Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
ralf+hostap at ramses-pyramidenbau.de
Mon May 4 12:59:41 EDT 2015
so here's the news:
Freeradius 2.2.6 fails to connect with
May 04 17:43:03 lefay wpa_supplicant: nl80211: Unexpected
encryption algorithm 5
Freeradius 2.2.7 just works fine.
But keep in mind, in most cases people do not have access to the wifi
And as I don't know the backend of my university, I don't know what
FYI: Today i read that Arch downgraded to wpa_supplicant 2.3 referencing
on this thread . Initially it was reported at  by someone else.
Some others seem to have experienced the same bug.
On 05/03/2015 10:32 PM, Ralf wrote:
> Am 2015-05-03 21:14, schrieb Jouni Malinen:
>> On Mon, Apr 27, 2015 at 06:01:43PM +0200, Ralf Ramsauer wrote:
>>> I also tried another WPA2-Enterprise WiFi which uses TTLS/PAP
>>> instead of PEAP/MSCHAPv2 - same problem here.
>> Which authentication server are you using? It sounds like the main issue
>> here is in interoperability issue in TLS v1.2 key derivation for EAP.
>> The same derivation mechanism is used for both TTLS and PEAP.
>> Are you by any chance using FreeRADIUS with TLS v1.2 enabled but before
>> the key derivation fix went in (March 31, 2015)? If so, that would
>> explain the problem due to FreeRADIUS deriving a different MSK when
>> using TLS v1.2.
> For the TTLS/PAP one we're using freeradius version 2.2.6. Tommorrow
> i'll tell the admin to upgrade and report what happens then.
> The second one is the WiFi of my university. I have no influence on
> that WiFi. I only know that they're using lots of Cisco stuff together
> with Microsoft Active Directory.
>> Newer version of wpa_supplicant just happens to trigger this by enabling
>> TLS v1.2 to be negotiated, but the real fix is likely needed on the
>> authentication server.
> I can tell you tommorrow.
> Thank you
> HostAP mailing list
> HostAP at lists.shmoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP