WPA_Supplicant failing for LEAP
Dan Williams
dcbw at redhat.com
Thu Apr 30 10:56:39 EDT 2009
On Thu, 2009-04-30 at 10:17 +1000, linux newbie wrote:
> Hi,
>
> I downloaded latest airo driver which has WPA support from below
> mentioned website
> http://svn.gna.org/viewcvs/airo-wpa/?sortdir=down
That's not actually the latest airo driver, it's a driver that somebody
has hacked up to support WPA, but it's got known problems, especially
with switching WPA on and off. It may or may not work for you. The
latest airo driver is always available in the latest Linux kernel, but
nobody (including me) has done the work to clean up and port that patch
set from svn.gna.org to the current linux kernel and push it upstream.
You'll also want to use ap_scan=2 for airo in your wpa_supplicant.conf
file.
Dan
> Following is my wpa_configuration settings
>
> ctrl_interface=/var/run/wpa_supplicant
>
> network={
> ssid="RTSDEV8"
> proto=WPA
> key_mgmt=WPA-PSK
> pairwise=TKIP
> group=TKIP
> auth_alg=OPEN
> psk=b4a199f9efdf4d94e4c86562f6d54e1db61fb7faa5b0d32e0104690bb63919db
> }
>
> I am getting following error. Can you please suggest what might went
> wrong?
>
> # ./wpa_supplicant -Dwext -i eth1 -c my_conf.conf -dd
> Initializing interface 'eth1' conf 'my_conf.conf' driver 'wext'
> ctrl_interface 'N/A' bridge 'N/A'
> Configuration file 'my_conf.conf' ->
> '/mnt/wpa_supplicant/my_conf.conf'
> Reading configuration file '/mnt/wpa_supplicant/my_conf.conf'
> ctrl_interface='/var/run/wpa_supplicant'
> Line: 6 - start of a new network block
> ssid - hexdump_ascii(len=7):
> 52 54 53 44 45 56 38
> RTSDEV8
> proto: 0x1
> key_mgmt: 0x2
> pairwise: 0x8
> group: 0x8
> auth_alg: 0x1
> PSK - hexdump(len=32): [REMOVED]
> Priority group 0
> id=0 ssid='RTSDEV8'
> Initializing interface (2) 'eth1'
> SIOCGIWRANGE: WE(compiled)=22 WE(source)=19 enc_capa=0x0
> capabilities: key_mgmt 0x0 enc 0x3 flags 0x0
> WEXT: Operstate: linkmode=1, operstate=5
> Own MAC address: 00:0d:28:7f:4b:c0
> wpa_driver_wext_set_wpa
> wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_countermeasures
> wpa_driver_wext_set_drop_unencrypted
> RSN: flushing PMKID list in the driver
> Setting scan request: 0 sec 100000 usec
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> Added interface eth1
> RTM_NEWLINK: operstate=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
> Wireless event: cmd=0x8b06 len=8
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
> State: DISCONNECTED -> SCANNING
> Starting AP scan (broadcast SSID)
> Trying to get current scan results first without requesting a new scan
> to speed up initial association
> Received 126 bytes of scan results (1 BSSes)
> CTRL-EVENT-SCAN-RESULTS
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - no WPA/RSN IE
> Try to find non-WPA AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - non-WPA network not allowed
> No suitable AP found.
> Setting scan request: 0 sec 0 usec
> Starting AP scan (broadcast SSID)
> Scan requested (ret=0) - scan timeout 5 seconds
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> Wireless event: cmd=0x8b15 len=20
> Wireless event: new AP: 00:00:00:00:00:00
> Added BSSID 00:00:00:00:00:00 into blacklist
> CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> State: SCANNING -> DISCONNECTED
> wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
> WEXT: Operstate: linkmode=-1, operstate=5
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> EAPOL: disable timer tick
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> Wireless event: cmd=0x8b19 len=8
> Received 0 bytes of scan results (0 BSSes)
> CTRL-EVENT-SCAN-RESULTS
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> Try to find non-WPA AP
> No APs found - clear blacklist and try again
> Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> Try to find non-WPA AP
> No suitable AP found.
