Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
Dan Williams
dcbw
Mon Apr 27 07:21:30 PDT 2015
On Mon, 2015-04-27 at 16:34 +0300, Jouni Malinen wrote:
> On Mon, Apr 27, 2015 at 02:54:00PM +0200, Ralf Ramsauer wrote:
> > After connecting to a WPA2-Enterprise network (wpa_supplicant 2.4-r1,
> > PEAP/MSCHAPv2) I got the following messages in my journal (suspicious
> > line highlighted):
>
> > *Apr 27 13:45:49 lefay wpa_supplicant[638]: nl80211: Unexpected
> > encryption algorithm 5*
>
> It looks like this gets printed even when the driver does not support
> vendor extensions for configuring PMK for offloading operations. I guess
> this could be cleaned up a bit by removing that call when the driver did
> not indicate support for it. Anyway, this should not cause any
> difference in behavior since the error from this operation is ignored.
>
> > Apr 27 13:45:49 lefay NetworkManager[545]: <info> (wlp3s0):
> > supplicant interface state: associated -> 4-way handshake
> > Apr 27 13:46:11 lefay NetworkManager[545]: <warn> (wlp3s0):
> > Activation: (wifi) association took too long
This just means that the supplicant failed to associate with the AP
within about 15 - 20 seconds. Usually we have to dig down into
supplicant debug logs to figure out why.
> I would need to see more details on this to be able to determine what
> happened. Can you run wpa_supplicant manually (i.e., without
> NetworkManager) and add -dd on the command line?
Alternatively, it's fine to run with NetworkManager, you can do this as
root:
mv /usr/sbin/wpa_supplicant /
killall -TERM wpa_supplicant
/wpa_supplicant -dddtu (and redirect to your favorite log file)
After you re-start the supplicant in the last command NM should
automatically attempt to reconnect, and you get all the log output we
need. To get back to normal you can:
mv /wpa_supplicant /usr/sbin/
and you're good.
(yes, there are dbus commands to change log levels, but not all
distributions enable file logging or have the file in the same place...)
Dan
> > So 2.4-r1 seems to use a 4 way handshake, 2.2 uses a three way
> > handshake? Why did it change?
>
> I'm not sure what you are referring to with "three way handshake". There
> has been no changes in the protocol design between those versions.
>
> > So I recompiled wpa_supplicant 2.4-r1 with debugging symbols and started
> > analyzing.
> >
> > The suspicious line "*nl80211: Unexpected encryption algorithm 5*" is
> > thrown in driver_nl80211.c line 2399. It is a switch-case on the
> > algorithm for WPA_ALG_PMK, which is ... not supported?
> > Hum?
>
> This is unlikely to be the main reason for the failure to complete
> connection since the code path ends up trying to set a key which is
> using unsupported algorithm. I'll remove this if the driver does not
> indicate explicitly support for key management offload. Anyway, I don't
> think that that change would fix the main issue here..
>
> Which driver are you using?
>
More information about the Hostap
mailing list