WPA - AP association Issue

Bryan Kadzban bryan
Wed Oct 31 09:48:41 PDT 2007

On Wed, Oct 31, 2007 at 07:16:40PM +0530, Mr. Maloomnahi wrote:
> I have recompiled the complete WPA stack with a new config as attached.
> Result is the same.

See below for comments on the file, but basically, I'm not surprised
that this .config file didn't work.

> I have also tested the same with diferent ap_scan values and without
> the parameters: eapol_flags, engine, pkcs11 etc

OK, but since you used the file you attached when compiling, you'll have
to fix the file, recompile the program, and try it again.

Anyway, a couple comments on the config file (so it's correct once the
program actually starts reading it):

> =================
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=0
> eapol_version=1
> ap_scan=2
> fast_reauth=1
> wpa_passphrase=DEAD-BEEF-AA

This setting should *not* be in the global section.  It should be in the
network block.

> pkcs11_engine_path=/usr/lib/libcoolkeypk11.so

This is not required.  We have several machines using WPA2-EAP-TLS
without any special pkcs11_engine, and it works fine.  Kill it.  :-)

> network={
>         ssid="SEMCO_AP"
>         proto=WPA2
>         pairwise=CCMP
>         auth_alg=OPEN
>         key_mgmt=WPA-EAP
>         identity="semco"
>         group=CCMP
>         engine=1
>         mode=0

I suspect these last two lines aren't needed either.

>         eap=tls
>         ca_cert="/usr/bin/CA/ca-cert.pem"
>         client_cert="/usr/bin/CA/ca-cert.pem"
>         private_key="/usr/bin/CA/private/ca-key.pem"
>         private_key_passwd="DEAD-BEEF-AA"
>         eapol_flags=3

I'd also try it without the eapol_flags (once you get a working binary
that reads this file).

> As you mentioned, I still feel the conf file reading issue, but the
> path and the file content as eactly how the websites and forums have
> explained.

There is no builtin filename that wpa_supplicant uses as a config file.
You *have* to give it the -c option (unless you set CONFIG_BACKEND to
"winreg", and put the settings in the registry, and you're using the
Windows port).  And you *can't* set a default path for this file.

Anyway, on to the .config file itself:

> # Uncomment following two lines and fix the paths if you have installed OpenSSL
> # or GnuTLS in non-default location
> #CFLAGS += -I/usr/local/openssl/include
> #LIBS += -L/usr/local/openssl/lib
> CFLAGS += -I/usr/local/ssl/include -I/usr/include/openssl
> LIBS += -L/usr/local/ssl/lib -L/usr/src/linux-2.6.18/lib -L/usr/src/linux/lib

Did you try without these two last lines?  The /usr/src/linux* paths,
especially, make me uncomfortable.  Try commenting all this out and
seeing if it works (though you will probably have to install your
distro's openssl-dev package or equivalent).

> # Some Red Hat versions seem to include kerberos header files from OpenSSL, but
> # the kerberos files are not in the default include path. Following line can be
> # used to fix build issues on such systems (krb5.h not found).
> #CFLAGS += -I/usr/include/kerberos
> CFLAGS += -I/usr/include/kerberosIV

See if it will compile if you comment this out as well.  It should not
be needed unless your openssl headers are "weird".

> # Select configuration backend:
> # file = text file (e.g., wpa_supplicant.conf)
> # winreg = Windows registry (see win_example.reg for an example)
> #CONFIG_BACKEND=/etc/wpa_supplicant/wpa_supplicant.conf
> CONFIG_BACKEND=/home/prashant/authenticator/wpa_supplicant/EAP_TLS_CCMP.conf

Here's your problem, I think.  This *needs* to be set to "file" (i.e.
not a filename, but the four characters "file") according to the
Makefile.  I'm not sure where the second (commented-out) example here
came from, but it's not valid.

Set this to "file" and recompile everything ("make clean" then "make").
See if that makes it say something about reading the configuration file.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20071031/cb637010/attachment.pgp 

More information about the Hostap mailing list