How to specify wildcard ssid in wpa_supplicant.conf ?

Dan Williams dcbw at redhat.com
Mon Sep 16 07:40:06 PDT 2019


On Sun, 2019-09-15 at 19:10 -0400, M. Ranganathan wrote:
> Hello,
> 
> I am trying to set up a scenario whereby a client tries automatically
> authenticate with an access point without apriori knowledge of the
> SSID. The idea is that the client will detect the access point
> (without knowing its SSID apriori) and use certificate based EAP
> (EAP-TLS) to authenticate.

Wildcard SSID is only currently allowed if the BSSID is explicitly set,
or if key management is WPS.  See the check_ssid logic in the
wpa_scan_res_match() function in events.c.

So I don't think it'll work.  I'll leave it to Jouni to say if this is
intended or if wildcard SSID for regular APs is a desirable feature.

Dan

> I have the following configuration (notice that there is no ssid --
> this all works fine if I specify the ssid ).
> 
> wpa_supplicant.conf
> 
> ctrl_interface=/var/run/wpa_supplicant
> eapol_version=2
> network={
>    key_mgmt=WPA-EAP
>    identity="mranga at nist.gov"
>    eap=TLS
>    scan_ssid=1
>    ca_cert="/home/mranga/mininet-wifi/examples/eap-tls/CA/ca.crt"
>    client_cert="/home/mranga/mininet-wifi/examples/eap-
> tls/CA/client.crt"
>    private_key="/home/mranga/mininet-wifi/examples/eap-
> tls/CA/client.key"
> }
> 
> hostapd.conf is as follows:
> 
> interface=ap1-wlan1
> driver=nl80211
> ssid=simplewifi
> wds_sta=1
> hw_mode=g
> channel=1
> ap_isolate=1
> eap_server=1
> ieee8021x=1
> wpa=2
> eap_message=howdy
> eapol_version=2
> wpa_key_mgmt=WPA-EAP
> logger_syslog=-1
> logger_syslog_level=0
> ca_cert=/home/mranga/mininet-wifi/examples/eap-tls/CA/ca.crt
> server_cert=/home/mranga/mininet-wifi/examples/eap-tls/CA/server.crt
> private_key=/home/mranga/mininet-wifi/examples/eap-tls/CA/server.key
> eap_user_file=/home/mranga/mininet-wifi/examples/eap-tls/eap_users
> ctrl_interface=/var/run/hostapd
> ctrl_interface_group=0
> 
> I can see from the debug log of wpa_supplicant that the broadcast of
> the station is seen. But it is skipped :
> 
> ta1-wlan0: BSS: Add new id 0 BSSID 02:00:00:00:02:00 SSID
> 'simplewifi' freq 2412
> BSS: last_scan_res_used=1/32
> sta1-wlan0: New scan results available (own=1 ext=0)
> sta1-wlan0: Radio work 'scan'@0x20a6ca0 done in 3.529241 seconds
> sta1-wlan0: radio_work_free('scan'@0x20a6ca0): num_active_works --> 0
> sta1-wlan0: Selecting BSS from priority group 0
> sta1-wlan0: 0: 02:00:00:00:02:00 ssid='simplewifi' wpa_ie_len=0
> rsn_ie_len=20 caps=0x411 level=-36 freq=2412
> sta1-wlan0:    skip - SSID mismatch
> 
> Is there a way of specifying "wildcard SSID" in wpasupplicant.conf?
> 
> 
> /var/log/syslog | grep hostapd shows the following:
> 
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> IEEE 802.1X: Sending EAP Packet (identifier 122)
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: sending 1/4 msg of 4-Way Handshake
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: received EAPOL-Key frame (2/4 Pairwise)
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: sending 3/4 msg of 4-Way Handshake
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: received EAPOL-Key frame (4/4 Pairwise)
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: pairwise key handshake completed (RSN)
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> IEEE 802.1X: authorizing port
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> RADIUS: starting accounting session 5AB7B18789CD42DF
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> IEEE 802.1X: authenticated - EAP type: 0 (unknown)
> Sep 15 18:58:32 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: Added PMKSA cache entry (IEEE 802.1X)
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:00:00
> WPA: event 3 notification
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:00:00
> IEEE 802.11: deauthenticated
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:00:00
> MLME: MLME-DEAUTHENTICATE.indication(02:00:00:00:00:00, 3)
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:00:00
> MLME: MLME-DELETEKEYS.request(02:00:00:00:00:00)
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> WPA: event 3 notification
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> IEEE 802.11: deauthenticated
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> MLME: MLME-DEAUTHENTICATE.indication(02:00:00:00:01:00, 3)
> Sep 15 18:58:39 mininet-wifi hostapd: ap1-wlan1: STA
> 02:00:00:00:01:00
> MLME: MLME-DELETEKEYS.request(02:00:00:00:01:00)
> 




More information about the Hostap mailing list