[success] EAP-TLS hostapd<>wpa_supplicant 0.3.7-pre fails

Coert coert.vonk at gmail.com
Sat Feb 12 14:14:48 EST 2005


I am happy to announce that hostapd<>wpa_supplicant is now working in
my setup.  It is using EAP-TLS.  The hostapd authenticator is running
with the latest madwifi driver from cvs.  The supplicant is running
with ndiswrapper on top of a dell truewireless card (broadcom).

Notes about my configuration can be found at:
http://www.cybcon.com/~coert/linux/wrap/wireless.html

Thanks for the help,
/coert

On Fri, 11 Feb 2005 19:22:34 -0800, Coert <coert.vonk at gmail.com> wrote:
> I analyzed the WPA IE (based on the "WPA IE version 1" comments in
> wpa.c), and found that my Authenticator was advertising pre-auth in
> its beacon/probe response, but did not include this in the WPA key
> handshake.  I disabled pre-authentication on the Authenticator, and
> now the connection is coming up.
> 
> WPA: WPA IE in 3/4 msg - hexdump(len=24):
> dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01
> 
> WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26):
> dd 18 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 01 00
> 
>  ----- WPA capabilities=pre-auth
> 
> ----------- auth key mng suite list=802.1X
>                                                       ----- auth key
> mng suite count=1
>                                           ----------- pairwise suite list=CCMP
>                                     ----- pair wise suite count=1
>                         ----------- group selecter CCMP
>                   ----- version=1
>                -- OUI type
>       -------- OUI
>    -- length
> -- generic id
> 
> 
> On Fri, 11 Feb 2005 15:24:15 -0800, Coert <coert.vonk at gmail.com> wrote:
> > I am trying to read the WPA IE.  I found IEEE 802.11i, but that only
> > has the definition of the RSN IE.  Can you point me to the WPA IE
> > spec?
> >
> >
> > On Fri, 11 Feb 2005 10:32:08 -0800, Coert <coert.vonk at gmail.com> wrote:
> > > A workaround would be nice.  Maybe I am doing something wrong, but I
> > > switched to TKIP on both the authenticator and the supplicant, and
> > > still see these messages:
> > >
> > >   WPA: RX message 3 of 4-Way Handshake from 00:02:6f:21:df:ff (ver=1)
> > >   WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2
> > > 02 01 00 00 50 f2 02 01 00 00 50 f2 01
> > >   WPA: No WPA/RSN IE for this AP known. Trying to get from scan results
> > >   WPA: Found the current AP from updated scan results
> > >   WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp
> > > (src=00:02:6f:21:df:ff)
> > >   WPA: WPA IE in Beacon/ProbeResp - hexdump(len=26): dd 18 00 50 f2 01
> > > 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 01 00
> > >   WPA: WPA IE in 3/4 msg - hexdump(len=24): dd 16 00 50 f2 01 01 00 00
> > > 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
> > >
> > > Updated traces and .conf files are attached
> > >
> > > BTW I cross posted it on the madwifi-users list, as Jouni suggested.
> > >
> > > /coert
> > >
> > > On Fri, 11 Feb 2005 12:21:38 +0100, Gunter Burchardt
> > > <gbur at informatik.uni-rostock.de> wrote:
> > > > An easy workaround is to use only TKIP or CCMP, not both together.
> > > >
> > > > regards
> > > > gunter
> > > > _______________________________________________
> > > > HostAP mailing list
> > > > HostAP at shmoo.com
> > > > http://lists.shmoo.com/mailman/listinfo/hostap
>



More information about the HostAP mailing list