hostapd and XP Authentication Help Needed (fwd)

Jouni Malinen jkmaline at cc.hut.fi
Sun Jul 30 13:30:09 EDT 2006


On Sun, Jul 02, 2006 at 10:48:09AM -0600, kshogan at nomadisp.com wrote:

> Recently started to use hostapd as an authenication for a WPA on an atheros 
> chipset using hostapd.  Versions are all 0.4.9 on a 2.6.11 kernel. My problem 
> is that I am unable to get win xp to authenticate to the ap. It sees it, and 
> shows it as a WPA ap, but the authentication fails.  The dump of the process is 
> below.  Seems that the EAPOL Timeout may be an issue.  It connects to begin 
> with, but the 4 way handshake seems to be the problem.
> 
> Does anyone have a set of working hostapd.conf configs that they would share as 
> a starting point for me to customize?  Or, can anyone point to the problems 
> that might be causing the errors?

Your configuration looks fine. Though, I would recommend starting with
just one pairwise cipher (either TKIP or CCMP) enabled. Enabling both of
them may cause problems with some older client implementations.

> ath2: STA 00:0c:41:10:94:46 WPA: sending 1/4 msg of 4-Way Handshake

> IEEE 802.1X: 99 bytes from 00:0c:41:10:94:46
>     IEEE 802.1X: version=1 type=3 length=95
> ath2: STA 00:0c:41:10:94:46 WPA: received EAPOL-Key 2/2 Group with unexpected 
> replay counter

This was somewhat odd frame to receive from the client at this point. I
would assume that this is from an earlier association and the client
just did not complete re-association properly.

> ath2: STA 00:0c:41:10:94:46 WPA: sending 1/4 msg of 4-Way Handshake
> ath2: STA 00:0c:41:10:94:46 WPA: received EAPOL-Key frame (2/4 Pairwise)

Anyway, things got synchronized here, so 4-way handshake can continue.

> ath2: STA 00:0c:41:10:94:46 WPA: received EAPOL-Key frame (4/4 Pairwise)
> madwifi_set_key: alg=TKIP addr=00:0c:41:10:94:46 key_idx=0
> ath2: STA 00:0c:41:10:94:46 WPA: pairwise key handshake completed (WPA)

4-way handshake was completed successfully and the AP configured
encryption for this station.

> ath2: STA 00:0c:41:10:94:46 WPA: sending 1/2 msg of Group Key Handshake

AP is now trying to send out the group key (multiple times).

> ath2: STA 00:0c:41:10:94:46 WPA: EAPOL-Key timeout
> WPA: 00:0c:41:10:94:46 WPA_PTK_GROUP entering state KEYERROR

But there is no response from the client. Either the client did not
receive the message or was unable to send a correctly encrypted
response to it. hostapd did not get any indication of this, so one would
need to either look at the client side debug log or madwifi debug for
more information on what is happening here.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list