Fw: 802.11r debug question

Ahmad Ali Tabassam ahmadthe8 at yahoo.com
Mon Aug 3 04:30:37 EDT 2009


 From: Chuck Tuffli <Chuck.Tuffli at dspg.com>
To: Ahmad Ali Tabassam <ahmadthe8 at yahoo.com>
Sent: Friday, July 31, 2009 11:46:02 PM
Subject: RE: 802.11r debug question


> From: Chuck Tuffli <Chuck.Tuffli at dspg.com>
> 802.11r debug question
> > I'm trying to get 802.11r working on our client using the 0.7.x
> > versions of wpa_supplicant and hostapd, but keep >getting the error
> > "WPA: invalid MIC in msg 2/4 of 4-Way Handshake". If I look at the
> > logs for the supplicant and >hostapd, the hexdump of PMK-RO,
> > PMKR0Name, PMK-R1, PMKR1Name, etc should match on both sides, right?
> > Thanks!


> From: Ahmad Ali Tabassam [mailto:ahmadthe8 at yahoo.com]
> Sent: Fri 7/31/2009 12:55 AM
> To: Chuck Tuffli
> Subject: Re: 802.11r debug question
>
> The names and the IDs of the Key holders of both levels should match.
> This error is normally a sign of either incorrectly configured WPA/FT
> PSK/passphrase or an implementation error. Are you sure that the same
> pre-shared key and same type of it is configured in both the AP and
> client? also check your chiphersuits..
>
 
I updated your .conf files, update XXXXXXXXXXXX and XX:XX.XX:XX:XX:XX with your NIC MAC address, using the same format. 
There were minor mistakes in ciphersuite selection, NAS Identififier and Key-Holders-IDS. For all details check the (IEEE 02.11r- 2008)
Now it should work. 
 

wpa_supplicant.conf file:

ctrl_interface=/var/run/wpa_supplicant
update_config=1
eapol_version=1
ap_scan=1

network={
        ssid="MyWayKickAssAP"
        scan_ssid=1
        proto=RSN
        key_mgmt=FT-PSK
        psk="12345678"
        pairwise=CCMP
        group=CCMP TKIP
}

the interesting parts of hostapd.conf:

interface=wlan0
driver=nl80211
ssid=MyWayKickAssAP
#eap_server=0
eap_server=1
ieee8021x=1
eapol_version=1
own_ip_addr=127.0.0.1
nas_identifier=ap1.example.com
wpa=2
auth_algs=3
wpa_passphrase=12345678
wpa_key_mgmt=FT-PSK
#wpa_pairwise=CCMP
rsn_pairwise=CCMP
mobility_domain=a1b2
r0_key_lifetime=10000
#r1_key_holder=000102030405
r1_key_holder=XXXXXXXXXXXX
reassociation_deadline=1000
#r0kh=02:01:02:03:04:05 ap2.example.com 000102030405060708090a0b0c0d0e0f
 
# <NIC MAC Address> <NAS Identifier > <128-bit Key>
r0kh=XX:XX:XX:XX:XX:XX ap1.example.com 000102030405060708090a0b0c0d0e0f

r1kh=XX:XX:XX:XX:XX:XX XX:XX:XX:XX:XX:XX 000102030405060708090a0b0c0d0e0f

Best Regards 
Ahmad 
 
# <NIC MAC Address> <R0KH-ID> <128-bit Key>



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090803/c574eec5/attachment.htm 


More information about the HostAP mailing list