can't associate using wpa_supplicant, sharp zaurus and Sandisk wifi card
Dan Williams
dcbw
Thu Sep 21 05:00:18 PDT 2006
On Thu, 2006-09-21 at 01:17 -0700, Harondel J. Sibble wrote:
> PART 1
>
> I have 2 Zauri, both SL-5500's, one's running OpenZaurus 3.5.3 and the
> other 3.5.4. The AP is a Linksys WRT-54GS (ver 1.0) running DD-WRT
> firmware V23. There is a second WRT-54GS running same version of DD-WRT in
> client bridged mode for my MediaMVP in the living room streaming from my
> mythtv backend. This works well.
>
> Using WPA-PSK with a really long key, around 41 random characters, and AES
> as the crypto algo, SSID broadcast is disabled and mac address filtering
> is enabled, all my wifi nic's mac addresses are entered into the router's
> allowed list.
>
> My laptop running XPPro with an SMC pccard works fine with the AP. I'm
> pretty sure it was working fine at my old house early this year, I don't
> remember what changes I made at the new house, however the AP was not
> being used with Mythtv at the old place as I had a hardwired line for
> that.
>
> The results I get for both Zauri are identical, I am using WPA supplicant
> and the wifi nic is a prism2.5 based card, the Sandisk Connect Plus 128. I
> have 2 of these and they both exhibit the same issue.
>
> Software
>
> OZ 3.5.4 machine
> -wpa-supplicant - 0.4.8-r8
> -prism3-firmware - 1.8.4-r0 -
> -prism3-support - 1.0.0-r2 -
> -hostap-conf - 1.0-r4 -
> -hostap-modules-2.4.18-rmk7-pxa3-embedix - 0.4.7-r4 -
> -hostap-modules-cs-2.4.18-rmk7-pxa3-embedix - 0.4.7-r4 -
> -hostap-modules-pci-2.4.18-rmk7-pxa3-embedix - 0.4.7-r4 -
> -hostap-utils - 0.4.7-r3 -
>
>
> OZ 3.5.3 machine
> I think I manually compiled and installed wpa-supplicant on this machine
> as it doesn't show up when I run "ipkg list_installed | grep wpa", ditto
> for the prism firmware stuff, at least that was how I set it up
> originally, in trying to get wpa-gui working with the unit, it was
> recommend on the OESF forums by one of the OZ team members that I change
> my sources to use the 3.5.4 feed instead of the old 3.5.3 ones which were
> no longer supported, so now I have
>
> -prism3-firmware - 1.8.3-r2 -
> -prism3-support - 1.0.0-r0 - meta-package for prism3 support through
> ifupdown and hostap_fw_load -hostap-modules - 0.3.7-r0 -
> -hostap-modules-cs - 0.3.7-r0 - -hostap-utils - 0.3.7-r0 -
>
>
> So process is insert Sandisk card, it gets detected and it's light start
> flashing indicating wifi access, using the opie network tool, I can scan
> for AP's and see what's around, or using Wellenreiter or kismet, I can do
> the same thing. So far so good. Next I run my wpa startup script which
> consists of
>
> #! /bin/sh
> wpa_supplicant -ddd -B -i wlan0 -c /etc/wpa_supplicant.conf
>
> The conf file has
>
> network={
> ssid="myssid"
> scan_ssid=1
> psk="mylongpassphrase"
> priority=1
> key_mgmt=WPA-PSK
> pairwise=CCMP TKIP
> # group=CCMP TKIP
> }
>
> After running my startup script, I go into wpa_cli and run "status", it
> says associating and shortly thereafter, I see the following repeated over
> and over again
>
> > <2>Authentication with 00:00:00:00:00:00 timed out.
> <2>Trying to associate with 00:0f:66:44:22:28 (SSID='myssid' freq=2412
> MHz) <2>Authentication with 00:00:00:00:00:00 timed out. <2>Trying to
> associate with 00:0f:66:44:22:28 (SSID='myssid' freq=2412 MHz)
>
> I tried changing to a really simple passphrase last night of "hantavirus"
> and at some point wpa_cli showed associated, however I have not been able
> replicate that again. Even though it showed associated, I was not able to
> get an ip address from the dhcp server on the lan. I vaguely remember
> seeing a line in the ps listing regarding udhcpc (or maybe it was
> dhcp_client) and it looked like it was having a problem of some kind.
>
> Each time I changed the psk on the AP, I'd reboot it just to be sure
> before trying to connect.
>
> The last time I looked at this before putting 3.5.4 on the second Z this
> past weekend, I did a fair bit of googling and found others with the same
> issue, but no resolutions that worked for me. I also remember trying
> different channels too, currently the router is set to AUTO for channel
> selection. I did a little googling this weekend, but found nothing of
> consequence.
