<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial, helvetica, sans-serif;font-size:10pt"><DIV></DIV>
<DIV> <FONT face=Tahoma size=2><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Chuck Tuffli <Chuck.Tuffli@dspg.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> Ahmad Ali Tabassam <ahmadthe8@yahoo.com><BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Friday, July 31, 2009 11:46:02 PM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: 802.11r debug question<BR></FONT><BR><FONT size=2><BR>> From: Chuck Tuffli <Chuck.Tuffli@dspg.com><BR>> 802.11r debug question<BR>> > I'm trying to get 802.11r working on our client using the 0.7.x<BR>> > versions of wpa_supplicant and hostapd, but keep >getting the error<BR>> > "WPA: invalid MIC in msg 2/4 of 4-Way Handshake". If I look at the<BR>> > logs for the supplicant and >hostapd, the hexdump of PMK-RO,<BR>> > PMKR0Name, PMK-R1, PMKR1Name, etc should match on both sides, right?<BR>> > Thanks!<BR></FONT></DIV>
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, sans-serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, sans-serif">
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, sans-serif">
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<P><FONT size=2><BR>> From: Ahmad Ali Tabassam [<A href="mailto:ahmadthe8@yahoo.com" target=_blank rel=nofollow ymailto="mailto:ahmadthe8@yahoo.com">mailto:ahmadthe8@yahoo.com</A>]<BR>> Sent: Fri 7/31/2009 12:55 AM<BR>> To: Chuck Tuffli<BR>> Subject: Re: 802.11r debug question<BR>><BR>> The names and the IDs of the Key holders of both levels should match.<BR>> This error is normally a sign of either incorrectly configured WPA/FT<BR>> PSK/passphrase or an implementation error. Are you sure that the same<BR>> pre-shared key and same type of it is configured in both the AP and<BR>> client? also check your chiphersuits..<BR>><BR></FONT> </P></DIV></DIV>
<P><FONT size=2><FONT face="Times New Roman">I updated your .conf files, update XXXXXXXXXXXX and XX:XX.XX:XX:XX:XX with your NIC MAC address, using the same format. </FONT></FONT></P>
<P><FONT size=2><FONT face="Times New Roman">There were minor mistakes in ciphersuite selection, NAS Identififier and Key-Holders-IDS. For all details check the (IEEE 02.11r- 2008)</FONT></FONT></P>
<P><FONT face="Times New Roman">Now it should work. </FONT></P>
<P><FONT size=2><FONT face="Times New Roman"></FONT></FONT> </P>
<P><FONT size=2><BR>wpa_supplicant.conf file:<BR><BR>ctrl_interface=/var/run/wpa_supplicant<BR>update_config=1</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>eapol_version=1</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>ap_scan=1<BR><BR>network={<BR> ssid="MyWayKickAssAP"</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2> scan_ssid=1<BR> proto=RSN<BR> key_mgmt=FT-PSK<BR> psk="12345678"<BR> pairwise=CCMP<BR> group=CCMP TKIP<BR>}<BR><BR>the interesting parts of hostapd.conf:<BR><BR>interface=wlan0<BR>driver=nl80211</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>ssid=MyWayKickAssAP<BR>#eap_server=0</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>eap_server=1</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>ieee8021x=1</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>eapol_version=1<BR>own_ip_addr=127.0.0.1<BR>nas_identifier=ap1.example.com<BR>wpa=2</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>auth_algs=3<BR>wpa_passphrase=12345678<BR>wpa_key_mgmt=FT-PSK<BR>#wpa_pairwise=CCMP</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>rsn_pairwise=CCMP<BR>mobility_domain=a1b2<BR>r0_key_lifetime=10000<BR>#r1_key_holder=000102030405</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>r1_key_holder=XXXXXXXXXXXX<BR>reassociation_deadline=1000<BR>#r0kh=02:01:02:03:04:05 <A href="http://ap2.example.com/" target=_blank rel=nofollow>ap2.example.com</A> 000102030405060708090a0b0c0d0e0f</FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2></FONT> </P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2># <NIC MAC Address> <NAS Identifier > <128-bit Key></FONT></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>r0kh=XX:XX:XX:XX:XX:XX <A href="http://ap2.example.com/" target=_blank rel=nofollow>ap1.example.com</A> 000102030405060708090a0b0c0d0e0f<BR></P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2></FONT> </P>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2># <NIC MAC Address> <R0KH-ID> <128-bit Key></FONT></P></FONT>
<P style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><FONT size=2>r1kh=XX:XX:XX:XX:XX:XX XX:XX:XX:XX:XX:XX 000102030405060708090a0b0c0d0e0f<BR><BR><EM></EM></FONT><FONT size=3><SPAN style="COLOR: rgb(0,0,255)"><SPAN style="FONT-WEIGHT: bold">B</SPAN>est <SPAN style="FONT-WEIGHT: bold">R</SPAN>egards <BR></SPAN><SPAN style="COLOR: rgb(0,0,255)"><SPAN style="FONT-WEIGHT: bold">A</SPAN>hmad </SPAN></FONT></P></DIV><BR></DIV></DIV></div><br>
</body></html>