8 Replies Latest reply on Nov 27, 2020 2:26 AM by AditiB_81

    PEAP-MSCHAPV2 -- How to connect?

    NiCr_4063401

      Hi,

       

      I'm having issues connecting to a basic PEAP-MSCHAPv2 configuration. My Android phone can connect just fine using PEAP and MSCHAPv2 as the inner type.

       

      However, with both the command console demo and writing raw code in WICED, I am unable to get anything except for return code 1007. I think I have tried every single combination of parameters in the wiced command console demo.

       

      I am not seeing any connection attempts at all on my FreeRadius server. I feel like I must just be passing in some incorrect parameters:

       

      Note: I use find_ap to scan for my desired access point, with the results being stored in ap_info.

      memset(&conn_info, 0x0, sizeof(conn_info));
      conn_info.interface = WWD_STA_INTERFACE;
      conn_info.tls_identity = &identity;
      conn_info.tls_session = &tls_session;
      conn_info.context = &context;
      conn_info.trusted_ca_certificates = NULL;
      conn_info.root_ca_cert_length = 0;
      conn_info.eap_type = EAP_TYPE_PEAP;
      conn_info.inner_eap_type = EAP_TYPE_MSCHAPV2;
      conn_info.auth_type = ap_info.security;
      conn_info.eap_identity = eap_identity;
      conn_info.user_name = "MY_USERNAME";
      conn_info.password = "MY_PASSWORD";
      
      wiced_log_printf("# Root CA Certs: %d\r\n", conn_info.root_ca_cert_length);
      wiced_log_printf("EAP Type: %d\r\n", conn_info.eap_type);
      wiced_log_printf("Inner EAP Type: %d\r\n", conn_info.inner_eap_type);
      wiced_log_printf("Auth Type: %d\r\n", conn_info.auth_type);
      wiced_log_printf("Username: %s\r\n", conn_info.user_name);
      wiced_log_printf("Password: %s\r\n", conn_info.password);
      
      
      if (fs_res == WICED_SUCCESS)
      {
          wiced_log_printf("Initializing BESL supplicant\r\n");
          res = besl_supplicant_init(&supplicant_workspace, &conn_info);
          if (res == BESL_SUCCESS)
          {
              wiced_log_printf("Starting BESL supplicant\r\n");
              if (besl_supplicant_start(&supplicant_workspace) == BESL_SUCCESS)
              {
                  wiced_log_printf("Initiating WiFi Join\r\n");
                  wiced_result_t wifi_join_res = wwd_wifi_join_specific(&ap_info, NULL, 0, NULL, WWD_STA_INTERFACE);
                  wiced_log_printf("WiFi Join Result: %d\r\n", wifi_join_res);
                  if (wifi_join_res == WICED_SUCCESS)
                  {
                      wiced_log_printf("Retrieving TLS session information\r\n");
                      int ret;
                      if ((ret = mbedtls_ssl_get_session(
                              &supplicant_workspace.tls_context->context,
                              &tls_session)) != 0)
                      {
                          wiced_log_printf(
                                  " Failed to retrieve the session information %d \r\n",
                                  ret);
                      }
                      else
                      {
                          wiced_log_printf(
                                  " Successfully retrieved the session information %d \r\n",
                                  ret);
                      }
                  }
                  else
                  {
                      res = besl_supplicant_stop(&supplicant_workspace);
                      if (res != BESL_SUCCESS)
                      {
                          wiced_log_printf(
                                  "supplicant Stop failed with error = [%d]\r\n",
                                  res);
                      }
      
                      wiced_log_printf("De-init supplicant\r\n");
                      besl_supplicant_deinit(&supplicant_workspace);
                      res = wifi_join_res;
      
                  }
              }
          }
          else
          {
              wiced_log_printf("Unable to initialize supplicant. Error = [%d]\r\n",
                      res);
          }
      }
      else
      {
          res = WICED_ERROR;
      }
      
        • 1. Re: PEAP-MSCHAPV2 -- How to connect?
          AditiB_81

          Hello,

          Can you provide us with the logs or the terminal snapshots/prints to get more info on what happens when you run this piece of code?

          Also, if possible can you provide us with the code example for your application to better understand the issue?

           

          Thanks

          Aditi

          • 2. Re: PEAP-MSCHAPV2 -- How to connect?
            NiCr_4063401

            Hi,

             

            The code example I provided is fairly complete, and I am having the same issues with the built in command console project.

