Interworking and its creds

Jouni Malinen j
Sun Aug 19 02:26:04 PDT 2012

On Sat, Aug 18, 2012 at 07:48:00AM +0530, Dr. Ajay N. Khosla wrote:
> I have created two interworking and HS2.0 ssid TEST-Open (with out any key) and TEST-80211u (with WPA2-Enterprise). The hostapd.conf contain following parameter 

You cannot have an open network with HS 2.0. hostapd did not enforce
this, but I'll make it reject that configuration so that only the
WPA2-Enterprise case can use hs20=1 parameter.

> I created configuration file wpa_supplicant.conf 
> cred={ 
> roaming_consortium="2233445566" 

That value is not in correct format. The roaming consortium OI is a
binary field and you would configure it as a hexdump, not ASCII string
of those digits.. In other words:


> > interworking_select 
> OK 

> <3>ANQP fetch completed 
> <3>CTRL-EVENT-DISCONNECTED bssid=02:27:22:e5:a0:2a reason=3 locally_generated=1 
> <3>SME: Trying to authenticate with 02:27:22:e5:a0:2a (SSID='TEST-Open' freq=2437 MHz) 
> <3>Trying to associate with 02:27:22:e5:a0:2a (SSID='TEST-Open' freq=2437 MHz) 

> The first one 02:27:22:e5:a0:2b is TEST-80211u and other 02:27:22:e5:a0:2a is TEST-Open to which I are connected. After interworking_select command it always disconnect and reconnected to connected SSID. 

That reconnection was not supposed to be there with plain
itnerworking_select, i.e., it should only happen with
"interworking_select auto". I'll fix that in wpa_supplicant.

> Now I wanted to connect ie. interworking_connect to TEST-80211u (WPA2-Enterprise) using above mention cred. When I give command 
> > interworking_connect 02:27:22:e5:a0:2b 

This is expected - you cannot use interworking_connect unless you first
see a network match, i.e., "INTERWORKING-AP" event in wpa_cli. There
were no matches because of the incorrectly configured roaming
consortium. With that fixed, the configuration file works fine:

<3>SME: Trying to authenticate with 02:00:00:00:02:00 (SSID='TEST-Open' freq=2412 MHz)
<3>Trying to associate with 02:00:00:00:02:00 (SSID='TEST-Open' freq=2412 MHz)
<3>Associated with 02:00:00:00:02:00
<3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:02:00 completed (auth) [id=0 id_str=]
> interworking_select                   
<3>Starting ANQP fetch for 02:00:00:00:01:00
<3>RX-ANQP 02:00:00:00:01:00 ANQP Capability list
<3>RX-ANQP 02:00:00:00:01:00 Venue Name
<3>RX-ANQP 02:00:00:00:01:00 Roaming Consortium list
<3>RX-ANQP 02:00:00:00:01:00 Domain Name list
<3>RX-HS20-ANQP 02:00:00:00:01:00 HS Capability List
<3>Starting ANQP fetch for 02:00:00:00:02:00
<3>RX-ANQP 02:00:00:00:02:00 ANQP Capability list
<3>RX-ANQP 02:00:00:00:02:00 Venue Name
<3>RX-ANQP 02:00:00:00:02:00 Roaming Consortium list
<3>RX-ANQP 02:00:00:00:02:00 Domain Name list
<3>RX-HS20-ANQP 02:00:00:00:02:00 HS Capability List
<3>ANQP fetch completed
<3>INTERWORKING-AP 02:00:00:00:01:00 type=home
<3>INTERWORKING-AP 02:00:00:00:02:00 type=home
> interworking_connect 02:00:00:00:01:00
<3>CTRL-EVENT-DISCONNECTED bssid=02:00:00:00:02:00 reason=3 locally_generated=1
<3>SME: Trying to authenticate with 02:00:00:00:01:00 (SSID='TEST-80211u' freq=2412 MHz)
<3>Trying to associate with 02:00:00:00:01:00 (SSID='TEST-80211u' freq=2412 MHz)
<3>Associated with 02:00:00:00:01:00
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
<3>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
<3>CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=wifi-server'
<3>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
<3>WPA: Key negotiation completed with 02:00:00:00:01:00 [PTK=CCMP GTK=CCMP]
<3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:01:00 completed (reauth) [id=1 id_str=]

> It fails and give debug output as give below
> 1345275655.290046: RX ctrl_iface - hexdump_ascii(len=38):
>      49 4e 54 45 52 57 4f 52 4b 49 4e 47 5f 43 4f 4e   INTERWORKING_CON
>      4e 45 43 54 20 30 32 3a 32 37 3a 32 32 3a 65 35   NECT 02:27:22:e5
>      3a 61 30 3a 32 62                                 :a0:2b          
> 1345275655.290149: Interworking: Could not parse NAI Realm list from 02:27:22:e5:a0:2b
> 1345275655.290163: Interworking: No matching credentials and EAP method found for 02:27:22:e5:a0:2b

Since the roaming consortium OI did not match (due to misconfiguration),
wpa_supplicant tried to use NAI Realm list and that did not exist in
this case. As such, this was expected behavior.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list