wpa_supplicant doesn't reconnect to AP (after turning off/on AP)

Pongsak Tawankanjanachot egapongsak
Thu Mar 26 20:05:40 PDT 2009


Hi,
    I continued your suggestion. My Access Point is Ralink Chipset (with
Ralink's hostpad).

1) wpa_supplicant.conf disable PMKSA caching by default, but I put a
parameter anyway and try. Here it is
ctrl_interface=/var/run/wpa_supplicant
 eapol_version=1
 ap_scan=1
 network={
        ssid="AW_FHO"
        key_mgmt=WPA-EAP IEEE8021X
        pairwise=CCMP
        eap=PEAP
        proactive_key_caching=0
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
        identity="test"
        password="test"
 }

   When I turn off/on access point, wpa_supplicant debug message is shown:

Authentication with 00:1a:4d:3c:6f:aa timed out.
wpa_driver_ralink_get_bssid
wpa_driver_ralink_get_associnfo
wpa_driver_ralink_get_associnfo: association success
wpa_driver_ralink_poll_timeout: Connected!!
wpa_driver_ralink_get_bssid
State: SCANNING -> ASSOCIATED
wpa_driver_ralink_get_bssid
Associated with 00:1a:4d:3c:6f:aa
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: maintaining EAP method data for fast reauthentication
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
RSN: PMKSA caching - do not send EAPOL-Start
Authentication with 00:1a:4d:3c:6f:aa timed out.
wpa_driver_ralink_get_bssid
wpa_driver_ralink_get_associnfo
wpa_driver_ralink_get_associnfo: association success
wpa_driver_ralink_poll_timeout: Connected!!
wpa_driver_ralink_get_bssid
State: SCANNING -> ASSOCIATED
wpa_driver_ralink_get_bssid
Associated with 00:1a:4d:3c:6f:aa
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: maintaining EAP method data for fast reauthentication
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
*RSN: PMKSA caching - do not send EAPOL-Start*

   Still the same result as without proactive_key_caching parameter in
wpa_supplicant.conf

2) I then kill process wpa_supplicant and run it again (with the same
wpa_supplicant.conf). It shows another error as:
RX EAPOL from 00:1a:4d:3c:6f:aa
EAPOL: Received EAP-Packet frame
RX EAPOL from 00:1a:4d:3c:6f:aa
EAPOL: Received EAP-Packet frame
Authentication with 00:1a:4d:3c:6f:aa timed out.
wpa_driver_ralink_get_bssid
wpa_driver_ralink_get_associnfo
wpa_driver_ralink_get_associnfo: association success
wpa_driver_ralink_poll_timeout: Connected!!
wpa_driver_ralink_get_bssid
State: SCANNING -> ASSOCIATED
wpa_driver_ralink_get_bssid
Associated with 00:1a:4d:3c:6f:aa
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
RX EAPOL from 00:1a:4d:3c:6f:aa
Setting authentication timeout: 10 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
*EAP: buildIdentity: configuration was not available*
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE

   How come that EAP cannot build identity from configuration file??

3) In addition, I test with LinkSys WAP54G (turn off/on Linksys). It works
fine, successfully reconnect to LinkSys.
   I use AeroPeek to sniff the packet by comparing Linksys and Ralink
Chipset AP.
   I find that EAPOL-Start must originate from wpa_supplicant, then AP asks
for identity, password,....etc.
   In my issue, wpa_supplicant doesn't send EAPOL-Start due to PMKSA
caching.

  Or I must do some configuration at the AP to disable PMKSA caching?(so
wpa_supplicant would send EAPOL-Start)

4) Is there any related to parameter fast_reauth ??

   Any shared idea would be welcome and appreciated.

Regards,
Pongsak


On Wed, Mar 4, 2009 at 2:02 AM, Jouni Malinen <j at w1.fi> wrote:

> On Wed, Feb 25, 2009 at 10:08:23AM +0700, Pongsak Tawankanjanachot wrote:
>
> >    I'm using wpa_supplicant (with Ralink chipset) to connect with Access
> > point (Ralink chipset).
> >    My security setting is WPA2 by using freeradius as a Radius server.
>
> Have you tried this with WPA (which would disable PMKSA caching)?
>
> >    Firstly, the supplicant successfully connects to AP (access point)
> >    Then, I turn off/on the AP, wpa_supplicant tries to reauthenticate and
> > show debug message like: (just some part of whole messages)
>
> > Associated with 00:1d:7d:09:51:74
> > WPA: Association event - clear replay counter
> ...
> > Authentication with 00:1d:7d:09:51:74 timed out.
>
> It looks like the driver is able to associate with the AP, but no EAPOL
> frames are delivered to wpa_supplicant. This would requiring debugging
> the driver and/or the AP. A good starting step would be to use a
> wireless sniffer to capture the frames sent between the devices and see
> where the AP is sending out EAPOL-Key messages after association.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090327/a58f24f7/attachment.htm 



More information about the Hostap mailing list