Problem joining linux client to WPA2 RADIUS network
Kevin
lists
Fri Jan 12 12:36:11 PST 2007
Hi List-
I'm using a Linksys wireless router running DD-WRT v23 SP2 (08/30/06) micro
in mode "WPA2 Radius Only" with a separate radius server (freeradius 1.1.1)
to implement my WPA2-Enterprise network.
I've joined both Windows and Apple client computers to this network, as well
as a WiFi VoIP phone, and these supplicants all work as expected.
Now I'm trying to join a Linux client computer to the network and having
troubles. The WLAN NIC is a CF-based PRISM III card and I'm running version
0.4.4-kernel (as labeled in dmesg) of the hostap_cs module. Also loaded
with modprobe hostap_cs are hostap and ieee80211_crypt modules. These
drivers were bundled with a recent OpenZaurus distribution and there are
reports on the oz lists of others being able to do WPA with it.
The kernel version is 2.6.16 compiled for the Zaurus (armv5tel from uname).
I have wpa-supplicant version 0.4.8-r7 installed (I think the r7 is an
ipkg-based numbering scheme).
I've spent many hours reading documentation and example network blocks from
the wpa_supplicant.conf file and think I've set it up correctly, but
probably not since I'm having troubles.
I'm using the default config file (which is very nicely chock full with
examples) with one network block modified, and I've included that here (less
sensitive stuff):
================================
network={
ssid="MyNet"
key_mgmt=WPA-EAP
# key_mgmt=IEEE8021X
# eap=TTLS
eap=TLS
pairwise=CCMP TKIP
group=CCMP TKIP
identity="myself"
password="mypass"
ca_cert="/etc/certs/myCA.crt"
proto=WPA2
client_cert="/etc/certs/client.crt"
private_key="/etc/certs/client.key"
ca_cert2="/etc/certs/myCA.crt"
client_cert2="/etc/certs/client.crt"
private_key2="/etc/certs/client.key"
dh_file2="/etc/certs/myCAdh2048.pem"
# phase1=""
phase2="autheap=MSCHAPV2 autheap=MD5"
# phase2="autheap=MD5"
priority=20
}
================================
The comments reflect some of the various tweaks I've tried to make it work
(none successfully, and the output below was pretty much the same in all cases).
My output from running wpa_supplicant on the command line is (just for
kicks, also tried -i wifi0 to no avail -- same output):
================================
root# wpa_supplicant -dd -i wlan0 -D hostap -c /etc/wpa_supplicant.conf
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver
'hostap' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 261 - start of a new network block
ssid - hexdump_ascii(len=6):
73 69 6d 70 6c 65 simple
PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
priority=5 (0x5)
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Line: 269 - start of a new network block
ssid - hexdump_ascii(len=11):
73 65 63 6f 6e 64 20 73 73 69 64 second ssid
scan_ssid=1 (0x1)
PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
priority=2 (0x2)
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Line: 277 - start of a new network block
ssid - hexdump_ascii(len=7):
65 78 61 6d 70 6c 65 example
proto: 0x1
key_mgmt: 0x2
pairwise: 0x18
group: 0x1e
PSK - hexdump(len=32): [REMOVED]
priority=2 (0x2)
Line: 289 - start of a new network block
ssid - hexdump_ascii(len=7):
65 78 61 6d 70 6c 65 example
proto: 0x2
key_mgmt: 0x1
pairwise: 0x18
group: 0x18
eap methods - hexdump(len=2): 0d 00
identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user at example.com
ca_cert - hexdump_ascii(len=16):
2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
client_cert - hexdump_ascii(len=18):
2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
65 6d em
private_key - hexdump_ascii(len=18):
2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
72 76 rv
private_key_passwd - hexdump_ascii(len=8): [REMOVED]
priority=1 (0x1)
Line: 306 - start of a new network block
ssid - hexdump_ascii(len=7):
65 78 61 6d 70 6c 65 example
key_mgmt: 0x1
eap methods - hexdump(len=2): 19 00
identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user at example.com
password - hexdump_ascii(len=6): [REMOVED]
ca_cert - hexdump_ascii(len=16):
2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
phase1 - hexdump_ascii(len=11):
70 65 61 70 6c 61 62 65 6c 3d 31 peaplabel=1
phase2 - hexdump_ascii(len=13):
61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2
priority=10 (0xa)
Line: 318 - start of a new network block
ssid - hexdump_ascii(len=10):
aa bb cc dd ee ff 00 11 22 33 MyNet