> Setting scan request: 5 sec 0 usec
> State: DISCONNECTED -> SCANNING
> Starting AP scan (broadcast SSID)
> Scan requested (ret=0) - scan timeout 30 seconds
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> Wireless event: cmd=0x8b19 len=8
> Received 126 bytes of scan results (1 BSSes)
> CTRL-EVENT-SCAN-RESULTS
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - no WPA/RSN IE
> Try to find non-WPA AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - non-WPA network not allowed
> No suitable AP found.
> Setting scan request: 5 sec 0 usec
> Starting AP scan (broadcast SSID)
> Scan requested (ret=0) - scan timeout 30 seconds
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> Wireless event: cmd=0x8b19 len=8
> Received 126 bytes of scan results (1 BSSes)
> CTRL-EVENT-SCAN-RESULTS
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - no WPA/RSN IE
> Try to find non-WPA AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - non-WPA network not allowed
> No suitable AP found.
> Setting scan request: 5 sec 0 usec
> Starting AP scan (broadcast SSID)
> Scan requested (ret=0) - scan timeout 30 seconds
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> Wireless event: cmd=0x8b19 len=8
> Received 126 bytes of scan results (1 BSSes)
> CTRL-EVENT-SCAN-RESULTS
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - no WPA/RSN IE
> Try to find non-WPA AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - non-WPA network not allowed
> No suitable AP found.
> Setting scan request: 5 sec 0 usec
> Starting AP scan (broadcast SSID)
> Scan requested (ret=0) - scan timeout 30 seconds
> RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> Wireless event: cmd=0x8b19 len=8
> Received 126 bytes of scan results (1 BSSes)
> CTRL-EVENT-SCAN-RESULTS
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - no WPA/RSN IE
> Try to find non-WPA AP
> 0: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> skip - non-WPA network not allowed
> No suitable AP found.
> Setting scan request: 5 sec 0 usec
> Starting AP scan (broadcast SSID)
> Scan requested (ret=0) - scan timeout 30 seconds
> CTRL-EVENT-TERMINATING - signal 2 received
> Removing interface eth1
> State: SCANNING -> DISCONNECTED
> wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
> WEXT: Operstate: linkmode=-1, operstate=5
> No keys have been configured - skip key clearing
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> wpa_driver_wext_set_wpa
> wpa_driver_wext_set_drop_unencrypted
> wpa_driver_wext_set_countermeasures
> No keys have been configured - skip key clearing
> Cancelling scan request
> Cancelling authentication timeout
> WEXT: Operstate: linkmode=0, operstate=6
>
>
> On Thu, Apr 30, 2009 at 1:40 AM, Dan Williams <dcbw at redhat.com> wrote:
> On Wed, 2009-04-29 at 15:16 +1000, linux newbie wrote:
> > I am using wpa_supplicant-0.6.8.
> >
> > In the AP configuration, I set Open with EAP and now
> everything is
> > working fine for LEAP.
> >
> > Now I enabled WPA is AP and modified my supplicant
> configuration file
> > as below
> >
> > ctrl_interface=/var/run/wpa_supplicant
> > ctrl_interface_group=0
> > network={
> > ssid="RTSDEV8"
> > key_mgmt=WPA-EAP
> > auth_alg=OPEN
> > eap=LEAP
> > identity="testing"
> > password="test"
> > }
> >
> > When I run the wpa_supplicant, I am getting following error.
> Is WPA
> > not supported in my airo driver? How to check whether it
> supports or
> > not?
>
>
> No, the airo driver does not support WPA. Cisco did not
> release
> information about the WPA-capable firmware, and thus that
> functionality
> would have to be reverse-engineered. You're stuck with
> Dynamic WEP or
> LEAP. I'd suggest Dynamic WEP with short rekey intervals.
