How to do WEP-PEAP?

Marc Haber mh+hostap
Wed Nov 15 01:33:58 PST 2006


Hi Bryan,

thanks for taking your time with my issue.

On Tue, Nov 14, 2006 at 12:42:01PM -0500, Bryan Kadzban wrote:
> On Tue, Nov 14, 2006 at 04:37:48PM +0100, Marc Haber wrote:
> > |ap_scan=2
> > <...>
> > |        key_mgmt=IEEE8021X
> > |        pairwise=CCMP TKIP
> > |        group=CCMP TKIP WEP104 WEP40
> 
> Since you're using ap_scan=2, you need to have only ONE value for both
> pairwise and group.  You can't use multiple values, because setting
> ap_scan to 2 means that wpa_supplicant will just blindly program the
> security settings and ESSID into the driver, and let the driver handle
> the choice of BSSID.  wpa_supplicant needs to have *one* value for all
> the security settings, including the pairwise and group ciphers.

I see, thanks for that clarification.

> It sounds like you probably need to set pairwise to WEP104 and group to
> the same thing, if those are supported for key_mgmt=IEEE8021X.

WEP104 is not a valid value for pairwise. wpa_supplicant refuses to
start up:
Line 13: not allowed pairwise cipher (0x4).
Line 13: failed to parse pairwise 'WEP104'.
Line 21: failed to parse network block.
Failed to read or parse configuration '/etc/wpa_supplicant.conf.local'.

When I comment out the pairwise line completely, wpa_supplicant starts
up, but does not associate. Debuglog pasted later.

>   You could set ap_scan=1, but that won't work with a hidden SSID
>   (except with some drivers, if you add scan_ssid=1 to the network
>   block).
> 
> OTOH, ap_scan=2 only works with some drivers, too, so depending on what
> driver you're using (wpa_supplicant's -D option), this may not even be
> possible.  I think you said Centrino, so that would probably be the
> ipw22whatever kernel driver; I'm not sure if that works with the wext
> driver in wpa_supplicant, but I believe it does.

Yes, the driver in question is ipw2200, using the wext backend. With
that setup, I can associate
- to my home network (SSID broadcast, WPA-PSK)
- to the network at my girlfriend's place (SSID hidden, WEP104 with static key)
- to public hotspots (SSID broadcast, unencrypted)

I am therefore reasonably sure that the client is in order.

> And I don't know if wext is one of the drivers that works with
> ap_scan=2.

It does, I need ap_scan=2 to associate to the network at my
girlfriend's place.

Greetings
Marc

Debug log:
$ sudo wpa_supplicant -d -i eth1 -c /etc/wpa_supplicant.conf.local
Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf.local' driver 'default' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf.local' -> '/etc/wpa_supplicant.conf.local'
Reading configuration file '/etc/wpa_supplicant.conf.local'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='0' (DEPRECATED)
eapol_version=1
ap_scan=2
fast_reauth=1
Priority group 0
   id=0 ssid='<ssid>'
Initializing interface (2) 'eth1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=20 WE(source)=18 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:0e:35:93:e7:6b
wpa_driver_hostap_set_wpa: enabled=1
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
Failed to set encryption.
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
Failed to set encryption.
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
Failed to set encryption.
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
Failed to set encryption.
wpa_driver_hostap_set_countermeasures: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
ctrl_interface_group=0
Added interface eth1
RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK: operstate=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
State: DISCONNECTED -> SCANNING
Trying to associate with SSID '<ssid>'
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_hostap_associate
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
Setting authentication timeout: 60 sec 0 usec
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b1a len=27
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
<snip, this goes on for like a minute)
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
Authentication with 00:00:00:00:00:00 timed out.
Added BSSID 00:00:00:00:00:00 into blacklist
State: ASSOCIATING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Trying to associate with SSID '<ssid>'
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_hostap_associate
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
Setting authentication timeout: 60 sec 0 usec
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b1a len=27
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
<snip. This time, I hit Ctrl-C>
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b19 len=8
Received 457 bytes of scan results (2 BSSes)
Scan results: 2
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface eth1
State: ASSOCIATING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_hostap_set_wpa: enabled=0
ioctl[PRISM2_IOCTL_HOSTAPD]: Operation not supported
wpa_driver_hostap_set_drop_unencrypted: enabled=0
wpa_driver_hostap_set_countermeasures: enabled=0
No keys have been configured - skip key clearing
WEXT: Operstate: linkmode=0, operstate=6
Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
Cancelling scan request


-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




More information about the Hostap mailing list