wpa_supplicant cryptic procedure of access

Jouni Malinen jkmaline at cc.hut.fi
Sun Oct 8 22:52:09 EDT 2006


On Thu, Sep 21, 2006 at 09:34:55PM +0200, Daniel Dieterle wrote:

> at ouer HighSchool we have a wifi for guests and a hidden wifi for the
> students. I want to the hidden wifi.

> if i set in my config:
>  ap_scan=1
> the outpout ist:
>  Scan results: 4
>  Selecting BSS from priority group 0
>  0: 00:0f:90:55:50:70 ssid='<hidden>' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11

With ipw2x00 drivers, you will likely need to use ap_scan=2 mode with
hidden SSIDs.

> if i set in my config:
>  ap_scan=2
> and do:
>  wpa_supplicant -ieth1 -Dwext -c/etc/wpa_supplicant.conf
> the output is:
>  Trying to associate with SSID 'ResEl'
>  CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> 
> Hey great wpa_supplicant sees the the SSID. But can't connect. :-( I
> have tried this very, very often but every time with the same result.
> The outpout repeats if i wate some time.

With ap_scan=2, you must configure all security parameters explicitly
for the driver to associated correctly.

> So i reset it to:
>  ap_scan=1
> and do:
>  wpa_supplicant -ieth1 -Dwext -c/etc/wpa_supplicant.conf
> the output is:
>  Trying to associate with 00:0f:90:55:50:70 (SSID='ResEl' freq=0 MHz)
>  CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>  CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>  Associated with 00:0f:90:55:50:70

This is likely triggered by the driver learning about the hidden SSID
and then being able to include that in the scan results. In ap_scan=1,
the security parameters can be learned from scan results, so in this
case, wpa_supplicant knows what mode to use.

> ap_scan=1

I would change that to ap_scan=2..

> network={
>         ssid="ResEl"
>         scan_ssid=1
>         key_mgmt=WPA-EAP

.. and add proto, pairwise, and group parameters here to match with the
AP. Based on the debug info, these would likely be proto=WPA,
pairwise=TKIP, group=WEP104. I don't think ipw2x00 supports scan_ssid,
so you can remove that (anyway, it is not used in ap_scan=2 mode).

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list