>
> Dan
>
>
> > password - hexdump_ascii(len=5): [REMOVED]
> > Priority group 0
> > id=0 ssid='RTSDEV8'
> > Initializing interface (2) 'eth1'
> > SIOCGIWRANGE: WE(compiled)=22 WE(source)=19 enc_capa=0x0
> > capabilities: key_mgmt 0x0 enc 0x3 flags 0x0
> > WEXT: Operstate: linkmode=1, operstate=5
> > Own MAC address: 00:0d:28:7f:4b:c0
> > wpa_driver_wext_set_wpa
> > Driver does not support WPA.
> > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0
> key_len=0
> > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0
> key_len=0
> > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0
> key_len=0
> > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0
> key_len=0
> > wpa_driver_wext_set_countermeasures
> > wpa_driver_wext_set_drop_unencrypted
> > RSN: flushing PMKID list in the driver
> > Setting scan request: 0 sec 100000 usec
> > EAPOL: SUPP_PAE entering state DISCONNECTED
> > EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> > EAPOL: SUPP_BE entering state INITIALIZE
> > EAP: EAP entering state DISABLED
> > ctrl_interface_group=0
> > Added interface eth1
> > State: DISCONNECTED -> SCANNING
> > Starting AP scan (broadcast SSID)
> > Trying to get current scan results first without requesting
> a new scan
> > to speed up initial association
> > Received 0 bytes of scan results (0 BSSes)
> > Cached scan results are empty - not posting
> > Selecting BSS from priority group 0
> > Try to find WPA-enabled AP
> > Try to find non-WPA AP
> > No suitable AP found.
> > Setting scan request: 0 sec 0 usec
> > RTM_NEWLINK: operstate=0 ifi_flags=0x11043
> ([UP][RUNNING][LOWER_UP])
> > Wireless event: cmd=0x8b06 len=8
> > RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> > RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
> > Starting AP scan (broadcast SSID)
> > Scan requested (ret=0) - scan timeout 5 seconds
> > EAPOL: disable timer tick
> > RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> > Wireless event: cmd=0x8b19 len=8
> > Received 276 bytes of scan results (2 BSSes)
> > CTRL-EVENT-SCAN-RESULTS
> > Selecting BSS from priority group 0
> > Try to find WPA-enabled AP
> > 0: 00:19:07:05:5a:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - no WPA/RSN IE
> > 1: 00:13:c4:c3:f0:d0 ssid='OXFORD' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - no WPA/RSN IE
> > Try to find non-WPA AP
> > 0: 00:19:07:05:5a:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - SSID mismatch
> > 1: 00:13:c4:c3:f0:d0 ssid='OXFORD' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - SSID mismatch
> > No suitable AP found.
> > Setting scan request: 5 sec 0 usec
> > Starting AP scan (broadcast SSID)
> > Scan requested (ret=0) - scan timeout 30 seconds
> > RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> > Wireless event: cmd=0x8b19 len=8
> > Received 770 bytes of scan results (6 BSSes)
> > CTRL-EVENT-SCAN-RESULTS
> > Selecting BSS from priority group 0
> > Try to find WPA-enabled AP
> > 0: 00:19:07:05:5a:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - no WPA/RSN IE
> > 1: 00:13:c4:c3:f0:d0 ssid='OXFORD' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - no WPA/RSN IE
> > 2: 00:1b:2b:a5:fd:20 ssid='' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - no WPA/RSN IE
> > 3: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0
> rsn_ie_len=0
> > caps=0x11
> > skip - no WPA/RSN IE
> > 4: 00:22:0d:44:f3:b0 ssid='OCSFR12' wpa_ie_len=0
> rsn_ie_len=0
> > caps=0x11
> > skip - no WPA/RSN IE
> > 5: 00:02:2d:1e:bf:90 ssid='TWHS' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - no WPA/RSN IE
> > Try to find non-WPA AP
> > 0: 00:19:07:05:5a:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - SSID mismatch
> > 1: 00:13:c4:c3:f0:d0 ssid='OXFORD' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - SSID mismatch
> > 2: 00:1b:2b:a5:fd:20 ssid='' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - SSID mismatch
> > 3: 00:07:85:b3:fe:a1 ssid='RTSDEV8' wpa_ie_len=0
> rsn_ie_len=0
> > caps=0x11
> > skip - non-WPA network not allowed
> > 4: 00:22:0d:44:f3:b0 ssid='OCSFR12' wpa_ie_len=0
> rsn_ie_len=0
> > caps=0x11
> > skip - SSID mismatch
> > 5: 00:02:2d:1e:bf:90 ssid='TWHS' wpa_ie_len=0 rsn_ie_len=0
> caps=0x11
> > skip - SSID mismatch
> > No suitable AP found.