             

            When I get home tonight, I will grab a console dump and attach a complete example demonstrating my issue.

             

            What would the expected invocation be for the join_ent command in the command console demo project for this security type?

             

            -Nick

            • 3. Re: PEAP-MSCHAPV2 -- How to connect?
              NiCr_4063401

              Hi!

               

              I've attached a fully functional standalone demo, and here is the console output:

               

              Starting WICED Wiced_006.004.000.0061

              Platform LAIRD_EWB initialised

              Started ThreadX v5.8

              WICED_core Initialized

              Initialising NetX v5.10_sp3

              Creating Packet pools

              WLAN MAC Address : C0:EE:40:70:0D:B7

              WLAN Firmware    : wl0: May  2 2019 02:39:20 version 7.45.98.83 (r714225 CY) FWID 01-476cc09d

              WLAN CLM        : API: 12.2 Data: 9.10.158 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2019-05-07 05:05:14

              # Root CA Certs: 0

              EAP Type: 25

              Inner EAP Type: 0

              Auth Type: 33554436

              Username:MY_USERNAME

              Password: MY_PASSWORD

              Initializing BESL supplicant

              Starting BESL supplicant

              Initiating WiFi Join

              WiFi Join Result: 1007

              De-init supplicant

              After join_ent

               

              I want to reiterate that my FreeRadius server is not being contacted at all. I'm getting no log statements or anything like that on my FreeRadius server. I get the 1007 error no matter what username and password I use. The command_console demo app behaves the same way, which is what this code was adapted from.

               

              Any help would be greatly appreciated.

               

              -Nick

              • 4. Re: PEAP-MSCHAPV2 -- How to connect?
                ChMa_3922746

                I did get it to work in my case. You could try TTLS as an option.  You should see some response on your RADIUS server.   If it is working with your Android device, then perhaps there is something in your router that is not configured correctly.

                 

                In my case, the sequence is:  besl_supplicant_init(), then besl_supplicant_start(), then wiced_network_up().

                • 5. Re: PEAP-MSCHAPV2 -- How to connect?
                  NiCr_4063401

                  Could you send your working code?

                   

                  My router is configured properly -- there's not much to it. I'm able to

                  connect fine with both Android and Windows.

                   

                  I've tried all of the different relevant flags including TTLS, none of

                  which result in any sort of communication with my radius server.

                   

                  Nick

                   

                  On Mon, Nov 16, 2020, 11:09 PM ChMa_3922746 <community-manager@cypress.com>

                  • 6. Re: PEAP-MSCHAPV2 -- How to connect?
                    ChMa_3922746

                    Unfortunately, I've customized the code so much that it would be more confusing if I sent it verbatim.  You should replace the network connection code with  wiced_network_up() as the last step.  Note that my radius server is free radius which prints out lots of logs.

                     

                    Update:  I've given up on the product since the Murata 1GC module, or related modules from other vendors, have no (or close to zero) inventory globally.  It seems like the product is dead, though Cypress says no.

                    • 7. Re: PEAP-MSCHAPV2 -- How to connect?
                      NiCr_4063401

                      I've tried wiced_network_up, and I get the same result. I'm not using the

                      DCT or anything, and if you dig down into wiced_network_up, it's really

                      just calling wwd_wifi_join_specific under the hood.

                       

                      I'm seeing the same behavior with the built in test.console app, which uses

                      wiced_network_up as well.

                       

                      Mysterious...

                       

                      On Tue, Nov 17, 2020 at 9:39 AM ChMa_3922746 <community-manager@cypress.com>

                      • 8. Re: PEAP-MSCHAPV2 -- How to connect?
                        AditiB_81

                        Hello,

                         

                        Have you referred to the document "WICED-Enterprise-Security-User-Guide" in the WICED Studio? It provides you the procedure to connect WICED to enterprise security network. To associate with an enterprise network "join_ent" is used.  The commands are provided in the console so wiced_network_up won't work here.

                        You can find the document in the SDK here: /43xxx_Wi-Fi/doc/.

                         

                        Also, make sure that you have provided the root certificate at the certificate location mentioned in this document and this root certificate should be the one that verifies the server certificate. In short, the root certificate used at the server side should be provided here as well. Make sure the certificate be provided in the proper format and terminated with the null characters properly.

                         

                        Which version of FreeRadius are you using?

                         

                        Thanks

                        Aditi