Hi,<br> I continued your suggestion. My Access Point is Ralink Chipset (with Ralink's hostpad).<br><br>1) wpa_supplicant.conf disable PMKSA caching by default, but I put a parameter anyway and try. Here it is<br>ctrl_interface=/var/run/wpa_supplicant<br>
eapol_version=1<br> ap_scan=1<br> network={<br> ssid="AW_FHO"<br> key_mgmt=WPA-EAP IEEE8021X<br> pairwise=CCMP<br> eap=PEAP<br> proactive_key_caching=0<br> phase1="peaplabel=0"<br>
phase2="auth=MSCHAPV2"<br> identity="test"<br> password="test"<br> }<br><br> When I turn off/on access point, wpa_supplicant debug message is shown:<br><br>Authentication with 00:1a:4d:3c:6f:aa timed out.<br>
wpa_driver_ralink_get_bssid<br>wpa_driver_ralink_get_associnfo<br>wpa_driver_ralink_get_associnfo: association success<br>wpa_driver_ralink_poll_timeout: Connected!!<br>wpa_driver_ralink_get_bssid<br>State: SCANNING -> ASSOCIATED<br>
wpa_driver_ralink_get_bssid<br>Associated with 00:1a:4d:3c:6f:aa<br>WPA: Association event - clear replay counter<br>EAPOL: External notification - portEnabled=0<br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>EAPOL: SUPP_BE entering state INITIALIZE<br>
EAP: EAP entering state DISABLED<br>EAPOL: External notification - portValid=0<br>EAPOL: External notification - portEnabled=1<br>EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: SUPP_BE entering state IDLE<br>EAP: EAP entering state INITIALIZE<br>
EAP: maintaining EAP method data for fast reauthentication<br>EAP: EAP entering state IDLE<br>Setting authentication timeout: 10 sec 0 usec<br>Cancelling scan request<br>EAPOL: startWhen --> 0<br>EAPOL: SUPP_PAE entering state CONNECTING<br>
EAPOL: txStart<br>RSN: PMKSA caching - do not send EAPOL-Start<br>Authentication with 00:1a:4d:3c:6f:aa timed out.<br>wpa_driver_ralink_get_bssid<br>wpa_driver_ralink_get_associnfo<br>wpa_driver_ralink_get_associnfo: association success<br>
wpa_driver_ralink_poll_timeout: Connected!!<br>wpa_driver_ralink_get_bssid<br>State: SCANNING -> ASSOCIATED<br>wpa_driver_ralink_get_bssid<br>Associated with 00:1a:4d:3c:6f:aa<br>WPA: Association event - clear replay counter<br>
EAPOL: External notification - portEnabled=0<br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>EAPOL: SUPP_BE entering state INITIALIZE<br>EAP: EAP entering state DISABLED<br>EAPOL: External notification - portValid=0<br>
EAPOL: External notification - portEnabled=1<br>EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: SUPP_BE entering state IDLE<br>EAP: EAP entering state INITIALIZE<br>EAP: maintaining EAP method data for fast reauthentication<br>
EAP: EAP entering state IDLE<br>Setting authentication timeout: 10 sec 0 usec<br>Cancelling scan request<br>EAPOL: startWhen --> 0<br>EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: txStart<br><b>RSN: PMKSA caching - do not send EAPOL-Start</b><br>
<br> Still the same result as without proactive_key_caching parameter in wpa_supplicant.conf<br><br>2) I then kill process wpa_supplicant and run it again (with the same wpa_supplicant.conf). It shows another error as:<br>
RX EAPOL from 00:1a:4d:3c:6f:aa<br>EAPOL: Received EAP-Packet frame<br>RX EAPOL from 00:1a:4d:3c:6f:aa<br>EAPOL: Received EAP-Packet frame<br>Authentication with 00:1a:4d:3c:6f:aa timed out.<br>wpa_driver_ralink_get_bssid<br>
wpa_driver_ralink_get_associnfo<br>wpa_driver_ralink_get_associnfo: association success<br>wpa_driver_ralink_poll_timeout: Connected!!<br>wpa_driver_ralink_get_bssid<br>State: SCANNING -> ASSOCIATED<br>wpa_driver_ralink_get_bssid<br>
Associated with 00:1a:4d:3c:6f:aa<br>WPA: Association event - clear replay counter<br>EAPOL: External notification - portEnabled=0<br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>EAPOL: SUPP_BE entering state INITIALIZE<br>
