wpa_supplicant in adhoc WPA-PSK mode

Dan Williams dcbw at redhat.com
Fri Nov 6 02:12:33 EST 2009


On Fri, 2009-11-06 at 12:20 +0530, Ujjal Roy wrote:
> Hi All,
> 
> I have an IBSS(start) network(Ad-Hoc WPA-PSK) with the following
> configuration -
> 
> ssid="ADHOC_WPA_PSK"
> key_mgmt=WPA-PSK
> pairwise=TKIP
> group=TKIP
> passphrase="1234567890"

That configuration is wrong, at least for 0.6.x and less.  You want:

mode=1
key_mgmt=WPA-NONE
pairwise=NONE
group=TKIP

Dan

> 
> Now, my question is - can wpa_supplicant join with the above IBSS
> network?
> The following configuration is for the wpa_supplicant -
> 
> ##### Example wpa_supplicant configuration file
> ###############################
> update_config=1
> ctrl_interface=/var/run/wpa_supplicant
> eapol_version=2
> ap_scan=1
> fast_reauth=1
> 
> # Example blocks:
> # Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid
> ciphers
> network={
>     ssid="ADHOC_WPA_AP"
>     mode=1
>     proto=WPA
>     key_mgmt=WPA-PSK
>     pairwise=TKIP
>     group=TKIP
>     psk="1234567890"
>     priority=1
> }
> 
> Please reply with your comments as early as possible, because I have
> no other known application which can test this block of network.
> 
> Thanks,
> Ujjal Roy
> > On Fri, Oct 30, 2009 at 03:10:26AM +0530, Rajan Vijayaraghavan wrote:
> > 
> >   
> > > The config file for wpa_supplicant is like this:
> > >     
> > 
> >   
> > > eap=FAST
> > > pac_file="c:\dirofwpasupp\fast-mschapv2.pac"
> > > phase1="fast_provisioning=1"
> > > phase2="auth=mschapv2"
> > >     
> > 
> > That is supposed to be phase2="auth=MSCHAPV2"
> > 
> >   
> > > The pem files are stored both the in the server and the client. After the
> > > HostAPD is started on the linux machine, wpa_supplicant is used to connect
> > > the client to the network. I am getting an error message like
> > > 
> > > "EAP-FAST: No Pac File 'c:\dirofwpasupp\fast-mschapv2.pac' - assume no PAC
> > > entries have been provisioned.
> > >     
> > 
> > That is not an error message.
> > 
> >   
> > > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 43 (FAST) selected.
> > >     
> > 
> > And neither is that one.
> > 
> >   
> > > CTRL-EVENT-EAP-FAILURE EAP authentication failed.
> > > 
> > > Can somebody please let me know if the above configuration is correct?
> > >     
> > 
> > I noticed one error in the wpa_supplicant configuration. If fixing that
> > does not resolve the problem, I would suggest taking a look at
> > wpa_supplicant debug log (run it with -dd on command line).
> > 
> >   
> > > I captured the packets in the air between the Access Point and the Station:
> > > The EAP FAST REQUEST packet from AP to STA has the EAP FAST start bit set.
> > > The SSL Secure Sockets Layer shows as "Unrecognized SSL Layer" - SSL Data
> > > Cannot be Recognized".
> > >     
> > 
> > The tool that you used to parse the message does not seem to be able to
> > handle the EAP-FAST Start message correctly (it does not actually
> > include any SSL data).
> > 
> >   
> > > Where does the PAC file get created? On the Linux machine that runs the
> > > hostapd or the windows machine that runs the wpa_supplicant.
> > > Would it be created automatically on the client?
> > >     
> > 
> > The PAC file itself is created on the client. The PAC key stored in this
> > file is generated by the authentication server (hostapd in this case).
> > 
> >   
> > > Also how do I use Juniper Access Client to work in EAP FAST method. I
> > > checked with Juniper document but to no avail. Any helpful pointer would be
> > > great.
> > >     
> > 
> > That would be a question for Juniper, not this mailing list..
> > 
> >   
> 
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap



More information about the HostAP mailing list