Can't authenticate: WPA, RaLink 2500 (NdisWrapper), SpeedTouch 580 router

Jouni Malinen jkmaline at cc.hut.fi
Thu Apr 13 22:25:58 EDT 2006


On Thu, Apr 13, 2006 at 02:30:59PM +0100, Neil Smith wrote:

>  The wireless hub is a Thomson SpeedTouch 580
>  wireless router.

> (There was something in this list's archives about problems with this router 
> having different MAC addresses for the wireless connection and the WPA
> authentication, e.g. the debug lines...
> 
> Associated to a new BSS: BSSID=00:11:f5:89:f7:57
> ...
> RX EAPOL from 00:0e:50:b2:b9:f2
> 
> ...but I couldn't find if that was either resolved or relevant.)

That sounds like a possible reason for problems here.. Unfortunately, I
do not have access to any AP that behaves in this way, but it looks
quite odd..


> Associated to a new BSS: BSSID=00:11:f5:89:f7:57
> RX EAPOL from 00:0e:50:b2:b9:f2

In this kind of case, wpa_supplicant ends up sending the EAPOL-Key frame
2/4 to the source address of the EAPOL-Key 1/4, i.e., 00:0e:50:b2:b9:f2.
However, the AP is using another MAC address as the BSSID. It is unclear
whether the mismatch in address would be confusing the AP and it would
actually want to get the reply to 00:11:f5:89:f7:57. Alternatively, it
could still want to get the reply to 00:0e:50:b2:b9:f2, but with PMK
derived using the BSSID, not this address..

Would you be willing to test couple of experimental patches to
wpa_supplicant to go through all the possible combinations to figure out
what exactly the AP wants to see here?

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list