wpa_supplicant fails to preauthenticate

Paresh Sawant paresh.sawant at gmail.com
Mon Dec 3 13:43:23 EST 2007


If we assume that pre-auth is not allowed if the bssid belongs to different
ssid than one it is already associated with, then would that be right idea
to make wpa_supplicant report an error instead of initiating the pre-auth by
sending out eapol start packet ?

Is it possible to have 2 different access points within same ESS having
separate security policies e.g. ap1 with WPA2-PSK and ap2 with WPA2-EAP ? I
don't see IEEE 802.11i enforcing such a rule. please correct me.

Cheers
- Paresh

On Dec 3, 2007 8:26 PM, Jouni Malinen <j at w1.fi> wrote:

> On Mon, Dec 03, 2007 at 07:50:44PM +0530, Paresh Sawant wrote:
>
> >            I'm trying to make wpa_supplicant ( on windows XP with
> > CONFIG_USE_NDISUIO ) preauthenticate with ap2 while it is already
> associated
> > with ap1. Following are the network blocks I've specified in .conf -
> >
> > network={
> >     ssid="ap1"
> >     key_mgmt=WPA-PSK
>
> > network={
> >     ssid="ap2"
> >     key_mgmt=WPA-EAP
>
> I wouldn't be surprised if pre-authentication would not work when
> associated with a WPA-PSK AP. This is somewhat odd configuration of RSN
> pre-authentication. I don't remember whether this is even allowed in the
> IEEE 802.11 standard. Anyway, it looks like the problem here could be in
> use of different SSIDs. I've only ever heard of pre-authentication used
> within the same ESS, i.e., between APs that use the the same SSID.
>
> Is this kind of network really deployed somewhere or is this just a test
> case?
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071204/baa27fbd/attachment.htm 


More information about the HostAP mailing list