wpa_supplicant disconnects and fails to reconnect (wpa-enterprise)

Georges Toth georges
Sat May 1 10:57:40 PDT 2010

On Saturday 01 May 2010 16:57:36 Jouni Malinen wrote:
> On Wed, Apr 21, 2010 at 02:42:23PM +0200, Georges Toth wrote:
> > So when I loose the connection that is actually the time when the AP
> > requests a re-authentication (AFAICT) and wpa_supplicant fails to do
> > this "correctly".
> > 
> > I collected some debug output today (using -dd) which contains logs from
> > when I first connected to this network, after loosing the connection the
> > first time and several re-connection attempts thereafter.
> > I can send them on demand if this could be useful for locating the
> > problem (~1MB).
> Is this referring to the same log that is attached to a debug bug at the
> following address?
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=wpa_supplicant
> _debug.bz2;att=1;bug=579297

That's exactly the file I was talking about.

> If not, could you please send me the logs? It could also be useful to
> get a debug log with timestamps include (add -t on the command line). It
> is somewhat unclear what the timing is,

I'll try to create another log with timestamps

> but it looks like the
> authentication server does not like PEAP session resumption attempts and
> then starts behaving incorrect after this. Do you happen to know which
> authentication server is used in this network?

No I don't, but since they use m$ and cisco exclusively I guess it's either of 

On the other hand I have setup a similar network using EAP-TTLS and 
freeradius, also have session resumption disabled and strangely have exactly 
the same problems there.
And for that matter everybody else running linux who uses the network.
Windows users don't have that problem, which is also true for the eduroam 
network I made that logfile on.

> Every now and then, authentication seems to actually succeed even with
> PEAP session resumption, but the AP disconnect the client shortly after
> the successfully completed authentication for some reason.

Yes, on the eduroam network I don't even get a new IP whereas that does work 
on my freeredius EAP-TTLS setup...but reconnects can take up to 5seconds.
> If you want to run a test without session resumption, you can disable
> this by adding fast_reauth=0 to wpa_supplicant configuration file. I
> would expect this to avoid some of the problems shown in the log, but it
> may not address all the odd behavior shown by the authentication server
> or AP.

I will test that.

I've read from other people reporting very similar problems on the ubuntu 

They suggest that recompiling wpasupplicant with gnutls would solve the 
problem as it's somehow openssl related.

Thanks for looking at my report ... in case you have any more suggestions for 
testing and finding the problem, let me know, I'd be happy to finally solve 
this :-)


Georges Toth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20100501/09cb31e0/attachment.pgp 

More information about the Hostap mailing list