802.1X & WiFi fails at EAP-Response/Identity

[Guest Gos]

Hello,

 

I have a small issue with 802.1X-authentication. Basically, it halts - and I

want to kick it off again. =)

 

The setup consist of

- WinXP w/ SP2 (WZC and native supplicant software)

- Cisco 4400 Wireless Controller

- Win2K3 IAS

- EAP-PEAP w/ MSChapv2 (WPA-TKIP)

 

 

And this is how the story goes.

 

The client has been configured to connect to the wireless network with an

EAP-START and logs in either using the logon-credentials or manually type it.

 

What happens: When connecting, Windows just stays at the same daft "Waiting

for the network"-picture.

 

If we go a bit under the skin, we'll learn the following statements are true:

- Client sends EAP-Start

- Controller responds with EAP-Request/Identity

- The Client does _not_ send any more frames (we are expecting an

EAP-Response at this point)

 

Ok, so we have verified that the last component to do something is the Cisco

4400 Wireless Controller - And we know the client has received the frame.

 

If we look under the EAP-header-hood of the frame, we'll find the following

Code: Request (1)

Id: 1

Length: 55

Type: Identity [RFC3748] (1)

Identity (50 bytes): \000networkid=Adminnett, nasid=Cisco_92:0f:a3,portid=1

 

So if we enable a trace (netsh ras set tra ena) and have a look in the

EAPOL.log we'll find a few interesting lines of ASCII-characters.

 

 

[1980] 16:27:18:689: ElParseIdentityString: LocalIdString =

networkid=Adminnett,nasid=Cisco_92:0f:a3,portid=1

[1980] 16:27:18:689: ElParseIdentityString: LocalIdString Length = 50

[1980] 16:27:18:689: ElParseIdentityString: NetworkID Size = 10

[1980] 16:27:18:689: Got NetworkId = Adminnett

[1980] 16:27:18:689: Got NASId = Cisco_92:0f:a3

[1980] 16:27:18:689: ElParseIdentityString: For PortId, length = 1

[1980] 16:27:18:689: Got PortId = 1

 

/ So it has found the correct information regarding SSID, NAS and port /

/ Shortly after we'll find this bit, where I think everything is stops /

 

[1980] 16:27:18:689: ElParseIdentityString: Calling NLARegister_802_1X with

params {6752365D-89C9-489E-8AC4-27970FDF904B} and

networkid=Adminnett,nasid=Cisco_92:0f:a3,portid=1

[1980] 16:27:18:689: NLARegister_802_1X: Entered

[1980] 16:27:18:689: NLARegister_802_1X: g_hNLA_LPC_Port != NULL

[1980] 16:27:18:689: NLARegister_802_1X: Completed with status = 0

[1980] 16:27:18:689: ElParseIdentityString: Returned after calling

NLARegister_802_1X

[1980] 16:27:18:689: ElGetIdentity: Userlogged, Prev !Machine auth

[1980] 16:27:18:689: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine

auth: !MD5

[1980] 16:27:18:689: ElGetUserIdentity entered

/ NOTE THE FOLLOWING LINES WITH ERROR 1008 /

[1980] 16:27:18:689: ElGetWinStationUserToken: GetWinStationUserToken failed

for SessionId (2) with error (1008)

[1980] 16:27:18:689: ElGetWinStationUserToken: GetWinStationUserToken failed

for session= (2) with error= (1008)

[1980] 16:27:18:689: ElGetUserIdentity: ElGetWinStationUserToken failed with

error (1008)

[1980] 16:27:18:689: ElGetUserIdentity completed with error 1008

[1980] 16:27:18:689: ElGetIdentity: Error in ElGetUserIdentity 1008

[1980] 16:27:18:689: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine

auth: ERROR

[1980] 16:27:18:689: ElEapMakeMessage: Error in ElGetIdentity 1008

[1980] 16:27:18:689: ElEapWork: ElEapMakeMessage returned error 1008

[1980] 16:27:18:689: FSMAcquired: Error in ElEapWork 1008

 

 

 

So just backtracking to our previous true statement "Client does not send

its EAP-Response/Iden tity" - And I would not be surprised if that is because

it is unable to get the user ID as stated in the EAPOL.log. =)

 

So the key questions are: What is error 1008? And what is causing it?

 

 

If someone are able to give me a hint or point me in the correct direction

of where to obtain this information, it will be greatly appreciated.

 

 

--Gos