# Cannot get EAP to work: ath0 wpa_supplicant madwifi

## Princess Nell

I've been banging my head against this for a few days now ...

I'm trying to connect to a wireless AP:

- it uses EAP-TTLS with an outer EAP-TLS and inner EAP-GTC connection

- the AP authenticates against a radius server

- cipher is AES CCMP

- open authentication with EAP and network EAP

- mandatory WPA key management

Here's my attempt at a wpa_supplicant config:

```

ctrl_interface=/var/run/wpa_supplicant

eapol_version=1

ap_scan=1

fast_reauth=1

network={

        priority=1

        ssid="WIFI"

        scan_ssid=1

        auth_alg=OPEN

        key_mgmt=WPA-EAP

        pairwise=CCMP

        group=CCMP

        ca_cert="/etc/ssl/certs/mycomprootcert.pem"

        identity="xxx"

        password="eyes-only"

}

```

Now I'm running

```

/sbin/wpa_supplicant -w -i ath0 -c /etc/wpa_supplicant/wpa_supplicant.conf -Dmadwifi -d

```

and get the below. Basically, I'm completely out of my depth, and have no idea why stuff is

failing, and whether I'm missing any pieces. I can't tell which parts of the process are failing,

in particular

```

WPA: Set own WPA IEioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument

