet-zero
!
aaa new-model
!
!
aaa group server radius rad_eap
server 1.1.1.1 auth-port 1645 acct-port 1646
server 1.1.1.2 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 network-map
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode wep mandatory
!
ssid MYESSID
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
infrastructure-ssid optional
!
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0
rts threshold 2312
power local 5
channel 2432
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 1.1.1.1
no ip route-cache
!
ip default-gateway 1.1.1.1
ip http server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory/1100
ip http authentication aaa
ip radius source-interface BVI1
logging 1.1.1.1
snmp-server community xxx RW
snmp-server community xxx RO
snmp-server location IIII
snmp-server contact IIII
snmp-server chassis-id III
snmp-server enable traps snmp authentication linkdown linkup coldstart
warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps aaa_server
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server host 1.1.1.1
radius-server host 1.1.1.1
radius-server host 1.1.1.1
radius-server attribute 32 include-in-access-req format %h
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
bridge 1 route ip
!
!
line con 0
line vty 5 15
!
end
Operation
=========
# modprobe ipw2100 if_name=eth1
# xsupplicant -i eth1 -d A
Standard Output from xsupplicant:
--------------------------------
Using default config!
network_list: all
Default network: "MYESSID"
Startup command: "ipw2100_2MYESSID"
First_Auth command: "echo I wish to be here"
Reauth command: "echo "authenticated user %i""
Logfile: "/var/log/xsupplicant.log"
allow_interface_list: "eth1"
deny_interface_list: "eth0"
Type: Wireless
Control Wireless = YES
Allow Type: LEAP
ID: ""
leap username: "us...@ab..."
leap password: "ToBor!2Be?Th"
Setting eth1 for wireless...
Finished setting card!
... and here we stay forever.
Content of /var/log/xsupplicant.log after runing
xsupplicant -i eth1 -d A
--------------------------------------------------------------------------
Note: I changed my real user id into us...@ab... in the dump (the
hexas as well)
[INT] Called event_core_setup()!
[INT] Called cardif_linux_rtnetlink_init()!
[INT] ADDING INTERFACE : eth1
[INT] Flags are : 06
[INT] Initializing socket for interface eth1..
[INT] Index : 18
[INT] Allmulti is currently disabled on this device!
Interface initalized!
[INT] Interface eth1 is wireless!
[INT] The card reported that the destination MAC address is now 00 0E 84
4B 0A 78
[INT] Userdata is NULL!
[INT] Working with ESSID : MYESSID
[CONFIG] Working from config file /etc/xsupplicant.conf.
[CONFIG] Opened socket descriptor #7
[ALL] Processing command : ipw2100_2MYESSID
[ALL] Returning command : ipw2100_2MYESSID
[ALL] Actual command being called is ipw2100_2MYESSID
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Working with an interface with index of 18.
[INT] -- Got a new interface request.
[INT] Found interface eth1, with index of 18! (Ignored)
[ALL] Processing interface eth1... (Flags : 05)
Couldn't get frame. (Maybe there weren't any!)
[ALL] Unknown error (-1)
There are no frames to process.
[STATE] (global) -> DISCONNECTED
[INT] Encryption appears to be disabled. We will not reset keys on
interface eth1!
[STATE] Processing DISCONNECTED state.
[STATE] DISCONNECTED -> CONNECTING
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Working with an interface with index of 18.
[INT] -- Got a new interface request.
[INT] Found interface eth1, with index of 18! (Ignored)
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 05 01 01 00 05 01 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 ............
[ALL] Got EAP-Request-Identification.
[STATE] Processing CONNECTING state.
[STATE] Sending EAPOL-Start Frame.
[ALL] Frame to be sent :
00 0E 84 4B 0A 78 00 0C - F1 33 74 D5 88 8E 01 01 ...K.x...3t.....
00 00 ..
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Working with an interface with index of 18.
[INT] -- Got a new interface request.
[INT] Found interface eth1, with index of 18! (Ignored)
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 05 01 02 00 05 01 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 ............
