저는 비지박스를 운영 체제로 사용하는 임베디드 컨트롤러에서 wpa_supplicant를 작동시키려고 합니다.
wpa_supplicant 2.7을 실행 중인데 인증이 계속 실패합니다. Radius 서버에 "보안 패키지 이유 코드 300에 사용할 수 있는 자격 증명이 없습니다."라는 오류가 표시됩니다.
이것은 wpa_supplicant.conf 파일입니다:
ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=PEAP
anonymous_identity="test"
identity="[email protected]"
password="password"
phase2="autheap=MSCHAPV2"
}
하지만 인증은 항상 실패합니다. 이것은 디버그 모드에서 wpa_supplicant를 실행할 때의 출력입니다.
# wpa_supplicant -Dwired -ieth0 -c/etc/wpa_supplicant.conf -d
wpa_supplicant v2.7
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver 'wired' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=0
Priority group 0
id=0 ssid=''
driver_wired_init_common: Added multicast membership with packet socket
Add interface eth0 to a new radio N/A
eth0: Own MAC address: 00:0d:15:01:3e:10
eth0: RSN: flushing PMKID list in the driver
eth0: Setting scan request: 0.100000 sec
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
eth0: Added interface eth0
eth0: State: DISCONNECTED -> DISCONNECTED
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
eth0: Already associated with a configured network - generating associated event
eth0: Event ASSOC (0) received
eth0: Association info event
eth0: State: DISCONNECTED -> ASSOCIATED
eth0: Associated to a new BSS: BSSID=01:80:c2:00:00:03
eth0: Select network based on association information
eth0: Network configuration found for the current AP
eth0: WPA: clearing AP WPA IE
eth0: WPA: clearing AP RSN IE
eth0: WPA: clearing own WPA/RSN IE
eth0: Failed to get scan results
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
eth0: Associated with 01:80:c2:00:00:03
eth0: WPA: Association event - clear replay counter
eth0: WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
eth0: Cancelling scan request
WMM AC: Missing IEs
eth0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL: dst=01:80:c2:00:00:03
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=50
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=21):
61 6e 6f 6e 79 6d 6f 75 73 40 73 79 6e 74 65 67 anonymous@synteg
72 6f 2e 62 65 ro.be
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=50
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
eth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=40): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00
TLS: using phase1 config options
eth0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 172 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 172 bytes left to be sent out (of total 172 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xd47a0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=1454
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1446) - Flags 0xc0
SSL: TLS Message Length: 2065
SSL: Need 629 bytes more input data
SSL: Building ACK (type=25 id=3 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xd44e8
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=643
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=635) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x301 content_type=22 (handshake/certificate)
TLS: tls_verify_cb - preverify_ok=1 err=20 (unable to get local issuer certificate) ca_cert_verify=0 depth=0 buf='/CN=SYNSVR001.syntegro.be'
eth0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=SYNSVR001.syntegro.be' hash=016a06f75b66e29a6ead14142e8096316483711c3038055d5d46e4c1eea9f00f
eth0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:SYNSVR001.syntegro.be
EAP: Status notification: remote certificate verification (param=success)
TLS: tls_verify_cb - preverify_ok=1 err=21 (unable to verify the first certificate) ca_cert_verify=0 depth=0 buf='/CN=SYNSVR001.syntegro.be'
eth0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=SYNSVR001.syntegro.be' hash=016a06f75b66e29a6ead14142e8096316483711c3038055d5d46e4c1eea9f00f
eth0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:SYNSVR001.syntegro.be
EAP: Status notification: remote certificate verification (param=success)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x301 content_type=22 (handshake/server key exchange)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x301 content_type=22 (handshake/certificate request)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate request
OpenSSL: RX ver=0x301 content_type=22 (handshake/server hello done)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x301 content_type=22 (handshake/certificate)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client certificate
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x301 content_type=22 (handshake/client key exchange)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x301 content_type=20 (change cipher spec/)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x301 content_type=22 (handshake/finished)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 146 bytes pending from ssl_out
SSL: Using TLS version TLSv1
SSL: 146 bytes left to be sent out (of total 146 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xd6648
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=77
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x80
SSL: TLS Message Length: 59
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x301 content_type=22 (handshake/finished)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): [REMOVED]
EAP-PEAP: Derived Session-Id - hexdump(len=65): 19 80 db 19 f2 44 d8 90 6a 2a 05 73 e1 96 2b c4 76 f6 12 aa a6 94 d6 96 13 9f c0 69 db c0 ae 80 24 64 5a 19 26 50 1d 09 37 38 d3 fa 6e f5 a8 5b e1 4f 08 7a 1e cb 3a f8 2c ad 65 5e 64 81 8e 1a 74
SSL: Building ACK (type=25 id=5 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xb99c8
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=51
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x00
EAP-PEAP: received 37 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1): 01
EAP-PEAP: received Phase 2: code=1 identifier=6 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=22):
53 77 69 74 63 68 54 65 73 74 40 73 79 6e 74 65 SwitchTest@synte
67 72 6f 2e 62 65 gro.be
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=27): [REMOVED]
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xd6348
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=67
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=59) - Flags 0x00
EAP-PEAP: received 53 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=16): 01 07 00 10 fe 00 01 37 00 00 00 22 00 00 00 01
EAP-PEAP: received Phase 2: code=1 identifier=7 length=20
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=22):
53 77 69 74 63 68 54 65 73 74 40 73 79 6e 74 65 SwitchTest@synte
67 72 6f 2e 62 65 gro.be
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=27): [REMOVED]
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xd6440
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=67
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=59) - Flags 0x00
EAP-PEAP: received 53 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=20): fe 00 01 37 00 00 00 21 00 07 00 08 00 00 01 37 00 02 00 00
EAP-PEAP: received Phase 2: code=1 identifier=9 length=24
EAP-PEAP: Phase 2 Request: type=254
TLS: Phase 2 Request: Nak type=254
TLS: Allowed Phase2 EAP types - hexdump(len=40): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=10): [REMOVED]
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xd47e8
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=51
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x00
EAP-PEAP: received 37 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0a 00 0b 21 80 03 00 02 00 02
EAP-PEAP: received Phase 2: code=1 identifier=10 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 02
EAP-TLV: Result TLV - hexdump(len=2): 00 02
EAP-TLV: TLV Result - Failure
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED]
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL eapRespData=0xd4828
EAP: Session-Id - hexdump(len=65): 19 80 db 19 f2 44 d8 90 6a 2a 05 73 e1 96 2b c4 76 f6 12 aa a6 94 d6 96 13 9f c0 69 db c0 ae 80 24 64 5a 19 26 50 1d 09 37 38 d3 fa 6e f5 a8 5b e1 4f 08 7a 1e cb 3a f8 2c ad 65 5e 64 81 8e 1a 74
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
EAPOL: SUPP_BE entering state RECEIVE
l2_packet_receive: src=5c:8a:38:d2:23:b9 len=50
eth0: RX EAPOL from 5c:8a:38:d2:23:b9
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: Workaround for unexpected identifier field in EAP Success: reqId=11 lastId=10 (these are supposed to be same)
EAP: EAP entering state FAILURE
eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed - result=FAILURE
답변1
문제를 발견했습니다. 올바른 구성은 다음과 같습니다.
ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=PEAP
anonymous_identity="[email protected]"
identity="[email protected]"
password="password"
phase2="auth=MSCHAPV2"
}
차이점은 Phase2="승인하다=MSCHAPV2" 대 2단계="자동 스태킹=MSCHAPV2”