wpa_cli roam
Dan Williams
dcbw
Tue Feb 14 08:50:31 PST 2012
On Tue, 2012-02-14 at 14:03 +0100, Patrick Herrmann wrote:
> Hello,
>
> I have some trouble using "wpa_cli roam <bssid>" command. I use EAP-TTLS (PAP) to authenticate supplicants.
>
> I let wpa_supplicant (using nl80211 driver) connect to AP1 (also nl80211 driver). Afterwards I use "wpa_cli roam" to connect to AP2. Both APs and the supplicant cache the PMKs as expected (verfied via wpa_cli pmksa).
What kernel version are you using, and what wifi hardware do you have?
Successful WPA Enterprise roaming depends quite a bit on the kernel and
drivers too.
Dan
> Now I initiate the handover from AP2 back to AP1. The lookup of the PMKID succeeds as can be seen in the debug output below. But the nl80211 driver fails sometimes "nl80211: MLME command failed ret=-2 (No such file or directory)":
> ----------------
> RSN: PMKID - hexdump(len=16): b8 ac 09 8e 2a 61 e8 0a 36 d7 e3 ba 47 4d 26 65
> RSN: Trying to use cached PMKSA
> RSN: using IEEE 802.11i/D9.0
> WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1 proto 2
> WPA: clearing AP WPA IE
> WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 0c 00
> WPA: using GTK CCMP
> WPA: using PTK CCMP
> WPA: using KEY_MGMT 802.1X
> WPA: Set own WPA IE default - hexdump(len=40): 30 26 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 01 00 b8 ac 09 8e 2a 61 e8 0a 36 d7 e3 ba 47 4d 26 65
> Cancelling scan request
> Trying to authenticate with 00:1f:f3:c0:89:0f (SSID='itsecmeshclient' freq=5300 MHz)
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=0 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=1 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=2 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=3 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x1d409d0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> addr=00:1f:f3:c0:89:0f
> State: COMPLETED -> AUTHENTICATING
> EAPOL: External notification - EAP success=0
> EAPOL: External notification - EAP fail=0
> EAPOL: External notification - portControl=Auto
> nl80211: Authenticate (ifindex=3)
> * bssid=00:1f:f3:c0:89:0f
> * freq=5300
> * SSID - hexdump_ascii(len=15):
> 69 74 73 65 63 6d 65 73 68 63 6c 69 65 6e 74 itsecmeshclient
> * IEs - hexdump(len=0): [NULL]
> * Auth Type 0
> nl80211: MLME command failed: ret=-2 (No such file or directory)
> Authentication request to the driver failed
> Setting scan request: 1 sec 0 usec
> ----------------
>
> But sometimes it works as expected (debug output):
> ----------------
> RSN: PMKID - hexdump(len=16): 79 94 7a 39 a2 56 23 f1 73 bd d5 da 01 09 c6 9c
> RSN: Trying to use cached PMKSA
> RSN: using IEEE 802.11i/D9.0
> WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1 proto 2
> WPA: clearing AP WPA IE
> WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 0c 00
> WPA: using GTK CCMP
> WPA: using PTK CCMP
> WPA: using KEY_MGMT 802.1X
> WPA: Set own WPA IE default - hexdump(len=40): 30 26 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 01 00 79 94 7a 39 a2 56 23 f1 73 bd d5 da 01 09 c6 9c
> Cancelling scan request
> Trying to authenticate with 00:19:e3:fb:eb:35 (SSID='itsecmeshclient' freq=5260 MHz)
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=0 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=1 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=2 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x44e669 key_idx=3 set_tx=0 seq_len=0 key_len=0
> wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x1d258a0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> addr=00:19:e3:fb:eb:35
> State: COMPLETED -> AUTHENTICATING
> EAPOL: External notification - EAP success=0
> EAPOL: External notification - EAP fail=0
> EAPOL: External notification - portControl=Auto
> nl80211: Authenticate (ifindex=3)
> * bssid=00:19:e3:fb:eb:35
> * freq=5260
> * SSID - hexdump_ascii(len=15):
> 69 74 73 65 63 6d 65 73 68 63 6c 69 65 6e 74 itsecmeshclient
> * IEs - hexdump(len=0): [NULL]
> * Auth Type 0
> nl80211: Authentication request send successfully
> nl80211: Event message available
> nl80211: MLME event 37
> ----------------
>
> I also took a look at the APs debug output. The PMK is looked up correctly and no full EAP authentication is executed (i.e. the cached PMK is used for the 4-way-handshake).
>
> I checked the sources. The error message is produced by the call of "send_and_recv_msgs(drv, msg, NULL, NULL);" in "wpa_driver_nl80211_authenticate" and thereofre I am stuck at the moment.
>
> Does anyone know why nl80211 sometimes fails?
>
> Thank you in advance,
> Patrick Herrmann
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
More information about the Hostap
mailing list