-   Linux - Wireless Networking (
-   -   802.1x, Radius, MSChapv2, PEAP (

Micah 10-18-2004 08:43 AM

802.1x, Radius, MSChapv2, PEAP
I've been doing alot of research and everything I have read says it works but I can't find specific examples and my config fails.

How do I get my Linux Box talking to a Microsoft PEAP, MSChapV2, Radius Server?

I am using the 2.6.x kernel driver for the Cisco Aironet 350 series pcmcia card.
Software on a Gentoo Laptop:
Cisco's utilities (ACU, not the driver)
linux wireless utilities

My Network uses a Microsoft Radius Server, Microsoft Cert Server, PEAP, MSCHAPv2, a Certificate and what else do I need to know?

using wpa_supplicant, I get - no network detected. We don't broadcast SSID's.
xsupplicant doesn't want to connect.
one of the iwtools - to detect ssid's - find all 4 Access Points but fails to get the SSIDs (I know what they are though)

Any help is appreciated.

darkleaf 10-18-2004 08:53 AM

You can set the essid with:

iwconfig wlan0 essid xxxx
xxxx = your essid. If you're using another interface change wlan0 to that as well

Micah 10-18-2004 09:14 AM

When i set the essid with iwconfig it fails to work...

the /proc/driver/aironet/eth0/SSID file may show it but iwcofig just shows: "" for the essid...

At home on my unencrypted network, I can set it.

darkleaf 10-18-2004 10:14 AM

And after trying a couple of times setting the essid. I don't know for modules in the kernel but in my old ndiswrapper it took me a couple of tries as well to set the essid.

Micah 10-18-2004 10:19 AM

I read something somewhere that the guy set the essid and then waited for the card to stop flashing - to him this meant it became associated.

Do I have to worry about that?

Can I set the SSID's HW Mac Address instead?
iwlist wifi0 scanning
this shows 4 Cells. None have an essid but I get all of their MAC addresses. ( Quality is also 0/10 but everything else on the look ok )

2Gnu 10-18-2004 10:39 AM

Try running XSupplicant in the debug mode, maybe, to see if it gives you some insight into what's failing. Is there anything of value in the RADIUS logs?

Not broadcasting the SSID beacon often results in connection difficulties (and never improves security). Consider turning it back on, at least for testing.

One of the better setup docs around seems to be gone, as in the hosting site is not found, so I'll keep looking.

Micah 10-18-2004 10:53 AM

I don't have access to the Radius Logs - and its a Microsoft Server (If that helps) - At lunch I will see if I can get anythign from our security people.

xsupplicant -i eth1 -d 6

Couldn't get information for interface wifi0!
Error , 1: syntax error
Calling do_eapol, with device eth1
Setup on device eth1 complete
(EAPMD5) Initialized
(EAPMS-CHAP) Initialized
Done with init.
You do not appear to be associated to a wireless network!
You do not appear to be associated to a wireless network!
Sending EAPOL-Start #1
You do not appear to be associated to a wireless network!
You do not appear to be associated to a wireless network!
Sending EAPOL-Start #2
You do not appear to be associated to a wireless network!
No authenticator found! Assuming the port is authorized!
You do not appear to be associated to a wireless network!
(EAPMD5) Cleaning up.
(EAPMS-CHAP) Cleaning up.

I'll also see if I can get security to turn on SSID broadcasting of at least one access point. (Toughy... =)

2Gnu 10-18-2004 11:13 AM

Clearly, from the output, you are not associated with an AP. You can't authenticate until you get past that hurdle.

Which version of XSupplicant? Do you have a config file, perhaps, that's overriding the iwconfig essid youressid eth0 setting?

Micah 10-18-2004 11:23 AM

xsupplicant 0.8b ... There is a newer out so I will try and install it =)

iwconfig eth0 essid xxxx won't set it...

I've also tried:

echo "SSID: xxxx" > /proc/driver/aironet/eth0/SSID
Here, it sets it for a minute and then it disappears


iwconfig eth0 ap 00:xx:xx:xx:xx:xx
Does nothing =(

Again - this works at home on my unencrypted wireless....

Micah 10-18-2004 11:54 AM

New Info
I've installed XSupplicant 1.0pre(something)

in README.wireless_cards...
Cisco 340/350 - No (Auth) - No (dWEP) - "The Cisco driver Hijacks 0x888e which prevents xsupplicant from obtaining the frames. We are evaluating this problem."

It appears my card will fail anyways. Maybe... I don't know if it means Cisco as in Kernel or as in Cisco's implementation (I don't even know if they are different ro the same.)

Looks like I'm going shopping this evening. =)

In the mean time, I think I will try installing Cisco's driver again.

otisthegbs 11-05-2004 01:10 PM

if I ever want to associate on to hidden ssid i just set the id manually

iwconfig eth2 essid "( . Y . )"

then request an ip via dhcp, like sudo dhcpcd eth2, or sudo dhclient eth2, whether there's a dhcp server running or not doesnt matter, the card has to bind to that AP in order to TRY to request an IP. works for me on my orinoco card. it's kind of a hack solution but it works for me.

All times are GMT -5. The time now is 06:28 AM.