FT authentication fails on FT-SAE

Sun Sep 26 13:32:38 PDT 2021

Hi,

this is not possible by the way the EAP authentication backing FT-SAE 
works.

Regards,
M. Braun

Am 23.09.2021 11:08, schrieb S330錢小偉qianxiaowei:
> Dear Braun,
> 
> Do we have plans to support functions similar to ft_psk_generate_local
> on FT-SAE?
> As we know, before ft_psk_generate_local is not supported, we also
> need to manually configure r0kh and r1kh.
> This is not very friendly for home users who have APs from different
> manufacturers.
> Thanks to the emergence of ft_psk_generate_local, which makes FT-PSK
> very simple Well!
> 
> If FT-SAE can also support such a function, it would be great!!!
> 
> Thanks.
> Best Regards!
> 
>> On Sep 23, 2021, at 4:13 PM, michael-dev <michael-dev at fami-braun.de>
>> wrote:
>> 
>> Hi,
>> 
>> you're missing most of the required settings in section IEEE 802.11r
>> configuration of
>> https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf .
>> You don't need r0kh/r1kh only if only using FT-PSK with
>> ft_psk_generate_local, because otherwise both hostapd instances need
>> to communicate to faciliate roaming (exchange keys etc.) - which
>> they cannot unless r0kh/r1kh is configured.
>> 
>> Regards,
>> M. Braun
>> 
>> Am 13.08.2021 09:34, schrieb Michael Yartys:
>> 
>>> --- LAPTOP 1 ---
>>> interface=wlp18s0
>>> driver=nl80211
>>> ssid=test1
>>> hw_mode=g
>>> channel=1
>>> auth_algs=3
>>> wmm_enabled=1
>>> nas_identifier=first_example
>>> wpa=2
>>> wpa_passphrase=testingstuff123
>>> wpa_key_mgmt=SAE FT-SAE
>>> wpa_pairwise=CCMP
>>> ieee80211w=2
>>> sae_pwe=2
>>> mobility_domain=a1b2
>>> ft_over_ds=0
>>> ft_psk_generate_local=0
>>> --- LAPTOP 2 ---
>>> interface=wlp18s0
>>> driver=nl80211
>>> ssid=test1
>>> hw_mode=g
>>> channel=6
>>> auth_algs=3
>>> wmm_enabled=1
>>> nas_identifier=second_example
>>> wpa=2
>>> wpa_passphrase=testingstuff123
>>> wpa_key_mgmt=SAE FT-SAE
>>> wpa_pairwise=CCMP
>>> ieee80211w=2
>>> sae_pwe=2
>>> mobility_domain=a1b2
>>> ft_over_ds=0
>>> ft_psk_generate_local=0
>> 
>> _______________________________________________
>> Hostap mailing list
>> Hostap at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/hostap
> 
> 
> --------------------------------------------------------------------------------------
> This message including any attachment is intended only for the use of
> the addressee(s) and may contain privileged and confidential
> information. If you are not the intended recipient, you are hereby
> notified that any dissemination of this message is strictly
> prohibited. Disclosure, copying, distribution, or use of the contents
> of this e-mail by persons other than the intended recipient may
> violate applicable laws. Abuse or dissemination by the intended
> recipient is also forbidden. Please kindly return the e-mail and
> delete it if you have received this message in error. Thank you.
> 本郵件內容涉及商業或私人秘密，非收件人請勿散佈或使用，收件人亦應遵守保密義務不得散佈或濫用本郵件，否則可能違反相關法令。如因傳遞錯誤，請立即刪除並回覆通知寄件人。感謝您。