wpa supplicant fails 4-way handshake

Ken Koster ken.koster at elektrobit.com
Tue Jun 17 21:20:00 EDT 2008


On Tuesday 17 June 2008, Pavel Roskin wrote:
> On Tue, 2008-06-17 at 16:52 -0700, Ken Koster wrote:
> > I'm having problems connecting to the guest network here at work.
> > 
> > Immediately after the access points have been powered up I have no trouble
> > connecting and authenticating.  However within a period of 1-7 days both my 
> > Linux laptop (Thinkpad T60p with Intel 3945 chipset) and my Nokia N-800 will
> > suddenly no longer be able to connect while my co-workers Dell laptops 
> > running windows connect just fine.  Our IT guy says 'hey it works for windows
> > so it must be Linux' and I'm stuck waiting for the access points to be reset
> > so I can get back on for a couple of days.
> 
> My first guess is that the AP may be blacklisting the MAC addresses used
> by your devices.  That could be checked by using another device.  Do
> they all stop working at once?

Yes, they all stop at the same time, or at least as near as I can tell.
Usually I'll leave work and when I come back the next day I'm unable 
to connect on either the laptop or the N-800.  

Further discussion with co-workers indicates that at least two other 
N-800's fail and one Nokia Symbian based phone.  All appear to stop
at the same time.

> How does the AP look in the scan results?

Scan results
          Cell 03 - Address: 00:1D:7E:9C:AD:C8
                    ESSID:"EBguest"
                    Mode:Master
                    Channel:1
                    Frequency:2.412 GHz (Channel 1)
                    Quality=68/100  Signal level=-65 dBm  Noise level=-127 dBm
                    Encryption key:on
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Extra:tsf=0000010c5af2c9d3

          Cell 05 - Address: 00:1D:7E:9C:AC:BE
                    ESSID:"EBguest"
                    Mode:Master
                    Channel:11
                    Frequency:2.462 GHz (Channel 11)
                    Quality=61/100  Signal level=-71 dBm  Noise level=-127 dBm
                    Encryption key:on
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Extra:tsf=00000121768ccc90

> Does it support WPA2?  Maybe you could try it?
I've tried WPA2, it doesn't seem to make a difference.

> > We have two access points with the same ESSID one on ch-1 and the other
> > on ch-11.  Both are quite strong,  -60dbm to -65dbm.
> 
> Do the APs stop working at once?  Does each of them stop working for all
> Linux devices at once?

They both seem to stop at the same time, although I admit I haven't done much
more than a few limited tests to verify this.  I do know that I never succeed
with one and not the other.  And as I mentioned above, other devices all quit
at the same time.

> > EAPOL: startWhen --> 0
> > EAPOL: disable timer tick
> 
> I see this in my logs...
> 
> > EAPOL: SUPP_PAE entering state CONNECTING
> > EAPOL: enable timer tick
> > EAPOL: txStart
> > WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
> 
> ... but not this.  Another random idea - try compiling wpa_supplicant
> without EAPOL.  Disable CONFIG_IEEE8021X_EAPOL and all options starting
> with CONFIG_EAP.

I'll try this.
 
> Also make sure your wpa_supplicant.conf contains only things you
> understand.  If it's based on the long version with all comments, try
> making a short version with only one entry for the network you are using
> and nothing else.

I've done that,  it currently looks like this
network={
	ssid="EBguest"
	proto=WPA
	key_mgmt=WPA-PSK
	pairwise=CCMP TKIP
	group=CCMP TKIP
	#psk="ElektrobitIncGuest"
	psk=xxxx
}
 

Thanks,
Ken



----------------------------------------------------------------
Please note: This e-mail may contain confidential information
intended solely for the addressee. If you have received this
e-mail in error, please do not disclose it to anyone, notify
the sender promptly, and delete the message from your system.
Thank you.



More information about the HostAP mailing list