Project

General

Profile

Actions

Bug #351

closed

Request: 802.11x wired network support in wpa_supplicant

Added by bastyaelvtars over 17 years ago. Updated over 16 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

(Hopefully this stuff is for requests too).
Some time ago, I asked about this, and got this reply:

http://leaf.dragonflybsd.org/mailarchive/users/2006-09/msg00066.html

Has this ever been committed? (Does not seem so to me.)

Actions #1

Updated by sepherosa over 17 years ago

Nope, it is not committed, since I got no reply after above post.

Best Regards,
sephe

Actions #2

Updated by bastyaelvtars over 17 years ago

Sorry, I haven't yet found the time to try it out. I applied the patch
and built/installed wpa_supplicant, I'll do a thorough testing tonight
and post the results.

Actions #3

Updated by bastyaelvtars over 17 years ago

Last time I tried it, it applied fine but testing was interrupted by a
loong power breakdown in the building and I forgot about it. I'll try it
out again in the near future, but is it safe to apply it to preview?

Actions #4

Updated by sepherosa over 17 years ago

Yeah

haha :D

Best Regards,
sephe

Actions #5

Updated by bastyaelvtars over 17 years ago

OK, I did it, but maybe I am doing something wrong, because
authentication always fails, even though the credentials are OK (Aegis
2.1 connects just fine). Do I have to do something to the NIC before or
after the action?

Actions #6

Updated by sepherosa over 17 years ago

1) you must 'ifconfig iface up' before run the wpa_supplicant
2) try removing the "eap=MD5" line in the "network=" block, or set the
EAP to what the authenticator is using
3) try using dd wpa_supplicant command line option to make it print
verbose debug message, and figure out what is happening :
)

Best Regards,
sephe

Actions #7

Updated by bastyaelvtars over 17 years ago

Sepherosa Ziehau wrote:

It's up, should I do it anyway?

It's MD5, and has always been.

It says FAIL, and the radius server says so. :S

Actions #8

Updated by bastyaelvtars over 17 years ago

Bah, tried all of the above and I keep getting authentication failures.
Any other ideas?

Actions #9

Updated by bastyaelvtars about 17 years ago

  1. wpa_supplicant -B -c /etc/wpa.conf -i xl0 -D wired
  2. wpa_cli
    wpa_cli v0.4.9
    Copyright (c) 2004-2005, Jouni Malinen <> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.

Selected interface 'xl0'

Interactive mode

bssid=01:80:c2:00:00:03
ssid=
pairwise_cipher=NONE
group_cipher=NONE
key_mgmt=IEEE 802.1X (no WPA)
wpa_state=ASSOCIATED
ip_address=xxx.xxx.xxx.xxx
Supplicant PAE state=CONNECTING
suppPortStatus=Unauthorized
EAP state=IDLE

and it doesn't work. Any ideas?

Actions #10

Updated by Anonymous about 17 years ago

  1. wpa_supplicant -B -dd -c /etc/wpa.conf -i xl0 -D wired
    Initializing interface 'xl0' conf '/etc/wpa.conf' driver 'wired' ctrl_interface
    'N/A'
    Configuration file '/etc/wpa.conf' -> '/etc/wpa.conf'
    Reading configuration file '/etc/wpa.conf'
    ctrl_interface='/var/run/wpa_supplicant'
    ctrl_interface_group=0 (from group name 'wheel')
    ap_scan=0
    Line: 4 - start of a new network block
    key_mgmt: 0x8
    eap methods - hexdump(len=2): 04 00
    identity - hexdump_ascii(len=9):
    62 6f 72 64 6f 70 69 63 69 bordopici
    password - hexdump_ascii(len=4): [REMOVED]
    eapol_flags=0 (0x0)
    Priority group 0
    id=0 ssid=''
    Initializing interface (2) 'xl0'
    EAPOL: SUPP_PAE entering state DISCONNECTED
    EAPOL: KEY_RX entering state NO_KEY_RECEIVE
    EAPOL: SUPP_BE entering state INITIALIZE
    EAP: EAP entering state DISABLED
    EAPOL: External notification - portEnabled=0
    EAPOL: External notification - portValid=0
    wpa_driver_wired_init: Added multicast membership with SIOCADDMULTI
    Own MAC address: 00:01:02:01:84:3e
    Setting scan request: 0 sec 100000 usec
    Added interface xl0
    Daemonize..
Actions #11

Updated by Anonymous about 17 years ago

EAPOL: txStart
TX EAPOL - hexdump(len=4): 01 01 00 00
EAPOL: idleWhile --> 0
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
EAPOL: heldWhile --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state IDLE
EAPOL: startWhen --> 0
^CCTRL-EVENT-TERMINATING - signal 2 received
Removing interface xl0
State: ASSOCIATED -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
No keys have been configured - skip key clearing
Cancelling scan request

It probably cannot connect, because nothing shows up in the logs. Aegis 2.1
works fine on the same port, tried with 2 different PCs.

Actions #12

Updated by sepherosa over 16 years ago

After wpa_supplicant-0.5.8 was imported, 802.1x authentication over wired
devices is supposed to work, however, the reporter no longer had proper
environment to test. Consider it closed for now.

Actions

Also available in: Atom PDF