Windows 11 Client can't connect to WPA3 Enterprise

Robert Senger robert.senger at lists.microscopium.de
Sun May 21 12:24:28 PDT 2023 

Sorry, it's bit 12 of course, which means GMAC-256, which should be ok
and not give an error at all???

GMAC-256 is also supported in the AP hardware, as "iw list" shows.


Am Sonntag, dem 21.05.2023 um 20:41 +0200 schrieb Robert Senger:
> Hi all,
> 
> I am having trouble getting a Windows 11 client connected to a WPA3
> Enterprise network.
> 
> While clients using wpa_supplicant can connect fine, the Windows 11
> machine fails in early stage. 
> 
> When running hostapd with the -d switch from the commmand linbe, I
> see
> this during a connection attempt of the Windows 11 machine: 
> 
> association request: STA=04:7b:cb:29:e0:94 capab_info=0x11
> listen_interval=1 seq_ctrl=0x1020
> Validating WMM IE: OUI 00:50:f2  OUI type 2  OUI sub-type 0  version
> 1  QoS info 0x0
> Unsupported management group cipher 4096
> 
> This error occurs always, whatever I set for rsn or group cipher in
> hostapd.conf
> 
> I digged into the sources for that message and found this in
> wpa_common.c:
> 
> int wpa_cipher_valid_mgmt_group(int cipher)
> {
>         return cipher == WPA_CIPHER_GTK_NOT_USED ||
>                 cipher == WPA_CIPHER_AES_128_CMAC ||
>                 cipher == WPA_CIPHER_BIP_GMAC_128 ||
>                 cipher == WPA_CIPHER_BIP_GMAC_256 ||
>                 cipher == WPA_CIPHER_BIP_CMAC_256;
> }
> 
> which will return 0 for cipher=4096, see defs.h:
> 
> #define WPA_CIPHER_NONE BIT(0)
> #define WPA_CIPHER_WEP40 BIT(1)
> #define WPA_CIPHER_WEP104 BIT(2)
> #define WPA_CIPHER_TKIP BIT(3)
> #define WPA_CIPHER_CCMP BIT(4)
> #define WPA_CIPHER_AES_128_CMAC BIT(5)
> #define WPA_CIPHER_GCMP BIT(6)
> #define WPA_CIPHER_SMS4 BIT(7)
> #define WPA_CIPHER_GCMP_256 BIT(8)
> #define WPA_CIPHER_CCMP_256 BIT(9)
> #define WPA_CIPHER_BIP_GMAC_128 BIT(11)
> #define WPA_CIPHER_BIP_GMAC_256 BIT(12)
> #define WPA_CIPHER_BIP_CMAC_256 BIT(13)
> #define WPA_CIPHER_GTK_NOT_USED BIT(14)
> 
> Maybe I am completely wrong, but 4096 means bit 10, which is not even
> assigned to a cipher in defs.h?
> 
> What's going on here?
> 
> Thank you for help!
> 
> Robert
> 

-- 
-- 
Robert Senger

More information about the Hostap mailing list