wpa_supplicant 0.5.7 and ndiswrapper 1.38 not working

Jouni Malinen j
Sun Apr 29 17:50:09 PDT 2007 

On Sun, Apr 29, 2007 at 06:42:10PM -0400, Brian J. Murrell wrote:

> I'm trying to use wpa_supplicant 0.5.7 with ndiswrapper 1.38 on Ubuntu
> feisty along with the nm-applet.  I choose personal psk and put in my
> key and get the kind of problem I previous wrote this list about here:

> It seems then it was due to using -D ndiswrapper rather than -D wext.

At least now, wext is the way to go with current ndiswrapper releases.

> SIOCGIWRANGE: WE(compiled)=21 WE(source)=18 enc_capa=0x5 
>   capabilities: key_mgmt 0x5 enc 0x7 

The driver is reporting that it supports only WPA (not WPA2) and
WEP/TKIP (not CCMP).

> CTRL_IFACE: SET_NETWORK id=0 name='proto' 
> CTRL_IFACE: value - hexdump_ascii(len=3): [REMOVED] 
> proto: 0x1 

Protocol is set to WPA here..

> 0: 00:12:17:41:37:c8 ssid='ilinx_wpa' wpa_ie_len=30 rsn_ie_len=26 caps=0x11 

The AP seems to support both WPA and WPA2.

> WPA: using IEEE 802.11i/D3.0 

WPA was selected as the protocol.

> WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 2 proto 1 

TKIP as group cipher, TKIP/CCMP as pairwise ciphers, WPA-PSK as key
management suite..

> WPA: using GTK TKIP 
> WPA: using PTK CCMP 
> WPA: using KEY_MGMT WPA-PSK 

wpa_supplicant decided to try to use CCMP as pairwise cipher. This
happens because the current version does not really use the
encapsulation capabilities reported by the driver. This is because most
Linux drivers did not use to reported these correctly and it was safer
to just ignore them. Workaround for this would be to select only TKIP as
the pairwise cipher (pairwise=TKIP in configuration file for the network
block).

> Authentication with 00:00:00:00:00:00 timed out. 

Authentication (and in this case, 802.11 association) is failing, i.e.,
the driver does not report association with the configured parameters.

> Hopefully there is no keying info in there.  :-)

wpa_supplicant should not show any key information in debug log unless
specifically asked to with -k command line option.

> [ 2072.304000] ndiswrapper version 1.38 loaded (preempt=no,smp=yes)
> [ 2072.984000] ndiswrapper (set_encr_mode:694): setting encryption mode to 6 failed (C00000BB)
> [ 2072.984000] wlan0: encryption modes supported: WEP; TKIP with WPA

Encryption mode 6 would be CCMP in NDIS drivers and it looks like the
NDIS driver you are trying to use here does not support CCMP. This is
likely the reason for failed association.


It could finally be time to start using driver capabilities correctly
since many Linux driver are now using wireless extensions to report
these. This would hopefully resolve this particular issue.

As a workaround, you could try adding pairwise=TKIP into the
configuration (I don't know how to do this with NetworkManager, though).
Updating the NDIS driver to something that supports CCMP could be
another option for resolving the issue.
 
-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list