wpa_supplicant fails to preauthenticate

Ambedkar R ambedkar_r at rediffmail.com
Wed Dec 5 00:16:26 EST 2007


 Hi,

Since you have configured with different security and SSID policy for two different AP's,you can't perform Pre-Authentication.

To perform Pre-Authentication following things are required,they are
1.AP should have the support for WPA2-Enterprise/CCMP
2.Client should support for Pre-Authentication.

Configure AP1 and AP2 with same SSID and Security Policy(WPA2-Enterprise desired)


Thanks
Ambedkar.R 


On Tue, 04 Dec 2007 Paresh Sawant wrote :
>If we assume that pre-auth is not allowed if the bssid belongs to different
>ssid than one it is already associated with, then would that be right idea
>to make wpa_supplicant report an error instead of initiating the pre-auth by
>sending out eapol start packet ?
>
>Is it possible to have 2 different access points within same ESS having
>separate security policies e.g. ap1 with WPA2-PSK and ap2 with WPA2-EAP ? I
>don't see IEEE 802.11i enforcing such a rule. please correct me.
>
>Cheers
>- Paresh
>
>On Dec 3, 2007 8:26 PM, Jouni Malinen <j at w1.fi> wrote:
>
> > On Mon, Dec 03, 2007 at 07:50:44PM +0530, Paresh Sawant wrote:
> >
> > >            I'm trying to make wpa_supplicant ( on windows XP with
> > > CONFIG_USE_NDISUIO ) preauthenticate with ap2 while it is already
> > associated
> > > with ap1. Following are the network blocks I've specified in .conf -
> > >
> > > network={
> > >     ssid="ap1"
> > >     key_mgmt=WPA-PSK
> >
> > > network={
> > >     ssid="ap2"
> > >     key_mgmt=WPA-EAP
> >
> > I wouldn't be surprised if pre-authentication would not work when
> > associated with a WPA-PSK AP. This is somewhat odd configuration of RSN
> > pre-authentication. I don't remember whether this is even allowed in the
> > IEEE 802.11 standard. Anyway, it looks like the problem here could be in
> > use of different SSIDs. I've only ever heard of pre-authentication used
> > within the same ESS, i.e., between APs that use the the same SSID.
> >
> > Is this kind of network really deployed somewhere or is this just a test
> > case?
> >
> > --
> > Jouni Malinen                                            PGP id EFC895FA
> > _______________________________________________
> > HostAP mailing list
> > HostAP at shmoo.com
> > http://lists.shmoo.com/mailman/listinfo/hostap
> >
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071205/82780c7b/attachment.htm 


More information about the HostAP mailing list