LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices



Reply
 
Search this Thread
Old 09-26-2006, 07:55 PM   #1
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Rep: Reputation: 58
Setting up WPA-Supplicant and PEAP,MSCHAPV2


I am trying to connect my Fedora 5 laptop to a W2K RADIUS server using PEAP, MSCHAPSv2. My window machines are fine but trying to connect my fedora laptop has been a nightmare! It is not getting a certificate from the Certificate Authority from the W2K box. I am using an older Cisco 1200 (Aironet 802.11b AP as my authenticator))Do I need something else?

Here is my wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0

network={
ssid="SSID"
bssid=XX.XX.XX.XX.XX.XX
scan_ssid=1
key_mgmt=WPA-EAP IEEE8021X
eap=PEAP
auth_alg=OPEN
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
identity="username"
password="password"
ca_cert="192.168.4.3" -------ACCESSPOINT
}

Here is error log running a -dd option:

Initializing interface 'ath0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'madwifi' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
Line: 33 - start of a new network block
ssid - hexdump_ascii(len=3):
5a 4f 52 ZOR
BSSID - hexdump(len=6): 00 12 17 34 60 e1
key_mgmt: 0x9
eap methods - hexdump(len=2): 19 00
auth_alg: 0x1
pairwise: 0x18
identity - hexdump_ascii(len=7):
64 61 62 65 61 73 74 dabeast
password - hexdump_ascii(len=14): [REMOVED]
ca_cert - hexdump_ascii(len=11):
31 39 32 2e 31 36 38 2e 34 2e 33 192.168.4.3
phase1 - hexdump_ascii(len=11):
70 65 61 70 6c 61 62 65 6c 3d 31 peaplabel=1
phase2 - hexdump_ascii(len=13):
61 75 74 68 3d 4d 53 43 48 41 50 76 32 auth=MSCHAPv2
Priority group 0
id=0 ssid='ZOR'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=19 WE(source)=13 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf
Own MAC address: 00:0f:b5:ae:a1:17
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Added interface ath0
Wireless event: cmd=0x8b06 len=8
Ignore event for foreign ifindex 3
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:12:17:34:60:e1
State: DISCONNECTED -> ASSOCIATED
Associated to a new BSS: BSSID=00:12:17:34:60:e1
No keys have been configured - skip key clearing
No network configuration found for the current AP
State: ASSOCIATED -> DISCONNECTED
wpa_driver_madwifi_disassociate
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=8
Scan timeout - try to get results
Received 940 bytes of scan results (5 BSSes)
Scan results: 5
Selecting BSS from priority group 0
0: 00:12:0e:3d:07:9e ssid='Castedo' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
skip - no WPA/RSN IE
1: 00:12:0e:40:37:6a ssid='06B407974762' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
skip - no WPA/RSN IE
2: 00:12:17:34:60:e1 ssid='linksys' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
3: 00:07:50:d5:ac:3c ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
4: 00:13:46:c0:49:88 ssid='default' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
skip - no WPA/RSN IE
No suitable AP found.

Last edited by metallica1973; 09-27-2006 at 06:39 PM.
 
Old 10-11-2006, 04:16 PM   #2
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
Fedora and W2K server using PEAP(MSCHAPv2)

Can anyone tell me how I can connect Fedora 5 wireless laptop using MADWIFI drivers to a Microsoft W2K RADIUS server using PEAP-MSCHAPV2. My windows clients are fine it is just trying to connect the laptop to the RADIUS server using XSupplicant or WPA_Supplicant. I have made several post but there has not been one reply. It is that difficult?
 
Old 10-11-2006, 04:56 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
I don't know if it is difficult or not, but it certainly isn't very common. I don't think you're being ignored, but I know I don't have any useful advice. You've obviously compiled it with the proper support turned on and seem to be starting it correctly. The only thing that jumps out at me is this:

Quote:
No network configuration found for the current AP
That might suggest you haven't gotten the config quite right, but I don't have any suggestions as to what to change. Just to rule out the screamingly obvious, does wpa_supplicant work with other access points? Also, have you tried posting to the mailing list at wpa_supplicant? They might have some more useful advice than I do.
 