[ALL] Got EAP-Request-Identification.
[STATE] CONNECTING -> ACQUIRED
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Wireless event: cmd=0x8b1a len=16
[ALL] Processing interface eth1... (Flags : 05)
Couldn't get frame. (Maybe there weren't any!)
Socket would block!
There are no frames to process.
[STATE] Processing ACQUIRED state.
Connection established, authenticating...
[STATE] Sending EAPOL-Response-Identification
[ALL] Frame to be sent :
00 0E 84 4B 0A 78 00 0C - F1 33 74 D5 88 8E 01 00 ...K.x...3t.....
00 14 02 02 00 14 01 75 - 73 69 64 40 61 62 2E 63 .......usid@ab.c
64 65 2E 63 6F 6D de.com
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Wireless event: cmd=0x8b06 len=8
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 1F 01 1F 00 1F 11 01 - 00 08 68 1C 51 D7 47 6C ..........h.Q.Gl
81 B8 75 73 69 64 40 61 - 62 2E 63 64 65 2E 63 6F ..us...@ab...
6D 00 00 00 00 00 00 00 - 00 00 00 00 m...........
[ALL] Got EAP-Request-Authentication.
[STATE] ACQUIRED -> AUTHENTICATING)
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[ALL] Initalized EAP-LEAP!
[AUTH TYPE] (EAP-LEAP) Processing.
[AUTH TYPE] (EAP-LEAP) Got EAP-REQUEST
[AUTH TYPE] (EAP-LEAP) ID : 31
[AUTH TYPE] (EAP-LEAP) Username = us...@ab... -- Password =
ToBor!2Be?Th
[AUTH TYPE] (EAP-LEAP) Incoming Peer Challenge Random Value (Length = 8)
: 68 1C 51 D7 47 6C 81 B8
[AUTH TYPE] MSCHAP Response Calculated : BD C6 A2 4F B6 FA 4C BC 2C 01
54 A7 85 98 0D 56 11 45 A2 50 DD 09 80 69
[AUTH TYPE] (EAP-LEAP) Response Packet Built
[ALL] Frame to be sent :
00 0E 84 4B 0A 78 00 0C - F1 33 74 D5 88 8E 01 00 ...K.x...3t.....
00 2F 02 1F 00 2F 11 01 - 00 18 BD C6 A2 4F B6 FA ./.../.......O..
4C BC 2C 01 54 A7 85 98 - 0D 56 11 45 A2 50 DD 09 L.,.T....V.E.P..
80 69 75 73 69 64 40 61 - 62 2E 63 64 65 2E 63 6F .iu...@ab...
6D m
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Wireless event: cmd=0x8b2a len=12
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 04 04 1F 00 04 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 ............
[ALL] Got EAP-Failure!
Failure!
Stats for Interface eth1 with index 18 :
EAPOL Frames RX : 4 EAPOL Frames TX : 3
EAPOL Starts TX : 1 EAPOL Logoff TX : 0
EAPOL Resp. ID TX : 1 EAPOL Resp. TX : 1
EAPOL Req. ID RX : 2 EAPOL Req. RX : 1
EAPOL Invalid Frame: 0 EAP Length Error : 0
Last EAPOL Version : 1 Last EAPOL Src. :00 0E 84 4B 0A 78
EAPOL Success : 0 EAPOL Failure : 1
[STATE] (global) -> HELD
[INT] Encryption appears to be disabled. We will not reset keys on
interface eth1!
[STATE] Processing HELD state.
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Working with an interface with index of 18.
[INT] -- Got a new interface request.
[INT] Found interface eth1, with index of 18! (Ignored)
[ALL] Processing interface eth1... (Flags : 05)
Couldn't get frame. (Maybe there weren't any!)
Socket would block!
There are no frames to process.
[ALL] Clock tick! authWhile=29 heldWhile=59 startWhen=29 curState=HELD
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Working with an interface with index of 18.
[INT] -- Got a new interface request.