key_mgmt: 0x1
eap methods - hexdump(len=2): 0d 00
pairwise: 0x18
group: 0x18
identity - hexdump_ascii(len=6):
00 11 22 33 44 55 myself
password - hexdump_ascii(len=21): [REMOVED]
ca_cert - hexdump_ascii(len=25):
aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 /etc/certs/myCA.crt
proto: 0x2
client_cert - hexdump_ascii(len=21):
00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff /etc/certs/client.crt
private_key - hexdump_ascii(len=21):
00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff /etc/certs/client.crt
ca_cert2 - hexdump_ascii(len=25):
aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 /etc/certs/myCA.crt
client_cert2 - hexdump_ascii(len=21):
00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff /etc/certs/client.crt
private_key2 - hexdump_ascii(len=21):
00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff /etc/certs/client.crt
dh_file2 - hexdump_ascii(len=31):
aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 99 /etc/certs/myCA
aa bb cc dd ee ff 00 11 22 33 44 55 66 77 88 dh2048.pem
phase2 - hexdump_ascii(len=28):
61 75 74 68 65 61 70 3d 4d 53 43 48 41 50 56 32 autheap=MSCHAPV2
20 61 75 74 68 65 61 70 3d 4d 44 35 autheap=MD5
priority=20 (0x14)
<large section of output snipped to get message body size below 25 kb>
Line: 499 - start of a new network block
ssid - hexdump_ascii(len=10):
74 65 73 74 20 61 64 68 6f 63 test adhoc
mode=1 (0x1)
proto: 0x1
key_mgmt: 0x10
pairwise: 0x1
group: 0x8
PSK (ASCII passphrase) - hexdump_ascii(len=17): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Line: 511 - start of a new network block
ssid - hexdump_ascii(len=7):
65 78 61 6d 70 6c 65 example
scan_ssid=1 (0x1)
key_mgmt: 0xf
pairwise: 0x18
group: 0x1e
PSK (ASCII passphrase) - hexdump_ascii(len=22): [REMOVED]
eap methods - hexdump(len=4): 15 19 0d 00
identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 63 6f 6d user at example.com
password - hexdump_ascii(len=6): [REMOVED]
ca_cert - hexdump_ascii(len=16):
2f 65 74 63 2f 63 65 72 74 2f 63 61 2e 70 65 6d /etc/cert/ca.pem
client_cert - hexdump_ascii(len=18):
2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
65 6d em
private_key - hexdump_ascii(len=18):
2f 65 74 63 2f 63 65 72 74 2f 75 73 65 72 2e 70 /etc/cert/user.p
72 76 rv
private_key_passwd - hexdump_ascii(len=8): [REMOVED]
phase1 - hexdump_ascii(len=11):
70 65 61 70 6c 61 62 65 6c 3d 30 peaplabel=0
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Priority group 20
id=5 ssid='MyNet'
Priority group 10
id=4 ssid='example'
Priority group 5
id=0 ssid='simple'
id=14 ssid='static-wep-test'
id=15 ssid='static-wep-test2'
Priority group 2
id=1 ssid='second ssid'
id=2 ssid='example'
id=6 ssid='example'
id=8 ssid='example'
Priority group 1
id=3 ssid='example'
Priority group 0
id=7 ssid='example'
id=9 ssid='example'
id=10 ssid=''
id=11 ssid='1x-test'
id=12 ssid='leap-example'
id=13 ssid='plaintext-test'
id=16 ssid='test adhoc'
id=17 ssid='example'
Initializing interface (2) 'wlan0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=19 WE(source)=18 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf
Added alternative ifindex 5 (wifi0) for wireless events
Added alternative ifindex 5 (wifi0) for wireless events
Own MAC address: 00:11:22:33:44:55
wpa_driver_hostap_set_wpa: enabled=1
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hostap_set_countermeasures: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Added interface wlan0
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=11):
<removed> second ssid
Wireless event: cmd=0x8b19 len=8
Received 199 bytes of scan results (2 BSSes)
Scan results: 2
Selecting BSS from priority group 20
0: <MAC removed> ssid='MyNet' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
selected based on RSN IE
Trying to associate with <MAC removed> (SSID='MyNet' freq=???? MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=26): 00 11 22 33 44 55 66 77 88 99 00 aa bb
04 00 0f ac 02 01 00 00 0f ac 01 01 00
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00
00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_hostap_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RSN: added PMKSA cache candidate <MAC removed> prio 1000
RSN: processing PMKSA candidate list
RSN: not in suitable state for new pre-authentication
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=19
Authentication with 00:00:00:00:00:00 timed out.
