WPA/WPA2 Authentication failure - EAPOL-Key timeout

Sebastian Siebert freespacer at gmx.de
Sun Apr 27 20:58:58 EDT 2014


Hello,

I have a problem with hostapd. I use a WLAN-Router from PC-Engines 
APU.1C-Board with openSUSE 13.1 (64-bit). The WLAN device is a Compex 
WLE200NX [1]. The devices HTC Sensation (Android 4.4.2 / Cyanogenmod) 
and iPad (iOS 7.1) can not connect with the WLAN-Router. I use WPA2 
(WPA-PSK/CCMP) but WPA (WPA-PSK/TKIP+CCMP) does not also work. Both 
devices can see the SSID from the WLAN-Router.

I have tested this with hostapd 2.0, hostapd 2.1 and hostapd-latest-git. 
I always get the same authentication failure but I can not find out the 
real issue. I turned on the debug output and get "EAPOL-Key timeout" 
every time (see below: # journalctl -f).

I attach the output from cli:
# iw list
# lspci | grep Network
# hwinfo --wlan
# lsmod | grep ath9k
# journalctl -f
# grep ^[^#] /etc/hostapd.conf
# ip link show


I am grateful for any hints and advice. Thank you.

Regards,

    Sebastian



# iw list
Wiphy phy0
         Band 1:
                 Capabilities: 0x11ce
                         HT20/HT40
                         SM Power Save disabled
                         RX HT40 SGI
                         TX STBC
                         RX STBC 1-stream
                         Max AMSDU length: 3839 bytes
                         DSSS/CCK HT40
                 Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                 Minimum RX AMPDU time spacing: 8 usec (0x06)
                 HT TX/RX MCS rate indexes supported: 0-15
                 Frequencies:
                         * 2412 MHz [1] (20.0 dBm)
                         * 2417 MHz [2] (20.0 dBm)
                         * 2422 MHz [3] (20.0 dBm)
                         * 2427 MHz [4] (20.0 dBm)
                         * 2432 MHz [5] (20.0 dBm)
                         * 2437 MHz [6] (20.0 dBm)
                         * 2442 MHz [7] (20.0 dBm)
                         * 2447 MHz [8] (20.0 dBm)
                         * 2452 MHz [9] (20.0 dBm)
                         * 2457 MHz [10] (20.0 dBm)
                         * 2462 MHz [11] (20.0 dBm)
                         * 2467 MHz [12] (disabled)
                         * 2472 MHz [13] (disabled)
                         * 2484 MHz [14] (disabled)
                 Bitrates (non-HT):
                         * 1.0 Mbps
                         * 2.0 Mbps (short preamble supported)
                         * 5.5 Mbps (short preamble supported)
                         * 11.0 Mbps (short preamble supported)
                         * 6.0 Mbps
                         * 9.0 Mbps
                         * 12.0 Mbps
                         * 18.0 Mbps
                         * 24.0 Mbps
                         * 36.0 Mbps
                         * 48.0 Mbps
                         * 54.0 Mbps
         Band 2:
                 Capabilities: 0x11ce
                         HT20/HT40
                         SM Power Save disabled
                         RX HT40 SGI
                         TX STBC
                         RX STBC 1-stream
                         Max AMSDU length: 3839 bytes
                         DSSS/CCK HT40
                 Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                 Minimum RX AMPDU time spacing: 8 usec (0x06)
                 HT TX/RX MCS rate indexes supported: 0-15
                 Frequencies:
                         * 5180 MHz [36] (17.0 dBm)
                         * 5200 MHz [40] (17.0 dBm)
                         * 5220 MHz [44] (17.0 dBm)
                         * 5240 MHz [48] (17.0 dBm)
                         * 5260 MHz [52] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5280 MHz [56] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5300 MHz [60] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5320 MHz [64] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5500 MHz [100] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5520 MHz [104] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5540 MHz [108] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5560 MHz [112] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5580 MHz [116] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5600 MHz [120] (disabled)
                         * 5620 MHz [124] (disabled)
