How to do WEP-PEAP?

Bryan Kadzban bryan at kadzban.is-a-geek.net
Tue Nov 14 12:42:01 EST 2006


On Tue, Nov 14, 2006 at 04:37:48PM +0100, Marc Haber wrote:
> |ap_scan=2
> <...>
> |        key_mgmt=IEEE8021X
> |        pairwise=CCMP TKIP
> |        group=CCMP TKIP WEP104 WEP40

Since you're using ap_scan=2, you need to have only ONE value for both
pairwise and group.  You can't use multiple values, because setting
ap_scan to 2 means that wpa_supplicant will just blindly program the
security settings and ESSID into the driver, and let the driver handle
the choice of BSSID.  wpa_supplicant needs to have *one* value for all
the security settings, including the pairwise and group ciphers.

It sounds like you probably need to set pairwise to WEP104 and group to
the same thing, if those are supported for key_mgmt=IEEE8021X.  You
could set ap_scan=1, but that won't work with a hidden SSID (except with
some drivers, if you add scan_ssid=1 to the network block).

OTOH, ap_scan=2 only works with some drivers, too, so depending on what
driver you're using (wpa_supplicant's -D option), this may not even be
possible.  I think you said Centrino, so that would probably be the
ipw22whatever kernel driver; I'm not sure if that works with the wext
driver in wpa_supplicant, but I believe it does.

And I don't know if wext is one of the drivers that works with
ap_scan=2.  (Actually I should probably be saying "backends" instead
of "drivers", because it's not kernel code, it's just a wpa_supplicant
backend interface to whatever kernel driver is running.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20061114/83c78488/attachment.pgp 


More information about the HostAP mailing list