Added BSSID 00:00:00:00:00:00 into blacklist
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=7):
65 78 61 6d 70 6c 65 example
Wireless event: cmd=0x8b19 len=8
Received 100 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 20
0: <MAC removed> ssid='MyNet' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
selected based on RSN IE
Trying to associate with <MAC removed> (SSID='MyNet' freq=???? MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=26): 00 11 22 33 44 55 66 77 88 99 00 aa bb
04 00 0f ac 02 01 00 00 0f ac 01 01 00
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00
00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_hostap_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RSN: added PMKSA cache candidate <MAC removed> prio 1000
RSN: processing PMKSA candidate list
RSN: not in suitable state for new pre-authentication
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=19
Authentication with 00:00:00:00:00:00 timed out.
BSSID 00:00:00:00:00:00 blacklist count incremented to 2
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b19 len=8
Received 607 bytes of scan results (3 BSSes)
Scan results: 3
Selecting BSS from priority group 20
0: <OtherMAC removed> ssid='OtherNet' wpa_ie_len=26 rsn_ie_len=0 caps=0x11
skip - SSID mismatch
1: <MAC removed> ssid='MyNet' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
selected based on RSN IE
Trying to associate with <MAC removed> (SSID='MyNet' freq=???? MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=26): 00 11 22 33 44 55 66 77 88 99 00 aa bb
04 00 0f ac 02 01 00 00 0f ac 01 01 00
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00
00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_hostap_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RSN: added PMKSA cache candidate <MAC removed> prio 1000
RSN: processing PMKSA candidate list
RSN: not in suitable state for new pre-authentication
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=19
Authentication with 00:00:00:00:00:00 timed out.
BSSID 00:00:00:00:00:00 blacklist count incremented to 3
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=11):
73 65 63 6f 6e 64 20 73 73 69 64 second ssid
Wireless event: cmd=0x8b19 len=8
Received 262 bytes of scan results (3 BSSes)
Scan results: 3
Selecting BSS from priority group 20
0: <MAC removed> ssid='MyNet' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
selected based on RSN IE
Trying to associate with <MAC removed> (SSID='MyNet' freq=???? MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=26): 00 11 22 33 44 55 66 77 88 99 00 aa bb
04 00 0f ac 02 01 00 00 0f ac 01 01 00
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT 802.1X
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00
00 0f ac 04 01 00 00 0f ac 01 00 00
No keys have been configured - skip key clearing
wpa_driver_hostap_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_hostap_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RSN: added PMKSA cache candidate <MAC removed> prio 1000
RSN: processing PMKSA candidate list
RSN: not in suitable state for new pre-authentication
Wireless event: cmd=0x8b06 len=8
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=19
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface wlan0
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_hostap_set_wpa: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=0
wpa_driver_hostap_set_countermeasures: enabled=0
No keys have been configured - skip key clearing
Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
Cancelling scan request
================================
The key line above seems to be this one:
"RSN: not in suitable state for new pre-authentication"
but I don't understand it.