                         * 5640 MHz [128] (disabled)
                         * 5660 MHz [132] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5680 MHz [136] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5700 MHz [140] (20.0 dBm) (passive scanning, 
no IBSS, radar detection)
                         * 5745 MHz [149] (disabled)
                         * 5765 MHz [153] (disabled)
                         * 5785 MHz [157] (disabled)
                         * 5805 MHz [161] (disabled)
                         * 5825 MHz [165] (disabled)
                 Bitrates (non-HT):
                         * 6.0 Mbps
                         * 9.0 Mbps
                         * 12.0 Mbps
                         * 18.0 Mbps
                         * 24.0 Mbps
                         * 36.0 Mbps
                         * 48.0 Mbps
                         * 54.0 Mbps
         max # scan SSIDs: 4
         max scan IEs length: 2257 bytes
         Coverage class: 0 (up to 0m)
         Supported Ciphers:
                 * WEP40 (00-0f-ac:1)
                 * WEP104 (00-0f-ac:5)
                 * TKIP (00-0f-ac:2)
                 * CCMP (00-0f-ac:4)
                 * CMAC (00-0f-ac:6)
         Available Antennas: TX 0x3 RX 0x3
         Configured Antennas: TX 0x3 RX 0x3
         Supported interface modes:
                  * IBSS
                  * managed
                  * AP
                  * AP/VLAN
                  * WDS
                  * monitor
                  * mesh point
                  * P2P-client
                  * P2P-GO
         software interface modes (can always be added):
                  * AP/VLAN
                  * monitor
         valid interface combinations:
                  * #{ managed, WDS, P2P-client } <= 2048, #{ AP, mesh 
point, P2P-GO } <= 8,
                    total <= 2048, #channels <= 1, STA/AP BI must match
                  * #{ IBSS, AP, mesh point } <= 1,
                    total <= 1, #channels <= 1, STA/AP BI must match
         Supported commands:
                  * new_interface
                  * set_interface
                  * new_key
                  * start_ap
                  * new_station
                  * new_mpath
                  * set_mesh_config
                  * set_bss
                  * authenticate
                  * associate
                  * deauthenticate
                  * disassociate
                  * join_ibss
                  * join_mesh
                  * remain_on_channel
                  * set_tx_bitrate_mask
                  * frame
                  * frame_wait_cancel
                  * set_wiphy_netns
                  * set_channel
                  * set_wds_peer
                  * tdls_mgmt
                  * tdls_oper
                  * probe_client
                  * set_noack_map
                  * register_beacons
                  * Unknown command (89)
                  * Unknown command (92)
                  * Unknown command (104)
                  * connect
                  * disconnect
         Supported TX frame types:
                  * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 
0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 
0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 
0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
                  * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
         Supported RX frame types:
                  * IBSS: 0x40 0xb0 0xc0 0xd0
                  * managed: 0x40 0xd0
                  * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                  * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                  * mesh point: 0xb0 0xc0 0xd0
                  * P2P-client: 0x40 0xd0
                  * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
                  * P2P-device: 0x40 0xd0
         Device supports RSN-IBSS.
         HT Capability overrides:
                  * MCS: ff ff ff ff ff ff ff ff ff ff
                  * maximum A-MSDU length
                  * supported channel width
                  * short GI for 40 MHz
                  * max A-MPDU length exponent
                  * min MPDU start spacing
         Device supports TX status socket option.
         Device supports HT-IBSS.


