wpa_supplicant, ndiswrapper, bcm4309 and cisco ap issue

Jouni Malinen jkmaline at cc.hut.fi
Sun Jun 5 10:56:18 EDT 2005


On Sun, Jun 05, 2005 at 12:57:11PM +0200, Sandro Poppi wrote:

> I'm having troubles connecting to a Cisco Aironet 1200 series ap using my
> Dell Wireless 1450 mini-PCI card with ndiswrapper 1.2rc1.

> network={
> 	ssid="ssid"
> 	key_mgmt=WPA-EAP
> 	group=TKIP
> 	pairwise=TKIP
> 	auth_alg=OPEN LEAP
>         eap=LEAP

By the way, ndiswrapper does not support auth_alg=LEAP, so this ends up
using Open System. Anyway, the access point seems to be configured to
allow both open system and LEAP/Network EAP authentication algorithms.

> It seems that there are issues within the EAPOL 4way handshake, step 2/4
> since debug on the ap shows the following message:
> 
> dot11_dot1x_verify_ptk_handshake: Invalid EAPOL-Key Data Len: exp=26, act=24

That seems to indicate that the WPA IE in association request and
message 2/4 did not match.

> WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00
> 00 50 f2 02 01 00 00 50 f2 01

This is the default WPA IE generated by wpa_supplicant. However, NDIS
drivers generate their own IE for association and it may differ from
this (in this case, it is likely to include extra 00 00 in the end). The
driver will need to notify wpa_supplicant about the used WPA IE when
they are generating WPA IEs, but the debug log does not include such
notification.

ndiswrapper is supposed to send an association info event with the WPA
IE. Without this, wpa_supplicant may end up using incorrect IE in msg
2/4 and AP will reject authentication because of this. You should be
able to use iwevent to verify whether the association info event is
actually sent by the driver. It shows up as "ASSOCINFO(ReqIEs=...)"
message. If you do not see this, please report the problem on
ndiswrapper mailing list.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list