```

```

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

```

```

OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

```

wpa_supplicant debug output:

```

Initializing interface 'ath0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'madwifi' ctrl_interface 'N/A' bridge 'N

/A'

Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'

Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'

ctrl_interface='/var/run/wpa_supplicant'

eapol_version=1

ap_scan=1

fast_reauth=1

Priority group 1

   id=0 ssid='WIFI'

Initializing interface (2) 'ath0'

EAPOL: SUPP_PAE entering state DISCONNECTED

EAPOL: KEY_RX entering state NO_KEY_RECEIVE

EAPOL: SUPP_BE entering state INITIALIZE

EAP: EAP entering state DISABLED

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

SIOCGIWRANGE: WE(compiled)=21 WE(source)=13 enc_capa=0xf

  capabilities: key_mgmt 0xf enc 0xf

WEXT: Operstate: linkmode=1, operstate=5

Own MAC address: 00:40:f4:d2:73:33

wpa_driver_madwifi_del_key: keyidx=0

wpa_driver_madwifi_del_key: keyidx=1

wpa_driver_madwifi_del_key: keyidx=2

wpa_driver_madwifi_del_key: keyidx=3

wpa_driver_madwifi_set_countermeasures: enabled=0

wpa_driver_madwifi_set_drop_unencrypted: enabled=1

Setting scan request: 0 sec 100000 usec

Added interface ath0

State: DISCONNECTED -> SCANNING

Starting AP scan (specific SSID)

Scan SSID - hexdump_ascii(len=4):

     57 49 46 49                                       WIFI            

Trying to get current scan results first without requesting a new scan to speed up initial association

Received 408 bytes of scan results (2 BSSes)

Scan results: 2

Selecting BSS from priority group 1

0: 00:0b:85:6d:d3:4f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1

   skip - no WPA/RSN IE

1: 00:0b:85:6d:78:6f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1

   skip - no WPA/RSN IE

No suitable AP found.

Setting scan request: 0 sec 0 usec

RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()

Wireless event: cmd=0x8b06 len=8

Ignore event for foreign ifindex 9

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added

Starting AP scan (broadcast SSID)

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b1a len=8

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b19 len=8

Received 1533 bytes of scan results (7 BSSes)

Scan results: 7

Selecting BSS from priority group 1

0: 00:1b:2b:6a:d5:60 ssid='' wpa_ie_len=0 rsn_ie_len=22 caps=0x11

   skip - SSID mismatch

1: 00:19:a9:0d:14:10 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x11

   skip - no WPA/RSN IE

2: 00:0f:f8:58:67:7e ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x11

   skip - no WPA/RSN IE

3: 00:0d:0b:87:d5:8f ssid='Arch-Agora-Wireless' wpa_ie_len=0 rsn_ie_len=0 caps=0x11

   skip - no WPA/RSN IE

4: 00:0b:85:6d:d3:4f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1

   skip - no WPA/RSN IE

5: 00:0b:85:6d:d8:8f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1

   skip - no WPA/RSN IE

6: 00:0b:85:6d:78:6f ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x1

   skip - no WPA/RSN IE

No suitable AP found.

Setting scan request: 5 sec 0 usec

Starting AP scan (specific SSID)

Scan SSID - hexdump_ascii(len=4):

     57 49 46 49                                       WIFI            

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b1a len=12

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b19 len=8

Received 2021 bytes of scan results (9 BSSes)

Scan results: 9

Selecting BSS from priority group 1

0: 00:1b:2b:6a:d5:60 ssid='WIFI' wpa_ie_len=0 rsn_ie_len=22 caps=0x11

   selected based on RSN IE

Trying to associate with 00:1b:2b:6a:d5:60 (SSID='WIFI' freq=2422 MHz)

Cancelling scan request

WPA: clearing own WPA/RSN IE

Automatic auth_alg selection: 0x1

Overriding auth_alg selection: 0x1

RSN: using IEEE 802.11i/D9.0

WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1 proto 2

WPA: clearing AP WPA IE

WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 28 00

WPA: using GTK CCMP

WPA: using PTK CCMP

WPA: using KEY_MGMT 802.1X

WPA: Set own WPA IEioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument

 default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00

No keys have been configured - skip key clearing

wpa_driver_madwifi_set_drop_unencrypted: enabled=1

State: SCANNING -> ASSOCIATING

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

wpa_driver_madwifi_associate

wpa_driver_madwifi_associate: SETMLME[ASSOC] failed

Association request to the driver failed

Setting authentication timeout: 5 sec 0 usec

EAPOL: External notification - portControl=Auto

RSN: Ignored PMKID candidate without preauth flag

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b1a len=12

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:1b:2b:6a:d5:60

State: ASSOCIATING -> ASSOCIATED

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

Associated to a new BSS: BSSID=00:1b:2b:6a:d5:60

No keys have been configured - skip key clearing

Associated with 00:1b:2b:6a:d5:60

WPA: Association event - clear replay counter

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

EAPOL: External notification - portEnabled=1

EAPOL: SUPP_PAE entering state CONNECTING

EAPOL: SUPP_BE entering state IDLE

EAP: EAP entering state INITIALIZE

EAP: EAP entering state IDLE

Setting authentication timeout: 10 sec 0 usec

Cancelling scan request

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added

RX EAPOL from 00:1b:2b:6a:d5:60

Setting authentication timeout: 70 sec 0 usec

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_PAE entering state RESTART

EAP: EAP entering state INITIALIZE

EAP: EAP entering state IDLE

EAPOL: SUPP_PAE entering state AUTHENTICATING

