clients cann't connect when using hostapd
pelusitavali at postmaster.co.uk
Thu Mar 23 10:33:21 EST 2006
>> wpa_pairwise=TKIP CCMP
>I would suggest starting with only one pairwise cipher configured. There
>have been some problems with enabling both of them in some
>configurations. It'll be easier to test this once the simplest case has
>been known to work.
>> buy my clients never can connect with my ap (by the way i use debian etch, kernel 220.127.116.11, madwifi-ng-r1475, hostapd-0.5.1), i mean they try, but never can connect successfully, never can get ip direction from dhcp nor nothing else, this is what hostapd shows when trying to connect a client:
>What clients are you using (operating system, wlan hardware, driver,
>supplicant, version numbers)?
>> ath0: STA 00:0f:66:11:c1:96 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
>This is normally a sign of either incorrectly configured WPA
>PSK/passphrase or an implementation error. Are you sure that the same
>passphrase is configured in both the AP and client?
>hostapd v0.5.1 has a bug that would break the next msg 3/4, so even if
>you get through this msg 2/4, you should really upgrade to 0.5.2 in
>order to be able to complete authentication successfully.
>Jouni Malinen PGP id EFC895FA
Thanks so much Jouni, you are my idol now, i was testing my configuration by 1 year and never worked, now with last revision of hostapd, simply works!!!.
thanks for your help and effort.
you are right, with new version and using only TKIP clients can connect, i use winxp clients with many different wlan adapters: Broadcom, Linksys, Atheros, and configured access with windows tools.
i just tested WPA-PSK, i guess it will work with TLS too. now i will configure and test it.
i get these messages now:
IEEE 802.1X: 5 bytes from 00:0f:66:11:c1:96
IEEE 802.1X: version=1 type=1 length=0
ignoring 1 extra octets after IEEE 802.1X packet
ath0: WPA rekeying GTK
WPA: group state machine entering state SETKEYS
GMK - hexdump(len=32): [REMOVED]
GTK - hexdump(len=32): [REMOVED]
WPA: 00:0f:66:11:c1:96 WPA_PTK_GROUP entering state REKEYNEGOTIATING
ath0: STA 00:0f:66:11:c1:96 WPA: sending 1/2 msg of Group Key Handshake
WPA: Send EAPOL(secure=1 mic=1 ack=1 install=0 pairwise=0 ie_len=0 gtk_len=32 keyidx=2 encr=1)
Plaintext EAPOL-Key Key Data - hexdump(len=32): [REMOVED]
TX EAPOL - hexdump(len=145): 00 0f 66 11 c1 96 00 0f 66 11 c1 97 88 8e 02 03 00 7f fe 03 a1 00 20 00 00 00 00 00 00 00 05 3a 64 7f 32 5b 19 d3 50 65 df e8 d4 c2 70 52 03 c2 61 86 7e 6d 43 53 8e ce 80 f5 e4 75 c1 a0 31 c2 61 86 7e 6d 43 53 8e ce 80 f5 e4 75 c1 a0 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c9 c2 cb 2f 41 b8 4d 34 0f d5 e1 d5 7d cc 0e f8 00 20 82 96 6a 73 45 de 56 68 b7 56 ea 1d 31 a4 1b fa fa 81 fc d3 fe 8c e9 d0 ce a4 d0 b1 42 97 5f ba
WPA: group state machine entering state SETKEYSDONE
madwifi_set_key: alg=TKIP addr=00:00:00:00:00:00 key_idx=2
IEEE 802.1X: 99 bytes from 00:0f:66:11:c1:96
IEEE 802.1X: version=1 type=3 length=95
ath0: STA 00:0f:66:11:c1:96 WPA: received EAPOL-Key frame (2/2 Group)
WPA: 00:0f:66:11:c1:96 WPA_PTK_GROUP entering state REKEYESTABLISHED
ath0: STA 00:0f:66:11:c1:96 WPA: group key handshake completed (WPA)
WPA: 00:0f:66:11:c1:96 WPA_PTK_GROUP entering state IDLE
Which Dutchman won the men's singles title at Wimbledon in 1996?
More information about the HostAP