Hostapd / Macbook Pro 4-way handshake issue

Michael Stevens mike
Thu Jul 13 13:35:00 PDT 2006 

We have determined that MacBook Pros connecting to hostapd 0.4.9 have a
problem with the 4-way handshake when wpa=3 (WPA and WPA2 operation). We
have found this condition when using EAP for key management and a Microsoft
Active Directory server for the RADIUS server. The error appears to be that
there is no response to the 3rd packet of the 4-way handshake. We also tested
the Mac Book Pro against an Airport Express in a similar configuration and it
worked. Tcpdumps of both EAPOL exchanges are attached. It seems that the IEs
may have something to do with this bug and when they are sent as that is what
differs between the two.

Here are all the test scenarios for hostap that we tried with the exact same
configuration except for the listed changes and whether they succeded or
failed.

configurations tested
------------------------------------------------------
Y wpa=1 wpa_pairwise=TKIP
Y wpa=1 wpa_pairwise=CCMP
Y wpa=1 wpa_pairwise=TKIP CCMP
Y wpa=2 wpa_pairwise=CCMP
Y wpa=2 wpa_pairwise=TKIP CCMP
N wpa=3 wpa_pairwise=CCMP
N wpa=3 wpa_pairwise=TKIP CCMP

$ cat /etc/hostapd.conf

# Interface to run on, and driver
interface=ath0
driver=bsd

logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

# Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive
debug=0

# Dump file for state information (on SIGUSR1)
dump_file=/tmp/hostapd.dump

# Running interface and group
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

# IEEE 802.11 related configuration
ssid=accesspoint
macaddr_acl=0
auth_algs=1

# IEEE 802.1x-rev related configruation
ieee8021x=1
eapol_key_index_workaround=0

# Integrated EAP server
# currently unused
eap_server=0

# RADIUS client configuration
own_ip_addr=127.0.0.1
auth_server_addr=10.0.0.2
auth_server_port=1812
auth_server_shared_secret=password

# WPA/IEEE 802.11i configuration
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP TKIP
wpa_group_rekey=3600

-------------- next part --------------
A non-text attachment was scrubbed...
Name: filtered-macbook-vs-airport.pcap
Type: application/octet-stream
Size: 849 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060713/fb645e66/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: filtered-macbook-vs-hostap.pcap
Type: application/octet-stream
Size: 11689 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060713/fb645e66/attachment-0001.obj

More information about the Hostap mailing list