# lspci | grep Network
04:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network 
Adapter (PCI-Express) (rev 01)


# hwinfo --wlan
32: PCI 400.0: 0282 WLAN controller
   [Created at pci.319]
   Unique ID: YVtp.WCmXRZemh61
   Parent ID: M71A.Quhfnq057a3
   SysFS ID: /devices/pci0000:00/0000:00:07.0/0000:04:00.0
   SysFS BusID: 0000:04:00.0
   Hardware Class: network
   Model: "Atheros AR928X Wireless Network Adapter (PCI-Express)"
   Vendor: pci 0x168c "Atheros Communications Inc."
   Device: pci 0x002a "AR928X Wireless Network Adapter (PCI-Express)"
   SubVendor: pci 0x168c "Atheros Communications Inc."
   SubDevice: pci 0x3099
   Revision: 0x01
   Driver: "ath9k"
   Driver Modules: "ath9k"
   Device File: wlp4s0
   Features: WLAN
   Memory Range: 0xf7e00000-0xf7e0ffff (rw,non-prefetchable)
   IRQ: 19 (no events)
   HW Address: 04:f0:21:0a:64:42
   Link detected: yes
   WLAN channels: 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 
104 108 112 116 132 136 140
   WLAN frequencies: 2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 
2.452 2.457 2.462 5.18 5.2 5.22 5.24 5.26 5.28 5.3 5.32 5.5 5.52 5.54 
5.56 5.58 5.66 5.68 5.7
   WLAN encryption modes: WEP40 WEP104 TKIP CCMP
   WLAN authentication modes: open sharedkey wpa-psk wpa-eap
   Module Alias: "pci:v0000168Cd0000002Asv0000168Csd00003099bc02sc80i00"
   Driver Info #0:
     Driver Status: ath9k is active
     Driver Activation Cmd: "modprobe ath9k"
   Config Status: cfg=no, avail=yes, need=no, active=unknown
   Attached to: #5 (PCI bridge)

# lsmod | grep ath9k
ath9k                 108782  0
mac80211              666756  1 ath9k
ath9k_common           13551  1 ath9k
ath9k_hw              437836  2 ath9k,ath9k_common
ath                    33102  3 ath9k,ath9k_common,ath9k_hw
cfg80211              543250  3 ath9k,mac80211,ath

# journalctl -f
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.11: authentication OK (open system)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
MLME: MLME-AUTHENTICATE.indication(d8:b3:77:cc:8f:28, OPEN_SYSTEM)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
MLME: MLME-DELETEKEYS.request(d8:b3:77:cc:8f:28)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.11: authenticated
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.11: association OK (aid 1)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.11: associated (aid 1)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
MLME: MLME-ASSOCIATE.indication(d8:b3:77:cc:8f:28)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
MLME: MLME-DELETEKEYS.request(d8:b3:77:cc:8f:28)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: event 1 notification
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: start authentication
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.1X: unauthorizing port
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:26 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: EAPOL-Key timeout
Apr 28 02:07:26 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:27 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: EAPOL-Key timeout
Apr 28 02:07:27 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:28 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: EAPOL-Key timeout
Apr 28 02:07:28 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: EAPOL-Key timeout
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: PTKSTART: Retry limit 4 reached
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
WPA: event 3 notification
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.1X: unauthorizing port
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
MLME: MLME-DEAUTHENTICATE.indication(d8:b3:77:cc:8f:28, 2)
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
MLME: MLME-DELETEKEYS.request(d8:b3:77:cc:8f:28)
Apr 28 02:07:34 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28 
IEEE 802.11: deauthenticated due to local deauth request


# grep ^[^#] /etc/hostapd.conf
interface=wlp4s0
bridge=br0
driver=nl80211
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=PowerRouter
country_code=DE
hw_mode=g
channel=11
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ieee80211n=1
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
wpa=2
wpa_psk=06c58fa2a31010c8215ad9ddc2e83607d8876c006b81920658084df728a83d1b
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
rsn_preauth=1
rsn_preauth_interfaces=br0 wlp4s0


# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode 
DEFAULT
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP mode DEFAULT qlen 1000
     link/ether 00:0d:b9:33:8e:ec brd ff:ff:ff:ff:ff:ff
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
state UP mode DEFAULT qlen 1000
     link/ether 00:0d:b9:33:8e:ed brd ff:ff:ff:ff:ff:ff
4: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast 
state DOWN mode DEFAULT qlen 1000
     link/ether 00:0d:b9:33:8e:ee brd ff:ff:ff:ff:ff:ff
5: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master 
br0 state UP mode DEFAULT qlen 1000
     link/ether 04:f0:21:0a:64:42 brd ff:ff:ff:ff:ff:ff
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc 
pfifo_fast state UNKNOWN mode DEFAULT qlen 3
     link/ppp
48: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
     link/ether 04:f0:21:0a:64:42 brd ff:ff:ff:ff:ff:ff


[1] Datasheet of WLE200NX: <http://www.pcengines.ch/pdf/wle200nx.pdf>


More information about the HostAP mailing list