PEAP-MSCHAPV2 -- How to connect?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
NiCr_4063401
Level 3
Level 3
25 replies posted 10 replies posted 5 replies posted

Hi,

I'm having issues connecting to a basic PEAP-MSCHAPv2 configuration. My Android phone can connect just fine using PEAP and MSCHAPv2 as the inner type.

However, with both the command console demo and writing raw code in WICED, I am unable to get anything except for return code 1007. I think I have tried every single combination of parameters in the wiced command console demo.

I am not seeing any connection attempts at all on my FreeRadius server. I feel like I must just be passing in some incorrect parameters:

Note: I use find_ap to scan for my desired access point, with the results being stored in ap_info.

memset(&conn_info, 0x0, sizeof(conn_info));

conn_info.interface = WWD_STA_INTERFACE;

conn_info.tls_identity = &identity;

conn_info.tls_session = &tls_session;

conn_info.context = &context;

conn_info.trusted_ca_certificates = NULL;

conn_info.root_ca_cert_length = 0;

conn_info.eap_type = EAP_TYPE_PEAP;

conn_info.inner_eap_type = EAP_TYPE_MSCHAPV2;

conn_info.auth_type = ap_info.security;

conn_info.eap_identity = eap_identity;

conn_info.user_name = "MY_USERNAME";

conn_info.password = "MY_PASSWORD";

wiced_log_printf("# Root CA Certs: %d\r\n", conn_info.root_ca_cert_length);

wiced_log_printf("EAP Type: %d\r\n", conn_info.eap_type);

wiced_log_printf("Inner EAP Type: %d\r\n", conn_info.inner_eap_type);

wiced_log_printf("Auth Type: %d\r\n", conn_info.auth_type);

wiced_log_printf("Username: %s\r\n", conn_info.user_name);

wiced_log_printf("Password: %s\r\n", conn_info.password);

if (fs_res == WICED_SUCCESS)

{

    wiced_log_printf("Initializing BESL supplicant\r\n");

    res = besl_supplicant_init(&supplicant_workspace, &conn_info);

    if (res == BESL_SUCCESS)

    {

        wiced_log_printf("Starting BESL supplicant\r\n");

        if (besl_supplicant_start(&supplicant_workspace) == BESL_SUCCESS)

        {

            wiced_log_printf("Initiating WiFi Join\r\n");

            wiced_result_t wifi_join_res = wwd_wifi_join_specific(&ap_info, NULL, 0, NULL, WWD_STA_INTERFACE);

            wiced_log_printf("WiFi Join Result: %d\r\n", wifi_join_res);

            if (wifi_join_res == WICED_SUCCESS)

            {

                wiced_log_printf("Retrieving TLS session information\r\n");

                int ret;

                if ((ret = mbedtls_ssl_get_session(

                        &supplicant_workspace.tls_context->context,

                        &tls_session)) != 0)

                {

                    wiced_log_printf(

                            " Failed to retrieve the session information %d \r\n",

                            ret);

                }

                else

                {

                    wiced_log_printf(

                            " Successfully retrieved the session information %d \r\n",

                            ret);

                }

            }

            else

            {

                res = besl_supplicant_stop(&supplicant_workspace);

                if (res != BESL_SUCCESS)

                {

                    wiced_log_printf(

                            "supplicant Stop failed with error = [%d]\r\n",

                            res);

                }

                wiced_log_printf("De-init supplicant\r\n");

                besl_supplicant_deinit(&supplicant_workspace);

                res = wifi_join_res;

            }

        }

    }

    else

    {

        wiced_log_printf("Unable to initialize supplicant. Error = [%d]\r\n",

                res);

    }

}

else

{

    res = WICED_ERROR;

}

0 Likes
8 Replies
Aditi_B
Moderator
Moderator
Moderator
500 replies posted 5 questions asked 250 replies posted

Hello,

Can you provide us with the logs or the terminal snapshots/prints to get more info on what happens when you run this piece of code?

