Association fails on WPA-EAP (TKIP) network

Andrew Barr andrew.james.barr at gmail.com
Tue Jun 13 15:17:05 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, I'm trying to configure my Sharp Zaurus SL-5600 handheld (OpenZaurus 
3.5.4.1-rc, kernel 2.6.16) to use my household wireless network. The network 
uses WPA-EAP (PEAP-MSCHAPv2) with TKIP encryption. The hardware is a U.S. 
Robotics USR-8054 802.11g wireless router (in AP-only mode) and is being 
backed by FreeRADIUS 1.1.0.

The Zaurus has wpa_supplicant 0.4.8 with hostap-drivers 0.4.4 (I believe they 
come from the kernel.org tree), and the hardware there is a SanDisk 
ConnectPlus (Prism3 SSF), which is using STA firmware 1.8.4 and PRI firmware 
1.1.2. It will not associate with the network, it continually loops between 
scanning and associating, timing out each time, until it is canceled. This 
behavior is NOT specific to the Zaurus, I can put the same card in my 
Thinkpad via a PCMCIA-CF adapter and reproduce the same behavior. 
Additionally, the behavior was the same on the 2.4.18 kernel available for 
the SL-5600 from OpenZaurus.

Below is the debug output of wpa_supplicant. The behavior is the same 
regardless of which WPA driver I use, wext or hostap. In case that's not 
enough, I have Ethereal dump files created from my Thinkpad (Kismet using 
ipw2200 monitor mode) while the Zaurus was attempting to connect. I don't 
attach that because it likely contains passwords and such, but I can e-mail 
it to people off list.

andrew at r51:~$ ssh 192.168.129.201
root at 192.168.129.201's password:
Last login: Tue Jun 13 18:50:12 2006 from 192.168.129.1
root at poodle:~# hostap_fw_load wlan0
Downloading primary firmware /etc/pcmcia/pm010102.hex
srec summary for pm010102.hex
Included file name: PM010102.HEX
Component: 0x0015 1.1.2 (primary firmware)


Verifying update compatibility and combining data:
Plugging PDR 0400 (NIC configuration): ram16=1 pci=0 (03 00)
OK.

Downloading to volatile memory (RAM).
OK.
srec summary for pm010102.hex
Included file name: PM010102.HEX
Component: 0x0015 1.1.2 (primary firmware)

ioctl[PRISM2_IOCTL_HOSTAPD]: No data available
STAID not available (maybe running PRI-only)
ioctl[PRISM2_IOCTL_HOSTAPD]: No data available
ioctl[PRISM2_IOCTL_HOSTAPD]: No data available

Verifying update compatibility and combining data:
Plug record length mismatch (PDR=0x0001): 6 != 16
==> extend from default
OK.

Downloading to volatile memory (RAM).
OK.
Downloading secondary (station) firmware /etc/pcmcia/rf010804.hex
srec summary for rf010804.hex
Included file name: rf010804.hex
Component: 0x001f 1.8.4 (station firmware)

ioctl[PRISM2_IOCTL_HOSTAPD]: No data available
STAID not available (maybe running PRI-only)
ioctl[PRISM2_IOCTL_HOSTAPD]: No data available
ioctl[PRISM2_IOCTL_HOSTAPD]: No data available

Verifying update compatibility and combining data:
OK.

Downloading to volatile memory (RAM).
OK.
Components after download:
  NICID: 0x801d v1.0.0
  PRIID: 0x0015 v1.1.2
  STAID: 0x001f v1.8.4
Card is ready with both PRI and STA firmware images
root at poodle:~# wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -Dwext -dd
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'wext' 
ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=1
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=8):
     6f 61 6b 63 6f 75 72 74                           oakcourt
eap methods - hexdump(len=2): 19 00
key_mgmt: 0x1
phase2 - hexdump_ascii(len=14):
     61 75 74 68 32 3d 4d 53 43 48 41 50 76 32         auth2=MSCHAPv2
identity - hexdump_ascii(len=6):
     61 6e 64 72 65 77                                 andrew
password - hexdump_ascii(len=10): [REMOVED]
Priority group 0
   id=0 ssid='oakcourt'
Initializing interface (2) 'wlan0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=19 WE(source)=18 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
Added alternative ifindex 10 (wifi0) for wireless events
Own MAC address: 00:60:b3:6c:65:97
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 100000 usec
Added interface wlan0
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b19 len=8
Received 179 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:c0:49:ec:6f:82 ssid='oakcourt' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Trying to associate with 00:c0:49:ec:6f:82 (SSID='oakcourt' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 
00 00 50 f2 02 01 00 00 50 f2 01
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 
f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=17
Authentication with 00:00:00:00:00:00 timed out.
Added BSSID 00:00:00:00:00:00 into blacklist
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b19 len=8
Received 179 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:c0:49:ec:6f:82 ssid='oakcourt' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Trying to associate with 00:c0:49:ec:6f:82 (SSID='oakcourt' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 
00 00 50 f2 02 01 00 00 50 f2 01
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 
f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=17
Authentication with 00:00:00:00:00:00 timed out.
BSSID 00:00:00:00:00:00 blacklist count incremented to 2
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b19 len=8
Received 179 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:c0:49:ec:6f:82 ssid='oakcourt' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Trying to associate with 00:c0:49:ec:6f:82 (SSID='oakcourt' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 
00 00 50 f2 02 01 00 00 50 f2 01
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 
f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=17
Authentication with 00:00:00:00:00:00 timed out.
BSSID 00:00:00:00:00:00 blacklist count incremented to 3
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b19 len=8
Received 179 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:c0:49:ec:6f:82 ssid='oakcourt' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
   selected based on WPA IE
Trying to associate with 00:c0:49:ec:6f:82 (SSID='oakcourt' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 
00 00 50 f2 02 01 00 00 50 f2 01
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 
f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=17
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface wlan0
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wext_set_wpa
wpa_driver_wext_set_drop_unencrypted
wpa_driver_wext_set_countermeasures
No keys have been configured - skip key clearing
Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
Cancelling scan request
root at poodle:~# cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1

network={
        ssid="oakcourt"
        eap=PEAP
        key_mgmt=WPA-EAP
        phase2="auth2=MSCHAPv2"
        identity="andrew"
        password="[removed]"
}
root at poodle:~#   

Thanks for any help.
- -- 
Andrew Barr | andrew.james.barr at gmail.com
http://www.oakcourt.dyndns.org/~andrew/

"And now for something completely different."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEjw84huM+Z62a52oRAltwAKCB/RxgS8hcwlDuDroAi98xcuePzACcCBBn
v2meL6vx0BiSM77kNNjELQs=
=ti4U
-----END PGP SIGNATURE-----



More information about the HostAP mailing list