EAP: EAP entering state DISABLED<br>EAPOL: External notification - portValid=0<br>EAPOL: External notification - portEnabled=1<br>EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: SUPP_BE entering state IDLE<br>EAP: EAP entering state INITIALIZE<br>
EAP: EAP entering state IDLE<br>Setting authentication timeout: 10 sec 0 usec<br>Cancelling scan request<br>EAPOL: startWhen --> 0<br>EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: txStart<br>RX EAPOL from 00:1a:4d:3c:6f:aa<br>
Setting authentication timeout: 10 sec 0 usec<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_PAE entering state RESTART<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_PAE entering state AUTHENTICATING<br>
EAPOL: SUPP_BE entering state REQUEST<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=7 method=1 vendor=0 vendorMethod=0<br>EAP: EAP entering state IDENTITY<br>CTRL-EVENT-EAP-STARTED EAP authentication started<br>
EAP: EAP-Request Identity data - hexdump_ascii(len=0):<br><b>EAP: buildIdentity: configuration was not available</b><br>EAP: EAP entering state SEND_RESPONSE<br>EAP: EAP entering state IDLE<br><br> How come that EAP cannot build identity from configuration file??<br>
<br>3) In addition, I test with LinkSys WAP54G (turn off/on Linksys). It works fine, successfully reconnect to LinkSys.<br> I use AeroPeek to sniff the packet by comparing Linksys and Ralink Chipset AP.<br> I find that EAPOL-Start must originate from wpa_supplicant, then AP asks for identity, password,....etc.<br>
In my issue, wpa_supplicant doesn't send EAPOL-Start due to PMKSA caching.<br><br> Or I must do some configuration at the AP to disable PMKSA caching?(so wpa_supplicant would send EAPOL-Start)<br><br>4) Is there any related to parameter fast_reauth ??<br>
<br> Any shared idea would be welcome and appreciated.<br><br>Regards,<br>Pongsak<br><br><br><div class="gmail_quote">On Wed, Mar 4, 2009 at 2:02 AM, Jouni Malinen <span dir="ltr"><<a href="mailto:j@w1.fi">j@w1.fi</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">On Wed, Feb 25, 2009 at 10:08:23AM +0700, Pongsak Tawankanjanachot wrote:<br>
<br>
> I'm using wpa_supplicant (with Ralink chipset) to connect with Access<br>
> point (Ralink chipset).<br>
> My security setting is WPA2 by using freeradius as a Radius server.<br>
<br>
</div>Have you tried this with WPA (which would disable PMKSA caching)?<br>
<div class="im"><br>
> Firstly, the supplicant successfully connects to AP (access point)<br>
> Then, I turn off/on the AP, wpa_supplicant tries to reauthenticate and<br>
> show debug message like: (just some part of whole messages)<br>
<br>
</div><div class="im">> Associated with 00:1d:7d:09:51:74<br>
> WPA: Association event - clear replay counter<br>
</div>...<br>
<div class="im">> Authentication with 00:1d:7d:09:51:74 timed out.<br>
<br>
</div>It looks like the driver is able to associate with the AP, but no EAPOL<br>
frames are delivered to wpa_supplicant. This would requiring debugging<br>
the driver and/or the AP. A good starting step would be to use a<br>
wireless sniffer to capture the frames sent between the devices and see<br>
where the AP is sending out EAPOL-Key messages after association.<br>
<font color="#888888"><br>
--<br>
Jouni Malinen PGP id EFC895FA<br>
_______________________________________________<br>
HostAP mailing list<br>
<a href="mailto:HostAP@lists.shmoo.com">HostAP@lists.shmoo.com</a><br>
<a href="http://lists.shmoo.com/mailman/listinfo/hostap" target="_blank">http://lists.shmoo.com/mailman/listinfo/hostap</a><br>
</font></blockquote></div><br>