PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Probleme mit EAP



moor_mat
02.03.10, 13:15
Hallo!

Ich hab leider Probleme mich zum wlan in meiner Schule zu connecten. Es gibt eine Anleitung für den Zugang mit dem Network-Manager (Ich hätte aber lieber etwas nicht-grafisches verwendet). Laut dieser werden folgende Einstellungen benötigt:


wireless-security: wpa & wpa2 enterprise
authenticaion: peap
anonymous identity: die gleiche wie mein username ;)
peap-version: 0
inner authenfication: mschapv2



ich hab das jetzt einmal auf meine wpa-supplicant.conf umgelegt:



network={
ssid="ssid"
#scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="meine identity"
password="mein passwort"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
}


Reicht dass oder fehlt mir hier die "anonymous identity"?

wenn ich nun versuche mit dem Befehl

wpa_supplicant -D wext -i wlan0 -c wpa_supplicant.conf
zu dem netzwerk zu verbinden, kriege ich folgende fehlermeldung:



CTRL-EVENT-SCAN-RESULTS
Trying to associate with 00:12:a9:17:1c:c6 (SSID='fhhgb' freq=2462 MHz)
Associated with 00:12:a9:17:1c:c6
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-TLV: Earlier failure - force failed Phase 2
CTRL-EVENT-EAP-FAILURE EAP authentication failed
...


das geht sie die ganze zeit dahin.

wenn ich ein "-d" an den befehl anhaenge, um einen genauere ausgabe zu haben, bekomme ich folgendes:



Initializing interface 'wlan0' conf 'schule-wlan.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file 'schule-wlan.conf' -> '/home/moe/my_temp/schule-wlan.conf'
Reading configuration file '/home/moe/my_temp/schule-wlan.conf'
Priority group 0
id=0 ssid='fhhgb'
Initializing interface (2) 'wlan0'
Interface wlan0 set UP - waiting a second for the driver to complete initialization
SIOCGIWRANGE: WE(compiled)=22 WE(source)=18 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf flags 0x0
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:13:d3:67:b9:3a
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
RSN: flushing PMKID list in the driver
Setting scan request: 0 sec 100000 usec
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
Added interface wlan0
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=12
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 0 bytes of scan results (0 BSSes)
CTRL-EVENT-SCAN-RESULTS
Selecting BSS from priority group 0
Try to find WPA-enabled AP
Try to find non-WPA AP
No suitable AP found.
Setting scan request: 0 sec 0 usec
Starting AP scan (broadcast SSID)
Scan requested (ret=0) - scan timeout 5 seconds
EAPOL: disable timer tick
Scan timeout - try to get results
Received 4092 bytes of scan results (14 BSSes)
CTRL-EVENT-SCAN-RESULTS
Selecting BSS from priority group 0
Try to find WPA-enabled AP
0: 00:12:a9:17:1c:c8 ssid='fhhgb-wpa2' wpa_ie_len=0 rsn_ie_len=20 caps=0x11
skip - SSID mismatch
1: 00:12:a9:17:1c:c6 ssid='fhhgb' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
selected based on WPA IE
selected WPA AP 00:12:a9:17:1c:c6 ssid='fhhgb'
Try to find non-WPA AP
Trying to associate with 00:12:a9:17:1c:c6 (SSID='fhhgb' freq=2462 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 proto 1
WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 00 00
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: not using MGMT group cipher
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
wpa_driver_wext_set_psk
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=21
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8c07 len=65
AssocReq IE wireless event - hexdump(len=49): 00 05 66 68 68 67 62 01 08 02 04 0b 0c 12 16 18 24 32 04 30 48 60 6c dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 00 00
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8c08 len=32
AssocResp IE wireless event - hexdump(len=16): 01 08 82 84 8b 0c 12 96 18 24 32 04 30 48 60 6c
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 00:12:a9:17:1c:c6
Association info event
req_ies - hexdump(len=49): 00 05 66 68 68 67 62 01 08 02 04 0b 0c 12 16 18 24 32 04 30 48 60 6c dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 00 00
resp_ies - hexdump(len=16): 01 08 82 84 8b 0c 12 96 18 24 32 04 30 48 60 6c
WPA: set own WPA/RSN IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 00 00
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:12:a9:17:1c:c6
No keys have been configured - skip key clearing
Associated with 00:12:a9:17:1c:c6
WPA: Association event - clear replay counter
WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: enable timer tick
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RX EAPOL from 00:12:a9:17:1c:c6
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=38):
00 6e 65 74 77 6f 72 6b 69 64 3d 66 68 68 67 62 _networkid=fhhgb
2c 6e 61 73 69 64 3d 37 2e 30 2c 70 6f 72 74 69 ,nasid=7.0,porti
64 3d 32 30 37 30 d=2070
EAP: using real identity - hexdump_ascii(len=23):
46 48 48 41 47 45 4e 42 45 52 47 5c 73 30 38 31 <user
30 32 33 39 30 32 33 name>
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=00:12:a9:17:1c:c6
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:a9:17:1c:c6
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 93 bytes pending from ssl_out
SSL: 93 bytes left to be sent out (of total 93 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=00:12:a9:17:1c:c6
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:a9:17:1c:c6
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1496) - Flags 0xc0
SSL: TLS Message Length: 2293
SSL: Need 807 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=00:12:a9:17:1c:c6
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:a9:17:1c:c6
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=813) - Flags 0x00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate request A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 210 bytes pending from ssl_out
SSL: 210 bytes left to be sent out (of total 210 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=00:12:a9:17:1c:c6
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:a9:17:1c:c6
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x80
SSL: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): [REMOVED]
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=00:12:a9:17:1c:c6
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:12:a9:17:1c:c6
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x00
EAP-PEAP: received 37 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1): 01
EAP-PEAP: received Phase 2: code=1 identifier=6 length=5
EAP-PEAP: Phase 2 Request: type=1
.....


Kann es sich um einen fehler in der Openssl-Versionen handeln? Mit WPA-PSK netzwerken kann ich mich problemlos verbinden. Achja: Ich benutze ndiswrapper, bei der Karte handelt es sich um einen "INPROCOMM IPN 2220 Wireless Lan Adapter".

Hier noch die von mir verwendeten Versionen:


ii openssl 0.9.8g-15+lenny6 Secure Socket Layer (SSL) binary and related cryptographic too
ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA keys
ii wireless-tools 29-1.1 Tools for manipulating Linux Wireless Extensions
ii wpasupplicant 0.6.4-3 Client support for WPA and WPA2 (IEEE 802.11i)


Ich sag schon mal danke! :)