>
> PART 2
>
> Well, just to make sure it's not an issue with the linksys routers, I
> thought I'd try the same process with a different router, a MS MN-700
> still running the WinCE firmware. I plan to upgrade it to the Asus linux
> firmware or DD-WRT one day when I get around to making a JTAG cable. as an
> aside, anyone got one for sale?
>
> Anyhow, I setup the router with the "hantavirus" psk and the 256bit
> WPA-PSK security, mac address filtering not enabled. Added the same
> settings in the wpa_supplicant.conf file and got the same results when
> running wpa_supplicant, here's what I see
>
> wpa_supplicant -ddd -B -i wlan0 -c /etc/wpa_supplicant.conf
> Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver
> 'default' ctrl_interface 'N/A' Configuration file
> '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading
> configuration file '/etc/wpa_supplicant.conf'
> ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0
> eapol_version=1 ap_scan=1 fast_reauth=1 Line: 272 - start of a new network
> block ssid - hexdump_ascii(len=9):
> 4d 53 48 4f 4d 45 31 32 33 MSHOME123
> scan_ssid=1 (0x1)
> PSK (ASCII passphrase) - hexdump_ascii(len=10): [REMOVED]
> priority=1 (0x1)
> key_mgmt: 0x2
> pairwise: 0x18
> PSK (from passphrase) - hexdump(len=32): [REMOVED]
> Priority group 1
> id=0 ssid='MSHOME123'
> Initializing interface (2) 'wlan0'
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> SIOCGIWRANGE: WE(compiled)=19 WE(source)=18 enc_capa=0xf
> capabilities: key_mgmt 0xf enc 0xf
> Added alternative ifindex 13 (wifi0) for wireless events
> Added alternative ifindex 13 (wifi0) for wireless events
> Own MAC address: 00:60:b3:6c:ba:8b
> wpa_driver_hostap_set_wpa: enabled=1
> wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
> wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
> wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
> wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
> wpa_driver_hostap_set_countermeasures: enabled=0
> wpa_driver_hostap_set_drop_unencrypted: enabled=1 Setting scan request: 0
> sec 100000 usec Added interface wlan0
>
>
> wpa_cli, shows same errors
>
> Interactive mode
>
> > status
> <2>Authentication with 00:00:00:00:00:00 timed out.
> wpa_state=SCANNING
> > <2>Trying to associate with 00:50:f2:00:00:03 (SSID='MSHOME123'
> > freq=2412 MHz)
> <2>Authentication with 00:00:00:00:00:00 timed out.
> <2>Trying to associate with 00:50:f2:00:00:03 (SSID='MSHOME123' freq=2412
> MHz) <2>Authentication with 00:00:00:00:00:00 timed out. <2>Trying to
> associate with 00:50:f2:00:00:03 (SSID='MSHOME123' freq=2412 MHz)
> <2>Authentication with 00:00:00:00:00:00 timed out. <2>Trying to associate
> with 00:50:f2:00:00:03 (SSID='MSHOME123' freq=2412 MHz) <2>Authentication
> with 00:00:00:00:00:00 timed out. <2>Trying to associate with
> 00:50:f2:00:00:03 (SSID='MSHOME123' freq=2412 MHz) root at collie:~# killall
> wpa_supplicant
>
>
>
>
> PART 3
>
> Hmm, one more data point, just setting up a Fortigate Wifi60a for a client
> and thought what the heck, I'll give that a try and lo and behold it
> works!
>
> wpa_cli
>
> Selected interface 'wlan0'
>
> Interactive mode
>
> > status
> bssid=xx:xx:xx:xx:xx:xx
> ssid=mynewssid
> pairwise_cipher=TKIP
> group_cipher=TKIP
> key_mgmt=WPA-PSK
> wpa_state=COMPLETED
> ip_address=10.88.193.100
>
> Okay, so at least I know that this unit will work with WPA, maybe it just
> doesn't like the use of AES encryption, will need to do some more
> experimentation.
>
> Any suggestions?
If you're disabling SSID broadcasting, what value of "ap_scan" are you
using in the config file? Also, run an 'iwlist ethX scan', look for
your AP, and see what encryption algs it says it actually supports for
the WPA IE and RSN IE.
I tried a Netgear WGR614 the other day, with disabled SSID broadcast,
and I had to match _exactly_ the WPA IE the thing put out or
wpa_supplicant wouldn't connect. For example, if the WPA IE only has
TKIP in it, set your group_cipher to _only_ TKIP and retry. That was
the only thing which made the WGR614 and wpa_supplicant happy with
disabled SSID broadcast. Interestingly, a Linksys WRT54GS also with
disabled SSID broadcast had no problem with "group_cipher=TKIP CCMP"
even though it was only advertising TKIP support.
Dan
>
>
More information about the Hostap
mailing list