Old 10-11-2006, 07:40 PM   #4
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
I was doing some intense reading and wpa_supplicant says that under the

PHP Code:
ca_cert= /Path/To/ROOT_CA 
section I need the MS ca_root file in PEM or DEM format. I was able to copy the Root CA from the MS Certificate Authority Server. I copied it as a example.cer file. Now how would I convert that file to a PER or DEM format?

Last edited by metallica1973; 10-11-2006 at 08:23 PM.
 
Old 10-12-2006, 08:31 AM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
I'm more than a little out of my depth here, but if this MacOX article is correct, it looks as if openSSL can do the conversion. However, this suggests that openSSL might not be able to use DER format, so you might need to use PEM.

This also looks to be a good guide to converting various formats.
 
Old 10-12-2006, 11:44 PM   #6
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
it still does not authenticate. I am lost!
 
Old 10-13-2006, 07:51 AM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
I guess the only thing I can think of is to check that wpa_supplicant works on a different network. If it can connect to a WEP network, or a less complex WPA config, at least you can rule out a problem with wpa_supplicant.

I suppose you could also try the wext driver in wpa_supplicant rather than madwifi. In theory, it should work with the madwifi drivers. Other than that, I'm at a loss I'm afraid.

Last edited by Hangdog42; 10-13-2006 at 07:52 AM.
 
Old 10-13-2006, 10:08 AM   #8
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
I guess is safe to say that linux has a long way to go with wireless security. that is sad
 
Old 10-13-2006, 12:21 PM   #9
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
You'll get no argument from me. In fact I would expand that a touch to say Linux has a long way to go with wireless. Given the prevalence of wireless, I would bet it is one of the single biggest obstacles to new user acceptance of Linux.
 
Old 10-13-2006, 12:40 PM   #10
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
hangdog,

thanks alot for your help. Hey I am from Maryland too. Go Baltimore Ravens or Redskins. I like what you done to your site. The WPA section if you can add some PEAP,MSCHAPV2 to your example WPA_supplicant file. That is when you can actually connect to a Microsoft RADUIS server.

Last edited by metallica1973; 10-13-2006 at 12:43 PM.
 
Old 07-07-2008, 02:41 AM   #11
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
problem solved

http://www.linuxquestions.org/questi...0/#post3206217
 
Old 07-07-2008, 08:32 AM   #12
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Wow. I've seen your postings around here and been really sad that I had no concrete advice, or even any clue whatsoever, to give. This one was so far above my pay scale it wasn't funny. And PLEASE do add this to the LQ Wiki or write a tutorial. This amount of suffering shouldn't go for naught.
 
Old 07-08-2008, 12:09 AM   #13
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
I hopefully will bring relief to so many users out there that I have been struggle with this. How would I go about adding a wiki to this forum? thanks
 
Old 07-08-2008, 08:37 AM   #14
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
There is a section on how to get started on the wiki here and it pretty much steps you through the process of adding information. I think the biggest problem with your will be how to classify it since it seems to be more of a Cisco issue than anything else. There is a big section on networking that covers a lot of topics, so probably somewhere in there.
 
Old 07-09-2008, 06:36 PM   #15
metallica1973
Senior Member
 
Registered: Feb 2003
Location: Washington D.C
Posts: 2,121

Original Poster
Rep: Reputation: 58
right many thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WPA Supplicant problem... JaseP Linux - Wireless Networking 2 12-14-2005 10:57 PM
WPA Supplicant Question brokenflea Slackware 7 07-28-2005 10:18 PM
How to use xsupplicant, wpa_supplicant for wpa/tkip/peap-mschapv2 weeds84 Linux - Wireless Networking 2 03-13-2005 06:17 AM
How do i set up WPA PSK with wpa supplicant and linuxant? Eleavings Linux - Wireless Networking 4 12-27-2004 12:24 PM
802.1x, Radius, MSChapv2, PEAP Micah Linux - Wireless Networking 10 11-05-2004 02:10 PM


All times are GMT -5. The time now is 03:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration