<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Arial, sans-serif" size="2">
<div>Greetings,</div>
<div> </div>
<div>I’m trying to set up a seamless roaming environment in our company, with linux rich-thin clients.</div>
<div>As access points we have cisco industry APs connected to a cisco wlan controller.</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>As I understood it, proactive key caching doesn’t matter as I don’t have a RADIUS server anyways. So the 4way-handshake plus the 4way-group handshake has to happen every time the client connects to another AP, right?</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>The 4way handshake stuff takes considerable time when roaming, so I take it that something with the configuration is wrong (either on supplicant or authentificator side), as I read comments that it shouldn’t take longer than some 100 milliseconds.</div>
<div>Currently it takes about 8 seconds roughly. The log output with timestamps and my wpa_supplicant configuration file can be found in this mails attachment. </div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>There are two points that take way too long:</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>1268048247.043680: RSN: PMKID from Authenticator - hexdump(len=16): 76 d7 84 9e 81 ac 57 c0 29 cc c1 5a 7b fc a8 b2</div>
<div>1268048247.043744: RSN: no matching PMKID found</div>
<div>1268048247.063012: WPA: Renewed SNonce - hexdump(len=32): e8 72 3a bc c6 2d 5e a0 f8 f2 16 d1 af a0 b5 09 47 83 d0 b7 5e 28 8e 5c 81 37 6a 81 ed f0 71 ce</div>
<div>1268048247.063313: WPA: PTK derivation - A1=00:15:6d:54:c5:f2 A2=00:23:33:a4:b4:a2</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>Something about no pre-cached keys found in the driver? Should the driver have them, or is it normal behaviour?</div>
<div> </div>
<div>And:</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>1268048247.063388: WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00</div>
<div>1268048247.063489: WPA: Sending EAPOL-Key 2/4</div>
<div>1268048247.068555: RX EAPOL from 00:23:33:a4:b4:a2</div>
<div>1268048247.068597: IEEE 802.1X RX: version=2 type=3 length=151</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>The supplicant sends some sort of key to the AP and has to wait about 5 seconds until he get a result?</div>
<div> </div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>Really appreciate your help. Also some hints for good resources to understand the detailed processes that happen during authentification would be great, as I don’t want you all to fix the problem for me alone..</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div>With regards</div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<a name="_MailAutoSig"></a>
<div><font face="Verdana, sans-serif">Mit freundlichen Grüßen</font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Verdana, sans-serif"><b>Stefan Schulte</b><font color="#0000FF"> </font></font></div>
<div><font face="Verdana, sans-serif">GB Finanzen und IT<br>
IT-Logistik</font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Verdana, sans-serif">Viega GmbH & Co. KG<font color="#0000FF"> <br>
</font>Zum langen Acker 7, D-57439 Attendorn<font color="#0000FF"> </font></font></div>
<div>Telefon (+49) 2722 61 35 85, Telefax (+49) 2722 61 94 35 85<font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Verdana, sans-serif">Email: stefan.schulte@viega.de<font color="#0000FF"> <</font><a href="http://www.viega.de/">http://www.viega.de/</a>></font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
<div><font face="Times New Roman, serif" size="3"> </font></div>
</font>
</body>
</html>