Deauthentication while connecting to RADIUS
Dennis Borgmann
dennis.borgmann
Thu Nov 15 22:51:14 PST 2007
Dear list-members,
I got a new AP, that uses 2 Atheros-WLAN-devices and runs Linux with the
madwifi-driver in use. In addition, the hostapd is in use.
My laptop is connected via ethernet to this AP and is running the
FreeRADIUS server. I have a client running an Atheros-card on Linux as
well, so there I do also have madwifi in addition to wpa_supplicant.
Schematically, this is my setup:
|------------| |------------| |----------------|
|Laptop | (1) |Accesspoint | (2) | Desktop-PC |
|192.168.1.3 |------|192.168.1.1 |--)) ((--|192.168.1.2 |
| FreeRADIUS | |hostapd | | wpa_supplicant |
|------------| |------------| |----------------|
Now, I am sniffing with wireshark on the Laptop and "in the air",
meaning in between the AP and the Desktop-PC. What I now get is the
information, that my request to the radius-server succeeds
(Access-accept sent out from the Laptop, seen in the sniff on connection
(1) and EAP-Success including ACK sniffed on connection (2)). But
direcly after the "EAP-Success"-frame is sent out by the AP to the
Desktop-PC, the AP sends out a Deauthentication-frame to the Desktop-PC
saying the previos authentication would no longer be valid (0x0002).
There is no frame in between the ACK sent by the Desktop-PC and the DEAUTH
sent by the AP, the time elapsed in between those two frames is
roundabout 1 ms.
I do not see the point, why the AP rejects the authentication after a
succeeded EAP-authentication.
The output of
hostapd -ddd /etc/hostapd/hostapd1.conf
gives these three lines (among thousands of others):
WPA: 00:14:85:da:c6:f1 WPA_PTK entering state INITPMK
WPA: Could not get PMK
WPA: 00:14:85:da:c6:f1 WPA_PTK entering state DISCONNECT
So far with my problem. Does anyone see the point that I did wrong? Just
for completeness, I posted my config-files at the following link (it's just a text file 66kB of size):
http://fb03il20.no-ip.org/~herakles/radius-problems
Kind regards and thanks for every hint in advance,
Dennis
More information about the Hostap
mailing list