Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
ralf+hostap at ramses-pyramidenbau.de
Sun May 3 16:32:57 EDT 2015
Am 2015-05-03 21:14, schrieb Jouni Malinen:
> On Mon, Apr 27, 2015 at 06:01:43PM +0200, Ralf Ramsauer wrote:
>> I also tried another WPA2-Enterprise WiFi which uses TTLS/PAP instead
>> of PEAP/MSCHAPv2 - same problem here.
> Which authentication server are you using? It sounds like the main
> here is in interoperability issue in TLS v1.2 key derivation for EAP.
> The same derivation mechanism is used for both TTLS and PEAP.
> Are you by any chance using FreeRADIUS with TLS v1.2 enabled but before
> the key derivation fix went in (March 31, 2015)? If so, that would
> explain the problem due to FreeRADIUS deriving a different MSK when
> using TLS v1.2.
For the TTLS/PAP one we're using freeradius version 2.2.6. Tommorrow
i'll tell the admin to upgrade and report what happens then.
The second one is the WiFi of my university. I have no influence on that
WiFi. I only know that they're using lots of Cisco stuff together with
Microsoft Active Directory.
> Newer version of wpa_supplicant just happens to trigger this by
> TLS v1.2 to be negotiated, but the real fix is likely needed on the
> authentication server.
I can tell you tommorrow.
More information about the HostAP