Problem setting keys with ndiswrapper after authentication?

Jouni Malinen jkmaline at cc.hut.fi
Tue Nov 30 00:55:05 EST 2004


On Mon, Nov 29, 2004 at 06:47:40PM +0100, Romano Giannetti wrote:

> Hi. I tried the last ndiswrapper CVS 0.12 at 041129 with wpa_supplicant 0.2.5

> [root at rukbat ndiswrapper]# wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -dd

> ...etc, like before. I remove all the output until the new problem...

Please do not.. or at least make the full output available somewhere.

> EAP-PEAP: Phase 2 Request: type=26
> EAP-PEAP: Phase 2 EAP packet
> EAP-MSCHAPV2: Received success
> EAP-MSCHAPV2: Success message - hexdump(len=0):
> EAP-MSCHAPV2: Authentication succeeded
> EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 f0 00 06 1a 03
> 
> ...ok? It seems that the identification succeeded.

No, this is not yet completed. PEAP requires additional success
notification.. This was not included in this message, but I would assume
it actually succeeded based on the following output.

> [...]
> EAPOL: Received EAPOL-Key frame
> EAPOL: KEY_RX entering state KEY_RECEIVE
> EAPOL: processKey
> EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x0
> EAPOL: EAPOL-Key key signature verified
> EAPOL: Decrypted(RC4) key - hexdump(len=13): 13 ab d7 39 ef 08 e0 bc 63 a7 d1 a8 b9
> EAPOL: Setting dynamic WEP key: broadcast keyidx 0 len 13

Again, getting more context would be useful, but I'm guessing here for
now.. You received only one key (broadcast), but wpa_supplicant was
configured to expect two keys (separate unicast key). Both cases are
valid for IEEE 802.1X, but if you use only one key (this broadcast one),
you will need to tell wpa_supplicant about this by setting eapol_flags=2
in the configuration file.

> Bingo, now it works (and iwconfig shows the new key set). But now, when I
> try to start dhclient there is no answer, and wpa_supplicant says: 
> 
> WPA: EAPOL frame too short, len 61, expecting at least 99
> EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59
> EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=28 idleWhile=58
> EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=27 idleWhile=57
> EAPOL: Port Timers tick - authWhile=26 heldWhile=0 startWhen=26 idleWhile=56
> EAPOL: Port Timers tick - authWhile=25 heldWhile=0 startWhen=25 idleWhile=55
> EAPOL: Port Timers tick - authWhile=24 heldWhile=0 startWhen=24 idleWhile=54
> EAPOL: Port Timers tick - authWhile=23 heldWhile=0 startWhen=23 idleWhile=53
> EAPOL: Port Timers tick - authWhile=22 heldWhile=0 startWhen=22 idleWhile=52
> EAPOL: Port Timers tick - authWhile=21 heldWhile=0 startWhen=21 idleWhile=51
> Authentication with 00:11:5c:6b:90:e0 timed out.

wpa_supplicant did not receive the other expected key (unicast) and
consequently timed out authentication.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list