Also, if possible can you provide us with the code example for your application to better understand the issue?

Thanks

Aditi

0 Likes

Hi,

The code example I provided is fairly complete, and I am having the same issues with the built in command console project.

When I get home tonight, I will grab a console dump and attach a complete example demonstrating my issue.

What would the expected invocation be for the join_ent command in the command console demo project for this security type?

-Nick

0 Likes
lock attach
Attachments are accessible only for community members.

Hi!

I've attached a fully functional standalone demo, and here is the console output:

Starting WICED Wiced_006.004.000.0061

Platform LAIRD_EWB initialised

Started ThreadX v5.8

WICED_core Initialized

Initialising NetX v5.10_sp3

Creating Packet pools

WLAN MAC Address : C0:EE:40:70:0D:B7

WLAN Firmware    : wl0: May  2 2019 02:39:20 version 7.45.98.83 (r714225 CY) FWID 01-476cc09d

WLAN CLM        : API: 12.2 Data: 9.10.158 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2019-05-07 05:05:14

# Root CA Certs: 0

EAP Type: 25

Inner EAP Type: 0

Auth Type: 33554436

Username:MY_USERNAME

Password: MY_PASSWORD

Initializing BESL supplicant

Starting BESL supplicant

Initiating WiFi Join

WiFi Join Result: 1007

De-init supplicant

After join_ent

I want to reiterate that my FreeRadius server is not being contacted at all. I'm getting no log statements or anything like that on my FreeRadius server. I get the 1007 error no matter what username and password I use. The command_console demo app behaves the same way, which is what this code was adapted from.

Any help would be greatly appreciated.

-Nick

0 Likes

I did get it to work in my case. You could try TTLS as an option.  You should see some response on your RADIUS server.   If it is working with your Android device, then perhaps there is something in your router that is not configured correctly.

In my case, the sequence is:  besl_supplicant_init(), then besl_supplicant_start(), then wiced_network_up().

0 Likes

Could you send your working code?

My router is configured properly -- there's not much to it. I'm able to

connect fine with both Android and Windows.

I've tried all of the different relevant flags including TTLS, none of

which result in any sort of communication with my radius server.

Nick

On Mon, Nov 16, 2020, 11:09 PM ChMa_3922746 <community-manager@cypress.com>

0 Likes

Unfortunately, I've customized the code so much that it would be more confusing if I sent it verbatim.  You should replace the network connection code with  wiced_network_up() as the last step.  Note that my radius server is free radius which prints out lots of logs.

Update:  I've given up on the product since the Murata 1GC module, or related modules from other vendors, have no (or close to zero) inventory globally.  It seems like the product is dead, though Cypress says no.

0 Likes

I've tried wiced_network_up, and I get the same result. I'm not using the

DCT or anything, and if you dig down into wiced_network_up, it's really

just calling wwd_wifi_join_specific under the hood.

I'm seeing the same behavior with the built in test.console app, which uses

wiced_network_up as well.

Mysterious...

On Tue, Nov 17, 2020 at 9:39 AM ChMa_3922746 <community-manager@cypress.com>

0 Likes
Aditi_B
Moderator
Moderator
Moderator
500 replies posted 5 questions asked 250 replies posted

Hello,

Have you referred to the document "WICED-Enterprise-Security-User-Guide" in the WICED Studio? It provides you the procedure to connect WICED to enterprise security network. To associate with an enterprise network "join_ent" is used.  The commands are provided in the console so wiced_network_up won't work here.

You can find the document in the SDK here: /43xxx_Wi-Fi/doc/.

Also, make sure that you have provided the root certificate at the certificate location mentioned in this document and this root certificate should be the one that verifies the server certificate. In short, the root certificate used at the server side should be provided here as well. Make sure the certificate be provided in the proper format and terminated with the null characters properly.

Which version of FreeRadius are you using?

Thanks

Aditi

0 Likes