Setting up WPA-Supplicant and PEAP,MSCHAPV2
I am trying to connect my Fedora 5 laptop to a W2K RADIUS server using PEAP, MSCHAPSv2. My window machines are fine but trying to connect my fedora laptop has been a nightmare! It is not getting a certificate from the Certificate Authority from the W2K box. I am using an older Cisco 1200 (Aironet 802.11b AP as my authenticator))Do I need something else?
Here is my wpa_supplicant.conf: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 network={ ssid="SSID" bssid=XX.XX.XX.XX.XX.XX scan_ssid=1 key_mgmt=WPA-EAP IEEE8021X eap=PEAP auth_alg=OPEN phase1="peaplabel=1" phase2="auth=MSCHAPV2" identity="username" password="password" ca_cert="192.168.4.3" -------ACCESSPOINT } Here is error log running a -dd option: Initializing interface 'ath0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'madwifi' ctrl_interface 'N/A' Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 Line: 33 - start of a new network block ssid - hexdump_ascii(len=3): 5a 4f 52 ZOR BSSID - hexdump(len=6): 00 12 17 34 60 e1 key_mgmt: 0x9 eap methods - hexdump(len=2): 19 00 auth_alg: 0x1 pairwise: 0x18 identity - hexdump_ascii(len=7): 64 61 62 65 61 73 74 dabeast password - hexdump_ascii(len=14): [REMOVED] ca_cert - hexdump_ascii(len=11): 31 39 32 2e 31 36 38 2e 34 2e 33 192.168.4.3 phase1 - hexdump_ascii(len=11): 70 65 61 70 6c 61 62 65 6c 3d 31 peaplabel=1 phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 76 32 auth=MSCHAPv2 Priority group 0 id=0 ssid='ZOR' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 SIOCGIWRANGE: WE(compiled)=19 WE(source)=13 enc_capa=0xf capabilities: key_mgmt 0xf enc 0xf Own MAC address: 00:0f:b5:ae:a1:17 wpa_driver_madwifi_del_key: keyidx=0 wpa_driver_madwifi_del_key: keyidx=1 wpa_driver_madwifi_del_key: keyidx=2 wpa_driver_madwifi_del_key: keyidx=3 wpa_driver_madwifi_set_countermeasures: enabled=0 wpa_driver_madwifi_set_drop_unencrypted: enabled=1 Setting scan request: 0 sec 100000 usec Added interface ath0 Wireless event: cmd=0x8b06 len=8 Ignore event for foreign ifindex 3 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:12:17:34:60:e1 State: DISCONNECTED -> ASSOCIATED Associated to a new BSS: BSSID=00:12:17:34:60:e1 No keys have been configured - skip key clearing No network configuration found for the current AP State: ASSOCIATED -> DISCONNECTED wpa_driver_madwifi_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added State: DISCONNECTED -> SCANNING Starting AP scan (broadcast SSID) Wireless event: cmd=0x8b1a len=8 Scan timeout - try to get results Received 940 bytes of scan results (5 BSSes) Scan results: 5 Selecting BSS from priority group 0 0: 00:12:0e:3d:07:9e ssid='Castedo' wpa_ie_len=0 rsn_ie_len=0 caps=0x11 skip - no WPA/RSN IE 1: 00:12:0e:40:37:6a ssid='06B407974762' wpa_ie_len=0 rsn_ie_len=0 caps=0x11 skip - no WPA/RSN IE 2: 00:12:17:34:60:e1 ssid='linksys' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:07:50:d5:ac:3c ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:13:46:c0:49:88 ssid='default' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No suitable AP found. |
Fedora and W2K server using PEAP(MSCHAPv2)
Can anyone tell me how I can connect Fedora 5 wireless laptop using MADWIFI drivers to a Microsoft W2K RADIUS server using PEAP-MSCHAPV2. My windows clients are fine it is just trying to connect the laptop to the RADIUS server using XSupplicant or WPA_Supplicant. I have made several post but there has not been one reply. It is that difficult?
|
I don't know if it is difficult or not, but it certainly isn't very common. I don't think you're being ignored, but I know I don't have any useful advice. You've obviously compiled it with the proper support turned on and seem to be starting it correctly. The only thing that jumps out at me is this:
Quote:
|
I was doing some intense reading and wpa_supplicant says that under the
PHP Code:
|
I'm more than a little out of my depth here, but if this MacOX article is correct, it looks as if openSSL can do the conversion. However, this suggests that openSSL might not be able to use DER format, so you might need to use PEM.
This also looks to be a good guide to converting various formats. |
it still does not authenticate. I am lost!
|
I guess the only thing I can think of is to check that wpa_supplicant works on a different network. If it can connect to a WEP network, or a less complex WPA config, at least you can rule out a problem with wpa_supplicant.
I suppose you could also try the wext driver in wpa_supplicant rather than madwifi. In theory, it should work with the madwifi drivers. Other than that, I'm at a loss I'm afraid. |
I guess is safe to say that linux has a long way to go with wireless security. that is sad
|
You'll get no argument from me. In fact I would expand that a touch to say Linux has a long way to go with wireless. Given the prevalence of wireless, I would bet it is one of the single biggest obstacles to new user acceptance of Linux.
|
hangdog,
thanks alot for your help. Hey I am from Maryland too. Go Baltimore Ravens or Redskins. I like what you done to your site. The WPA section if you can add some PEAP,MSCHAPV2 to your example WPA_supplicant file. That is when you can actually connect to a Microsoft RADUIS server. |
|
Wow. I've seen your postings around here and been really sad that I had no concrete advice, or even any clue whatsoever, to give. This one was so far above my pay scale it wasn't funny. And PLEASE do add this to the LQ Wiki or write a tutorial. This amount of suffering shouldn't go for naught.
|
I hopefully will bring relief to so many users out there that I have been struggle with this. How would I go about adding a wiki to this forum? thanks
|
There is a section on how to get started on the wiki here and it pretty much steps you through the process of adding information. I think the biggest problem with your will be how to classify it since it seems to be more of a Cisco issue than anything else. There is a big section on networking that covers a lot of topics, so probably somewhere in there.
|
right many thanks
|
All times are GMT -5. The time now is 12:21 PM. |