# PEAP mschapv2 wpa_supplicant unsuccessful

## boydo

I have sucessfully installed the ipw3945 wireless drivers on my t60p, and I can connect thu unauthenticated connections, but connecting at work has been problematic.  Any suggestions as to what should go into my wpa_supplicant.conf much appreciated.

Boyd

Within MS Windows, I set wireless connectoid properties as follows:

Association Tab:

Authentication = WPA

Data encryption = AES

Authentication Tab:

EAP Type = Protected EAP (PEAP)

Authenticate as computer when computer information is available = Checked

Authenticate as guest when user or computer information is unavailable = Unchecked

	EAP type Properties

		Validate server certificate = Unchecked

		Select Authentication method: = Secured password (EAP-MSCHAP v2)

			Configure: = Automatically use Widows Login

		Enable Fast Reconnect = Unchecked

Also within wpa_gui, if I scan I can see the ssid with the following flags

[wpa-eap-tkip+ccmp][wpa2-eap-tkip+ccmp]

I have tried the following in my wpa_supplicant.conf without success:

eapol_version=1

ap_scan=1

fast_reauth=0

network={

    ssid="bobj"

    #key_mgmt=IEEE8021X  << tried this too

    key_mgmt=wpa-ccmp

    scan_ssid=1

    eap=PEAP

    identity="domain\username"

    password="password123"

    #ca_cert="/etc/cert/ca.pem"  << no certificate needed....

    phase1="peaplabel=0"

    phase2="auth=MSCHAPV2"

}

sample output:

van-l-02-bkelly conf.d # wpa_supplicant -ieth2 -c/etc/wpa_supplicant/wpa_supplicant.conf -d

Initializing interface 'eth2' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'default' ctrl_interface 'N/A' bridge 'N/A'

Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'

Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'

eapol_version=1

ap_scan=1

fast_reauth=0

Priority group 0

   id=0 ssid='bobj'

Initializing interface (2) 'eth2'

EAPOL: SUPP_PAE entering state DISCONNECTED

EAPOL: KEY_RX entering state NO_KEY_RECEIVE

EAPOL: SUPP_BE entering state INITIALIZE

EAP: EAP entering state DISABLED

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

SIOCGIWRANGE: WE(compiled)=22 WE(source)=16 enc_capa=0xf

  capabilities: key_mgmt 0xf enc 0xf

WEXT: Operstate: linkmode=1, operstate=5

Own MAC address: 00:18:de:b0:41:71

wpa_driver_wext_set_wpa

wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_countermeasures

wpa_driver_wext_set_drop_unencrypted

Setting scan request: 0 sec 100000 usec

Added interface eth2

RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()

Wireless event: cmd=0x8b06 len=8

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth2' added

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth2' added

State: DISCONNECTED -> SCANNING

Starting AP scan (specific SSID)

Scan SSID - hexdump_ascii(len=4):

     62 6f 62 6a                                       bobj            

Trying to get current scan results first without requesting a new scan to speed up initial association

Scan results did not fit - trying larger buffer (8192 bytes)

Received 5385 bytes of scan results (23 BSSes)

Scan results: 23

Selecting BSS from priority group 0

0: 00:0b:85:8d:cf:dd ssid='bobj' wpa_ie_len=30 rsn_ie_len=28 caps=0x11

   selected based on RSN IE

Trying to associate with 00:0b:85:8d:cf:dd (SSID='bobj' freq=2412 MHz)

Cancelling scan request

WPA: clearing own WPA/RSN IE

Automatic auth_alg selection: 0x1

RSN: using IEEE 802.11i/D9.0

WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2

WPA: set AP WPA IE - hexdump(len=30): dd 1c 00 50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 02 00 50 f2 04 01 00 00 50 f2 01 00 00

WPA: set AP RSN IE - hexdump(len=2 :Cool: : 30 1a 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 00 00 00 00

WPA: using GTK TKIP

WPA: using PTK CCMP

WPA: using KEY_MGMT 802.1X

WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00

No keys have been configured - skip key clearing

wpa_driver_wext_set_drop_unencrypted

State: SCANNING -> ASSOCIATING

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

wpa_driver_wext_associate

Setting authentication timeout: 10 sec 0 usec

EAPOL: External notification - portControl=Auto

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RSN: Ignored PMKID candidate without preauth flag

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b06 len=8

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b04 len=12

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

Wireless event: cmd=0x8b1a len=12

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth2' added

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:0b:85:8d:cf:dd

State: ASSOCIATING -> ASSOCIATED

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

Associated to a new BSS: BSSID=00:0b:85:8d:cf:dd

No keys have been configured - skip key clearing

Associated with 00:0b:85:8d:cf:dd

WPA: Association event - clear replay counter

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

EAPOL: External notification - portEnabled=1

EAPOL: SUPP_PAE entering state CONNECTING

EAPOL: SUPP_BE entering state IDLE

EAP: EAP entering state INITIALIZE

EAP: EAP entering state IDLE

Setting authentication timeout: 10 sec 0 usec

Cancelling scan request

RX EAPOL from 00:0b:85:8d:cf:dd

Setting authentication timeout: 70 sec 0 usec

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_PAE entering state RESTART

EAP: EAP entering state INITIALIZE

EAP: EAP entering state IDLE

EAPOL: SUPP_PAE entering state AUTHENTICATING

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0

EAP: EAP entering state IDENTITY

CTRL-EVENT-EAP-STARTED EAP authentication started

EAP: EAP-Request Identity data - hexdump_ascii(len=44):

     00 6e 65 74 77 6f 72 6b 69 64 3d 62 6f 62 6a 2c   _networkid=bobj,

     6e 61 73 69 64 3d 4e 45 4c 31 57 4c 53 2d 57 4c   nasid=NEL1WLS-WL

     43 30 31 2c 70 6f 72 74 69 64 3d 31               C01,portid=1    

EAP: using real identity - hexdump_ascii(len=12):

     69 6e 74 6c 5c 62 6f 6b 65 6c 6c 79               domain\username   << changed this    

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:0b:85:8d:cf:dd

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0

EAP: EAP entering state GET_METHOD

EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)

EAP-PEAP: Phase2 EAP types - hexdump(len= :Cool: : 00 00 00 00 1a 00 00 00

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected

EAP: EAP entering state METHOD

SSL: Received packet(len=6) - Flags 0x21

EAP-PEAP: Start (server ver=1, own ver=1)

EAP-PEAP: Using PEAP version 1

SSL: (where=0x10 ret=0x1)

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:before/connect initialization

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write client hello A

SSL: (where=0x1002 ret=0xffffffff)

SSL: SSL_connect:error in SSLv3 read server hello A

SSL: SSL_connect - want more data

SSL: 89 bytes pending from ssl_out

SSL: 89 bytes left to be sent out (of total 89 bytes)

EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

RX EAPOL from 00:0b:85:8d:cf:dd

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Failure

EAP: EAP entering state FAILURE

CTRL-EVENT-EAP-FAILURE EAP authentication failed

EAPOL: SUPP_PAE entering state HELD

EAPOL: SUPP_BE entering state RECEIVE

EAPOL: SUPP_BE entering state FAIL

EAPOL: SUPP_BE entering state IDLE

EAPOL: startWhen --> 0

CTRL-EVENT-TERMINATING - signal 2 received

Removing interface eth2

State: ASSOCIATED -> DISCONNECTED

----------

## hkfczrqj

 *boydo wrote:*   

> 
> 
>     #key_mgmt=IEEE8021X  << tried this too
> 
>     key_mgmt=wpa-ccmp
> ...

 

Have you tried key_mgmt=WPA-EAP ??

----------