In case it's useful, some of the dmesg buffer corresponding to the
wpa_supplicant invocation is:
================================
pccard: PCMCIA card inserted into slot 1
pcmcia: registering new device pcmcia1.0
hostap_cs: setting Vcc=33 (constant)
hostap_cs: setting Vcc=33 (from config)
Checking CFTABLE_ENTRY 0x01 (default 0x01)
IO window settings: cfg->io.nwin=1 dflt.io.nwin=1
io->flags = 0x0046, io.base=0x0000, len=64
hostap_cs: Registered netdevice wifi0
hostap_cs: index 0x01: Vcc 3.3, irq 137, io 0xc4840000-0xc484003f
prism2_hw_init: initialized in 200 ms
wifi0: NIC: id=0x000a v1.0.0
wifi0: PRI: id=0x00 v1.1.1
wifi0: STA: id=0x00 v1.8.0
wifi0: registered netdevice wlan0
wlan0: Host AP mode does not support 'Any' essid
prism2: wlan0: operating mode changed 3 -> 2
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=33:33:00:00:00:16
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=ff:ff:ff:ff:ff:ff
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=33:33:ff:71:84:37
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=33:33:00:00:00:02
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=ff:ff:ff:ff:ff:ff
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=ff:ff:ff:ff:ff:ff
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=33:33:00:00:00:16
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=33:33:00:00:00:02
A4=00:00:00:00:00:00
wifi0: TXEXC - status=0x0004 ([Discon]) tx_control=000c
retry_count=0 tx_rate=0 fc=0x0108 (Data::0 ToDS)
A1=00:00:00:00:00:00 A2=00:11:22:33:44:55 A3=33:33:00:00:00:02
A4=00:00:00:00:00:00
wlan0: no IPv6 routers present
wifi0: LinkStatus=2 (Disconnected)
wifi0: LinkStatus: BSSID=44:44:44:44:44:44
wifi0: LinkStatus=2 (Disconnected)
wifi0: LinkStatus: BSSID=44:44:44:44:44:44
wifi0: LinkStatus=2 (Disconnected)
wifi0: LinkStatus: BSSID=44:44:44:44:44:44
wifi0: LinkStatus=2 (Disconnected)
wifi0: LinkStatus: BSSID=44:44:44:44:44:44
wlan0: Trying to join BSSID <MAC removed>
wifi0: LinkStatus=6 (Association failed)
wifi0: LinkStatus: BSSID=44:44:44:44:44:44
wifi0: LinkStatus=2 (Disconnected)
wifi0: LinkStatus: BSSID=44:44:44:44:44:44
wlan0: Preferred AP (SIOCSIWAP) is used only in Managed mode when
host_roaming is enabled
================================
The <MAC removed> string replaced the MAC address of my router in all cases.
I've obscured some other details too, but hopefully not so much that the
details are not helpful.
I see no log activity reflecting any connection attempt by this Linux client
on either the radius server or the DD-WRT, and I usually do see typical log
activity on both when a new client joins this network.
I suspect a number of possibilities as the problem, and I know that a big
part of the problem is my incomplete understanding of WPA2 in general, but I
do have it working with several other devices, so I don't think it's too
awfully bad:
1) In spite of all indications on the radius server and the router showing
WPA2 Radius, a packet detection tool reports WEP encryption for this
network. I'm at a loss to explain that, but I think it's a mistake on the
part of the detection tool. If I'm wrong about that though, then perhaps
this network itself is misconfigured.
2) I thought I was setting this network up with PKI certificates, and I
understand this system pretty well, but I'm confused by the fact that none
of the client computers that I *can* join with the network seem to need
their client certificates or any information about the CA that issued both
client and server certs. I have user credentials configured for the radius
server, and that seems to be all that is necessary for these clients to join
the network. This could be the problem too.
3) Most likely: An incorrect configuration in wpa_supplicant.conf.
Can someone offer some suggestions on what the problem is?
Thanks in advance.
-Kevin
More information about the Hostap
mailing list