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0

EAP: EAP entering state IDENTITY

CTRL-EVENT-EAP-STARTED EAP authentication started

EAP: EAP-Request Identity data - hexdump_ascii(len=38):

     00 6e 65 74 77 6f 72 6b 69 64 3d 57 49 46 49 2c   _networkid=WIFI,

     6e 61 73 69 64 3d 61 69 72 6f 6e 65 74 2c 70 6f   nasid=aironet,po

     72 74 69 64 3d 30                                 rtid=0          

EAP: using real identity - hexdump_ascii(len=3):

     58 58 58                                          xxx             

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:1b:2b:6a:d5:60

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0

EAP: EAP entering state GET_METHOD

EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)

EAP-TTLS: Phase2 type: EAP

EAP-TTLS: Phase2 EAP types - hexdump(len=56): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 

00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 2e 00 00 00

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected

EAP: EAP entering state METHOD

SSL: Received packet(len=6) - Flags 0x20

EAP-TTLS: Start (server ver=0, own ver=0)

EAP-TTLS: Using TTLS version 0

TLS: Trusted root certificate(s) loaded

EAP-TTLS: Start

SSL: (where=0x10 ret=0x1)

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:before/connect initialization

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write client hello A

SSL: (where=0x1002 ret=0xffffffff)

SSL: SSL_connect:error in SSLv3 read server hello A

SSL: SSL_connect - want more data

SSL: 89 bytes pending from ssl_out

SSL: 89 bytes left to be sent out (of total 89 bytes)

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:1b:2b:6a:d5:60

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=3 method=21 vendor=0 vendorMethod=0

EAP: EAP entering state METHOD

SSL: Received packet(len=1034) - Flags 0xc0

SSL: TLS Message Length: 2611

SSL: Need 1587 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:1b:2b:6a:d5:60

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=4 method=21 vendor=0 vendorMethod=0

EAP: EAP entering state METHOD

SSL: Received packet(len=1034) - Flags 0xc0

SSL: TLS Message Length: 2611

SSL: Need 563 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:1b:2b:6a:d5:60

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=5 method=21 vendor=0 vendorMethod=0

EAP: EAP entering state METHOD

SSL: Received packet(len=573) - Flags 0x80

SSL: TLS Message Length: 2611

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server hello A

TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=US/ST=California/L=San Jose/O=Company, Inc./OU=SJC/CN=Compan.

/emailAddress=certadmin@company.com'

TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=US/ST=California/L=San Jose/O=Company/O=0fc3cfbc27e91ea60a787

de13dae3e3c/OU=Belgium/CN=radius.company.com/emailAddress=certadmin@company.com'

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server certificate A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server done A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write client key exchange A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write change cipher spec A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write finished A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 flush data

SSL: (where=0x1002 ret=0xffffffff)

SSL: SSL_connect:error in SSLv3 read finished A

SSL: SSL_connect - want more data

SSL: 198 bytes pending from ssl_out

SSL: 198 bytes left to be sent out (of total 198 bytes)

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:1b:2b:6a:d5:60

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=6 method=21 vendor=0 vendorMethod=0

EAP: EAP entering state METHOD

SSL: Received packet(len=69) - Flags 0x80

SSL: TLS Message Length: 59

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read finished A

SSL: (where=0x20 ret=0x1)

SSL: (where=0x1002 ret=0x1)

SSL: 0 bytes pending from ssl_out

OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

SSL: No data to be sent out

EAP-TTLS: TLS done, proceed to Phase 2

EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]

EAP-TTLS: received 0 bytes encrypted data for Phase 2

EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity

EAP-TTLS: Phase 2 EAP Request: type=1

EAP: using real identity - hexdump_ascii(len=3):

     58 58 58                                          xxx

EAP-TTLS: AVP encapsulate EAP Response - hexdump(len=8): 02 00 00 08 01 6c 71 68

EAP-TTLS: Encrypting Phase 2 data - hexdump(len=16): [REMOVED]

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

EAPOL: startWhen --> 0

RX EAPOL from 00:1b:2b:6a:d5:60

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Failure

EAP: EAP entering state FAILURE

CTRL-EVENT-EAP-FAILURE EAP authentication failed

EAPOL: SUPP_PAE entering state HELD

EAPOL: SUPP_BE entering state RECEIVE

EAPOL: SUPP_BE entering state FAIL

EAPOL: SUPP_BE entering state IDLE

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:00:00:00:00:00

Setting scan request: 0 sec 100000 usec

Added BSSID 00:1b:2b:6a:d5:60 into blacklist

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

wpa_driver_madwifi_del_key: keyidx=0

wpa_driver_madwifi_del_key: keyidx=1

wpa_driver_madwifi_del_key: keyidx=2

wpa_driver_madwifi_del_key: keyidx=3

wpa_driver_madwifi_del_key: keyidx=0

State: ASSOCIATED -> DISCONNECTED

```

----------

## cazze

In stead of using -Dmadwifi you could try -Dwext.

----------

## Princess Nell

I will revisit this once I have the access point problems ironed out. At some point, I was able to

see the SSID when scanning, then I reset the ap to factory defaults and now can't see the SSID.

I'll need to play with this a bit more before testing wpa_supplicant again.

----------

