PMKSA/PMKID issue(s)
Zimmermann, Christopher Brian Chris
cbzimmermann
Mon Jan 24 07:24:25 PST 2005
Jouni,
That did the trick.
Thanks,
Chris
-----Original Message-----
From: hostap-bounces+cbzimmermann=agere.com at shmoo.com
[mailto:hostap-bounces+cbzimmermann=agere.com at shmoo.com] On Behalf Of
Zimmermann, Christopher Brian (Chris)
Sent: Saturday, January 22, 2005 1:10 AM
To: Jouni Malinen
Cc: hostap at shmoo.com
Subject: RE: PMKSA/PMKID issue(s)
Jouni,
I'll try these right now and let you know.
Thanks,
Chris
-----Original Message-----
From: Jouni Malinen [mailto:jm at jm.kir.nu] On Behalf Of Jouni Malinen
Sent: Saturday, January 22, 2005 1:03 AM
To: Zimmermann, Christopher Brian (Chris)
Cc: hostap at shmoo.com
Subject: Re: PMKSA/PMKID issue(s)
On Sat, Jan 22, 2005 at 12:41:21AM -0500, Zimmermann, Christopher Brian
(Chris) wrote:
> You can see the EAP-SUCCESS, but the PMKID does not get processed via
> rsn_preauth_eapol_cb(). Both of these APs come from the Terrawave
> WPA2/WMM testbed package.
Interesting.. wpa_supplicant is discarding the EAP-Success packet for
the pre-authentication case even though it was accepted for the normal
authentication. It looks like I have not tested pre-authentication with
RADIUS servers that do not conform to EAP RFC (i.e., ones that require
EAP workarounds in wpa_supplicant).. EAPOL state machine initialization
in rsn_preauth_init() was not initializing couple of configuration
fields and this disabled EAP workarounds for pre-authentication even if
they were enabled for the normal authentication.
Please let me know whether the attached patch fixes this issue. This
change is already committed to CVS, too.
> But I don't get a add_pmkid() call into the driver interface. And the
> timeout gets called, too.
This is because the EAP-Success was never processed..
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Success
> EAP: Workaround for unexpected identifier field in EAP Success:
reqId=6 lastId=5 (these are supposed to be same)
> EAP: EAP entering state SUCCESS
> EAPOL: SUPP_BE entering state RECEIVE
> EAPOL: SUPP_BE entering state SUCCESS
This is the EAP-Success for the normal authentication.
> EAPOL: Received EAP-Success
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Success
> EAP: EAP entering state DISCARD
This is for pre-authentication and it is discarded because of the EAP
workaround not being enabled here.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap
More information about the Hostap
mailing list