Bug in hostapd-0.4.4 (WPA-PSK an EAP-TLS no more useable in parallel)

Beat Meier bmeier
Wed Aug 31 11:17:12 PDT 2005


Jouni Malinen wrote:

>On Wed, Aug 31, 2005 at 01:09:23AM -0300, Beat Meier wrote:
>
>  
>
>>In hostapd/wpa_supplicant 0.4.3 it worked to use wpa-psk and eap-tls 
>>"parallel" in the same config file
>>i.e. one client could connect with eap-tls other with wpa-psk.
>>This does not anymore work with version 0.4.4. it seems that hostapd 
>>does not anymore "announce"
>>wpa-psk ...
>>Was this a bug in 0.4.3 to use together or a bug in 0.4.4
>>    
>>
>
>This worked in my tests..
>
>  
>
>>Aug 31 01:04:12.827357: Scan results: 1
>>Aug 31 01:04:12.827591: Selecting BSS from priority group 0
>>Aug 31 01:04:12.827825: 0: 00:01:b4:02:0d:90 ssid='wireless-obera-o1' 
>>wpa_ie_len=0 rsn_ie_len=30 caps=0x11
>>Aug 31 01:04:12.828116:    skip - could not parse WPA/RSN IE
>>Aug 31 01:04:12.828397: No suitable AP found.
>>    
>>
>
>Which driver are you using?
>
>  
>

Yes you're right ...
I've used the head of madwifi-20050830
because I have read that bsd branch was merged to head and bsd branch is 
now obsolete i.e.
ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413)
wlan: 0.8.6.0 (EXPERIMENTAL)
ath_rate_sample: 1.2
ath_pci: 0.9.6.0 (EXPERIMENTAL)


With madwifi-bsd-20050702and hostapd-0.4.4 it works right i.e.
ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413)
wlan: 0.8.5.0-BSD (EXPERIMENTAL)
ath_rate_sample: 1.2
ath_pci: 0.9.5.0-BSD

Which driver version do you use?

BTW: What is the meaning of message "MLME-REPLAYFAILURE.indication" below?

Aug 31 13:14:36.097774: CTRL-EVENT-CONNECTED - Connection to 
00:01:b4:02:0d:90 completed (auth)
Aug 31 13:14:36.098058: EAPOL: External notification - portValid=1
Aug 31 13:14:36.098602: EAPOL: External notification - EAP success=1
Aug 31 13:14:36.098838: EAPOL: SUPP_PAE entering state AUTHENTICATING
Aug 31 13:14:36.099117: EAPOL: SUPP_BE entering state SUCCESS
Aug 31 13:14:36.099354: EAPOL: SUPP_PAE entering state AUTHENTICATED
Aug 31 13:14:36.099582: EAPOL: SUPP_BE entering state IDLE
Aug 31 13:14:36.961123: Wireless event: cmd=0x8c02 len=83
Aug 31 13:14:36.962073: Custom wireless event: 
'MLME-REPLAYFAILURE.indication(keyid=1 broadcast addr=ff:ff:ff:ff:ff:ff)'


>>Here diffs of config file share and wpa-psk only of hostapd
>>    
>>
>
>It is a bit difficult to understand what the configuration was based on
>a diff. Could you please send a full example configuration that is
>showing the issue?
>
>  
>
---------- config file start
interface=ath0
driver=madwifi

logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

ssid=wireless-obera-o1
macaddr_acl=0
auth_algs=3
ieee8021x=1
eap_server=0
eap_message=hello
eapol_key_index_workaround=0
own_ip_addr=127.0.0.1

auth_server_addr=192.168.188.1
auth_server_port=1812
auth_server_shared_secret=XXX
acct_server_addr=192.168.188.1
acct_server_port=1813
acct_server_shared_secret=XXX
radius_retry_primary_interval=600

wpa=3
wpa_psk=YYYYYY
wpa_key_mgmt=WPA-EAP WPA-PSK
wpa_pairwise=TKIP CCMP
---------- config file end

BTW: How do I know that I'm connected with WPA2 instead of WPA?
CCMP is WPA2 and TKIP WPA but what if mixed like in the following output?

If I do a wpa_cli status:

Selected interface 'ath0'
bssid=00:01:b4:02:0d:90
ssid=wireless-obera-o1
pairwise_cipher=CCMP
group_cipher=TKIP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
ip_address=192.168.201.233
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS

For full WPA2 do I have to disable TKIP or is this normal that 
group_cipher has TKIP?


Thanks

Beat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050831/73525c8e/attachment.htm 



More information about the Hostap mailing list