hostap with WPA-PSK

Saul Tannenbaum saul
Sun Apr 3 12:09:33 PDT 2005 

Casey T. Deccio wrote:
>  Hi,
> 
>  I have had hostap running on my machine (Debian sarge with 2.6.8 
> kernel) for a while with WEP.  It's worked just fine for that.  Now I am 
> looking to secure things a little more by using WPA-PSK with hostapd.  I 
> haven't had much success in getting it going.  My client (Apple 
> PowerBook) trys to associate with the AP, and I am prompted to supply a 
> WEP password, although WEP is not configured.  If I try to manually use 
> a WPA-PSK then the response is that that type of authentication isn't 
> available.  I've looked through the READMEs and I'm not sure where to go 
> next.

I've tried hostapd with an Apple iBook and had,
well, mixed success.

The advice I got from Jouni was:

> On Sat, Mar 12, 2005 at 03:37:52PM -0500, Saul Tannenbaum wrote:
> 
> 
>>> I've gotten hostapd working fine in WPA Personal mode,
>>> and I can connect from an Windows XP client without
>>> any problems.
>>> 
>>> I've been unable to get it to connect from two
>>> Macintoshes I've tried. The Macs both are running
>>> Mac OS 10.3, one with an old Airport (802.11b)
>>> card, one a newer Airport Extreme (802.11g) card.
> 
> 
> I have not tested the current hostapd version with Mac OS 10.3 clients.
> Could you please first test what happens if you enable only TKIP as a
> pairwise cipher ("wpa_pairwise=TKIP")? If that does not help, I would
> suggest testing a change in hostap/ieee802_1x.h to use EAPOL version 1
> (i.e., change '2' to '1' on "#define EAPOL_VERSION 2" line).

(search the archives for "Subject: hostapd EAPOL-Key timeouts from 
Macintosh clients")

That worked for the initial connection, but I kept having the
client hang and needing to shutdown and restart the Airport
connection. There was nothing logged anywhere, at any debugging
level. I dropped back to hostap, and plan to try again after
Mac OS 10.4 ships.

The other problem I had was trying to figure out what information
the Mac maintained about connections. What seemed to be the best
tactic was to define a new location for each attempt, since there
seemed to be a combination of old cached information, and new
connection information, which utterly confused me.

  - Saul



-- 
Saul Tannenbaum         Home: saul at tannenbaum.org
                         Work: Saul.Tannenbaum at tufts.edu

More information about the Hostap mailing list