PTK cipher mismatch
Jouni Malinen
jkmaline at cc.hut.fi
Sat Jun 10 00:03:15 EDT 2006
On Fri, Jun 09, 2006 at 09:08:30AM +0300, Mihai Maties wrote:
> network={
> ssid="SomeNet"
> key_mgmt=IEEE8021X
> eap=LEAP
> identity="mihai.maties"
> password="mypassword"
> }
>
> I'm pretty sure the wireless network configuration didn't change, the only
> things that did change are: the kernel version (2.6.12 -> 2.6.15) and
> wpa_supplicant version (0.4.5 -> 0.4.8).
This configuration would be using IEEE 802.1X and LEAP with WEP keys and
looks fine for that kind of use.
> I cannot describe the AP configuration since I do not have access to it, but
> if you are interested in a specific parameter tell me and I'll try to figure
> it out from a friend that uses Windows (the parameters are configured
> automatically).
>
> I followed your suggestions and changed the config file to:
>
> network={
> ssid="SomeNet"
> key_mgmt=WPA-EAP
> auth_alg=LEAP
> identity="mihai.maties"
> password="mypassword"
> }
This would be using WPA and LEAP with TKIP or CCMP encryption.
> ... but from my point of view the things are pretty much the same: "PTK cipher
> mismatch". I attached the debug log, maybe it helps.
This looks like the AP would indeed be advertising WPA support. Since
your configuration file did not limit the cipher suite, I would assume
that the AP is trying to use one of the Cisco specific ciphers (CKIP,
CMIC, or CKIP+CMIC). It _may_ also allow non-WPA case (i.e., your
earlier configuration with IEEE 802.1X). It would be worth verifying
whether this is indeed allowed before spending much time with this.
> One more thing: in the 0.4.8 version I see now some parameters related to
> opensc engine. Could this be an issue ? I tried setting these parmaters to
> some libraries that seem to be what the program needs but still no luck.
No, those are not used with LEAP.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list