PTK cipher mismatch

Mihai Maties mihai at xcyb.org
Tue Jun 13 06:36:18 EDT 2006


On Saturday 10 June 2006 07:03, Jouni Malinen wrote:
> On Fri, Jun 09, 2006 at 09:08:30AM +0300, Mihai Maties wrote:
> > network={
> >         ssid="SomeNet"
> >         key_mgmt=IEEE8021X
> >         eap=LEAP
> >         identity="mihai.maties"
> >         password="mypassword"
> > }
> >
> > I'm pretty sure the wireless network configuration didn't change, the
> > only things that did change are: the kernel version (2.6.12 -> 2.6.15)
> > and wpa_supplicant version (0.4.5 -> 0.4.8).
>
> This configuration would be using IEEE 802.1X and LEAP with WEP keys and
> looks fine for that kind of use.

OK, but how do you explain that it worked in the past with this configuration, 
but now, after upgrade, it doesn't work anymore ?

> > I cannot describe the AP configuration since I do not have access to it,
> > but if you are interested in a specific parameter tell me and I'll try to
> > figure it out from a friend that uses Windows (the parameters are
> > configured automatically).
> >
> > I followed your suggestions and changed the config file to:
> >
> > network={
> >         ssid="SomeNet"
> >         key_mgmt=WPA-EAP
> >         auth_alg=LEAP
> >         identity="mihai.maties"
> >         password="mypassword"
> > }
>
> This would be using WPA and LEAP with TKIP or CCMP encryption.
>
> > ... but from my point of view the things are pretty much the same: "PTK
> > cipher mismatch". I attached the debug log, maybe it helps.
>
> This looks like the AP would indeed be advertising WPA support. Since
> your configuration file did not limit the cipher suite, I would assume
> that the AP is trying to use one of the Cisco specific ciphers (CKIP,
> CMIC, or CKIP+CMIC). It _may_ also allow non-WPA case (i.e., your
> earlier configuration with IEEE 802.1X). It would be worth verifying
> whether this is indeed allowed before spending much time with this.

The wireless profile that is configured automatically on windows workstations 
is set as described below:

    Network Authentication: Open
    Data Encryption: CKIP
    "Enable 802.1x" is checked
    Authentication Type: LEAP
    "Enable Cisco Compatible Extensions" is checked
        "Enable Radio Management Support" is checked
        "Enable Mixed Cells Mode" is checked

[ If it helps, a screenshot is available: http://anubis.xcyb.org/LEAP.jpg ]

What do you suggest ? I did a search of "CKIP" in the sources and got 0 
matches. Does this mean that wpa_supplicant doesn't support CKIP and it just 
won't work ? But if that is the case, why did it work in the past ?


Thank you.

Mihai



More information about the HostAP mailing list