[INT] Found interface eth1, with index of 18! (Ignored)
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 05 01 01 00 05 01 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 ............
[ALL] Got EAP-Request-Identification.
[STATE] HELD -> ACQUIRED
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Working with an interface with index of 18.
[INT] -- Got a new interface request.
[INT] Found interface eth1, with index of 18! (Ignored)
[ALL] Processing interface eth1... (Flags : 05)
Couldn't get frame. (Maybe there weren't any!)
Socket would block!
There are no frames to process.
[STATE] Processing ACQUIRED state.
Connection established, authenticating...
[STATE] Sending EAPOL-Response-Identification
[ALL] Frame to be sent :
00 0E 84 4B 0A 78 00 0C - F1 33 74 D5 88 8E 01 00 ...K.x...3t.....
00 14 02 01 00 14 01 75 - 73 69 64 40 61 62 2E 63 .......usid@ab.c
64 65 2E 63 6F 6D de.com
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Wireless event: cmd=0x8b15 len=20
[INT] New AP found!
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 1F 01 20 00 1F 11 01 - 00 08 3E CA 1A EB C6 14 ..........>.....
85 16 75 73 69 64 40 61 - 62 2E 63 64 65 2E 63 6F ..us...@ab...
6D 00 00 00 00 00 00 00 - 00 00 00 00 m...........
[ALL] Got EAP-Request-Authentication.
[STATE] ACQUIRED -> AUTHENTICATING)
[STATE] Processing AUTHENTICATING state.
[STATE] Sending EAPOL-Response-Authentication
[AUTH TYPE] (EAP-LEAP) Processing.
[AUTH TYPE] (EAP-LEAP) Got EAP-REQUEST
[AUTH TYPE] (EAP-LEAP) ID : 32
[AUTH TYPE] (EAP-LEAP) Username = us...@ab... -- Password =
ToBor!2Be?Th
[AUTH TYPE] (EAP-LEAP) Incoming Peer Challenge Random Value (Length = 8)
: 3E CA 1A EB C6 14 85 16
[AUTH TYPE] MSCHAP Response Calculated : 72 81 FA 9D 5F 8F 48 5E 10 AA
20 49 C9 48 F0 01 04 B4 5F 0D 3C BA 5E 6D
[AUTH TYPE] (EAP-LEAP) Response Packet Built
[ALL] Frame to be sent :
00 0E 84 4B 0A 78 00 0C - F1 33 74 D5 88 8E 01 00 ...K.x...3t.....
00 2F 02 20 00 2F 11 01 - 00 18 72 81 FA 9D 5F 8F ./.../....r..._.
48 5E 10 AA 20 49 C9 48 - F0 01 04 B4 5F 0D 3C BA H^...I.H...._.<.
5E 6D 75 73 69 64 40 61 - 62 2E 63 64 65 2E 63 6F ^mu...@ab...
6D m
Checking event interface.
[INT] Got an RTM_NEWLINK!
[INT] Wireless event: cmd=0x8b15 len=20
[INT] New AP found!
[ALL] Processing interface eth1... (Flags : 05)
[ALL] Got Frame :
00 0C F1 33 74 D5 00 0E - 84 4B 0A 78 88 8E 01 00 ...3t....K.x....
00 04 04 20 00 04 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 - 00 00 00 00 ............
[ALL] Got EAP-Failure!
Failure!
Stats for Interface eth1 with index 18 :
EAPOL Frames RX : 7 EAPOL Frames TX : 5
EAPOL Starts TX : 1 EAPOL Logoff TX : 0
EAPOL Resp. ID TX : 2 EAPOL Resp. TX : 2
EAPOL Req. ID RX : 3 EAPOL Req. RX : 2
EAPOL Invalid Frame: 0 EAP Length Error : 0
Last EAPOL Version : 1 Last EAPOL Src. :00 0E 84 4B 0A 78
EAPOL Success : 0 EAPOL Failure : 2
and so on. I killed the process after abut 200 EAPOL Failure
|
