You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2023-04-25 07:48:28
- gtf21
- Member
- Registered: 2020-06-28
- Posts: 141
- Website
Cannot get iwd to connect to EAP network
I have a WPA-Enterprise network, for which my iPhone connects just fine with a username and password (no special certificates configured).
I tried to set this up with iwd, using `EAP-Method=PWD` as per the wiki suggestions, but I cannot connect, with this error in the logs:
Apr 25 09:47:35 anaximander iwd[805062]: EAP server tried method 4 while client was configured for method 52
Apr 25 09:47:35 anaximander iwd[805062]: EAP completed with eapFail
Apr 25 09:47:35 anaximander iwd[805062]: 4-Way handshake failed for ifindex: 12, reason: 23I cannot work out where I can find a definition for these method indices, and I have tried every method in the documentation and some require extra config, and others just don't work (I get similar errors with different indices).
How can I proceed?
Offline
#2 2023-04-27 08:05:38
- Brocellous
- Member
- Registered: 2017-11-27
- Posts: 161
Re: Cannot get iwd to connect to EAP network
Seems method 4 is MD5. Try EAP-Method=PEAP and EAP-PEAP-Phase2-Method=MD5 and give your creds in phase 2.
Offline
#3 2023-04-27 08:43:15
- gtf21
- Member
- Registered: 2020-06-28
- Posts: 141
- Website
Re: Cannot get iwd to connect to EAP network
Seems method 4 is MD5
Would you be able to tell me how you found this? I honestly could not find it in the documentation for IWD.
It still fails, but now I get this:
Apr 27 10:42:16 anaximander iwd[1003]: EAP server tried method 4 while client was configured for method 25
Apr 27 10:42:16 anaximander iwd[1003]: EAP server tried method 26 while client was configured for method 4
Apr 27 10:42:16 anaximander iwd[1003]: PEAP: Tunnel has disconnected with alert: close_notify
Apr 27 10:42:16 anaximander iwd[1003]: EAP completed with eapFail
Apr 27 10:42:16 anaximander iwd[1003]: 4-Way handshake failed for ifindex: 3, reason: 23Offline
#4 2023-04-27 15:56:10
- Brocellous
- Member
- Registered: 2017-11-27
- Posts: 161
Re: Cannot get iwd to connect to EAP network
EAP auth methods are registered https://www.iana.org/assignments/eap-nu … bers.xhtml.
Post your config.
Offline
#5 2023-04-28 07:11:37
- gtf21
- Member
- Registered: 2020-06-28
- Posts: 141
- Website
Re: Cannot get iwd to connect to EAP network
Config:
[Security]
EAP-Method=PEAP
EAP-Identity=<identity>
EAP-PEAP-Phase2-Method=MD5
EAP-PEAP-Phase2-Identity=<identity>
EAP-PEAP-Phase2-Password=<password in plaintext>
[Settings]
AutoConnect=trueFrom the logs, first it says server tried method 4 (MD5) while client was configured for method 25 (PEAP), then it says server tried method 26 (MS-EAP-Authentication) while client was configured for method 4 (MD5). What I don't understand here is that, from the IWD documentation, MD5 is an *inner* method of PEAP/TTLS and so can't be the top-level method (I could be misunderstanding), but the logs imply that it is being tried as the first method. Secondly, method 26 is not mentioned in the iwd.network documentation.
Offline
#6 2023-04-28 10:07:23
- Brocellous
- Member
- Registered: 2017-11-27
- Posts: 161
Re: Cannot get iwd to connect to EAP network
PEAP is EAP but with some extra security. Presumably iwd doesn't implement MD5 as the EAP (outer) method for security reasons.
I think 26 is actually PEAP-MSCHAPv2, so try with MSCHAPv2 as the inner method.
Offline
#7 2023-04-28 11:00:26
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,318
Re: Cannot get iwd to connect to EAP network
I think 26 is actually PEAP-MSCHAPv2, so try with MSCHAPv2 as the inner method.
This list is more readable than the iana registry: https://vocal.com/secure-communication/eap-types/
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |
Offline
Pages: 1