> > Setting scan request: 5 sec 0 usec
> > Starting AP scan (broadcast SSID)
> > Scan requested (ret=0) - scan timeout 30 seconds
> > RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
> > Wireless event: cmd=0x8b19 len=8
> > Received 276 bytes of scan results (2 BSSes)
> > CTRL-EVENT-SCAN-RESULTS
> > Selecting BSS from priority group 0
> >
> > On Tue, Apr 28, 2009 at 6:34 AM, Dan Williams
> <dcbw at redhat.com> wrote:
> > On Mon, 2009-04-27 at 08:54 +1000, linux newbie
> wrote:
> > > Thanks for your reply.
> > >
> > > Is wpa_supplicant + airo driver + LEAP tested??
> > >
> > > How to check whether LEAP is enabled in my airo
> driver or
> > not? Is
> > > there any modules that needs to be integrated with
> airo
> > driver for
> > > LEAP support?
> >
> >
> > I know the Airo driver can be used for dynamic WEP,
> but I
> > haven't ever
> > heard of it being used for Network EAP as the 802.11
> auth
> > mode. The
> > cards have some firmware support for LEAP internally
> (there
> > are internal
> > chip registers for LEAP username and password) so
> the firmware
> > might
> > well trap LEAP responses. Who knows.
> >
> > What supplicant version are you running? There's a
> fix in
> > later
> > versions that helps airo get the right keys (ie,
> > IW_ENCODE_TEMP).
> >
> > Dan
> >
> >
> > > Once again thanks in heaps
> > >
> > >
> > > On Sun, Apr 26, 2009 at 5:59 PM, Jouni Malinen
> <j at w1.fi>
> > wrote:
> > > On Mon, Apr 20, 2009 at 10:35:04AM +1000,
> linux
> > newbie wrote:
> > >
> > > > Our AP is connected to Radius Server and
> LEAP is
> > enabled.
> > > when I tried using
> > > > wpa_supplicant in my sytem(cisco
> wireless card and
> > wext
> > > driver) it throws
> > > > following error. Please help to resolve
> this
> > issue.
> > > > *wpa_driver_wext_associate
> > >
> > > > ioctl[SIOCSIWGENIE]: Operation not
> supported*
> > >
> > > You can ignore that message.
> > >
> > > > network={
> > > > ssid="RTSDEV4"
> > > > key_mgmt=IEEE8021X
> > > > eap=LEAP
> > > > identity="nandaks"
> > > > password="*******"
> > > > priority=5
> > > > }
> > >
> > >
> > > But it looks like your driver does not
> support
> > Network EAP
> > > authentication algorithm. If the AP allows
> LEAP to
> > be used
> > > without it,
> > > you could try adding auth_alg=OPEN into
> the network
> > block.
> > >
> > > --
> > > Jouni Malinen
> > PGP
> > > id EFC895FA
> > >
> _______________________________________________
> > > HostAP mailing list
> > > HostAP at lists.shmoo.com
> > >
> http://lists.shmoo.com/mailman/listinfo/hostap
> > >
> > > _______________________________________________
> > > HostAP mailing list
> > > HostAP at lists.shmoo.com
> > > http://lists.shmoo.com/mailman/listinfo/hostap
> >
> >
> >
>
>
>
More information about the HostAP
mailing list