Deauthentication while connecting to RADIUS

Dennis Borgmann dennis.borgmann at googlemail.com
Fri Nov 16 01:51:14 EST 2007


Dear list-members,

I got a new AP, that uses 2 Atheros-WLAN-devices and runs Linux with the 
madwifi-driver in use. In addition, the hostapd is in use.
My laptop is connected via ethernet to this AP and is running the
FreeRADIUS server. I have a client running an Atheros-card on Linux as
well, so there I do also have madwifi in addition to wpa_supplicant.

Schematically, this is my setup:

|------------|      |------------|          |----------------|
|Laptop      |  (1) |Accesspoint |    (2)   | Desktop-PC     |
|192.168.1.3 |------|192.168.1.1 |--))  ((--|192.168.1.2     |
| FreeRADIUS |      |hostapd     |          | wpa_supplicant |
|------------|      |------------|          |----------------|

Now, I am sniffing with wireshark on the Laptop and "in the air",
meaning in between the AP and the Desktop-PC. What I now get is the
information, that my request to the radius-server succeeds
(Access-accept sent out from the Laptop, seen in the sniff on connection
(1) and EAP-Success including ACK sniffed on connection (2)). But
direcly after the "EAP-Success"-frame is sent out by the AP to the
Desktop-PC, the AP sends out a Deauthentication-frame to the Desktop-PC
saying the previos authentication would no longer be valid (0x0002).
There is no frame in between the ACK sent by the Desktop-PC and the DEAUTH
sent by the AP, the time elapsed in between those two frames is
roundabout 1 ms.

I do not see the point, why the AP rejects the authentication after a
succeeded EAP-authentication.

The output of

hostapd -ddd /etc/hostapd/hostapd1.conf

gives these three lines (among thousands of others):

WPA: 00:14:85:da:c6:f1 WPA_PTK entering state INITPMK
WPA: Could not get PMK
WPA: 00:14:85:da:c6:f1 WPA_PTK entering state DISCONNECT

So far with my problem. Does anyone see the point that I did wrong? Just
for completeness, I posted my config-files at the following link (it's just a text file 66kB of size):

http://fb03il20.no-ip.org/~herakles/radius-problems

Kind regards and thanks for every hint in advance,

Dennis






More information about the HostAP mailing list