PTK cipher mismatch

Jouni Malinen jkmaline
Fri Jun 9 21:03:15 PDT 2006

On Fri, Jun 09, 2006 at 09:08:30AM +0300, Mihai Maties wrote:

> network={
>         ssid="SomeNet"
>         key_mgmt=IEEE8021X
>         eap=LEAP
>         identity="mihai.maties"
>         password="mypassword"
> }
> I'm pretty sure the wireless network configuration didn't change, the only 
> things that did change are: the kernel version (2.6.12 -> 2.6.15) and 
> wpa_supplicant version (0.4.5 -> 0.4.8).

This configuration would be using IEEE 802.1X and LEAP with WEP keys and
looks fine for that kind of use.

> I cannot describe the AP configuration since I do not have access to it, but 
> if you are interested in a specific parameter tell me and I'll try to figure 
> it out from a friend that uses Windows (the parameters are configured 
> automatically).
> I followed your suggestions and changed the config file to:
> network={
>         ssid="SomeNet"
>         key_mgmt=WPA-EAP
>         auth_alg=LEAP
>         identity="mihai.maties"
>         password="mypassword"
> }

This would be using WPA and LEAP with TKIP or CCMP encryption.

> ... but from my point of view the things are pretty much the same: "PTK cipher 
> mismatch". I attached the debug log, maybe it helps.

This looks like the AP would indeed be advertising WPA support. Since
your configuration file did not limit the cipher suite, I would assume
that the AP is trying to use one of the Cisco specific ciphers (CKIP,
CMIC, or CKIP+CMIC). It _may_ also allow non-WPA case (i.e., your
earlier configuration with IEEE 802.1X). It would be worth verifying
whether this is indeed allowed before spending much time with this.

> One more thing: in the 0.4.8 version I see now some parameters related to 
> opensc engine. Could this be an issue ? I tried setting these parmaters to 
> some libraries that seem to be what the program needs but still no luck.

No, those are not used with LEAP.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list