Hostapd / Macbook Pro 4-way handshake issue
Michael Stevens
mike
Thu Jul 13 13:41:03 PDT 2006
I have the -ddd output for hostap but it is too large for this list. (28KB
gzip'ed).
Mike
On Thursday 13 July 2006 15:35, Michael Stevens wrote:
> We have determined that MacBook Pros connecting to hostapd 0.4.9 have a
> problem with the 4-way handshake when wpa=3 (WPA and WPA2 operation). We
> have found this condition when using EAP for key management and a Microsoft
> Active Directory server for the RADIUS server. The error appears to be that
> there is no response to the 3rd packet of the 4-way handshake. We also
> tested the Mac Book Pro against an Airport Express in a similar
> configuration and it worked. Tcpdumps of both EAPOL exchanges are attached.
> It seems that the IEs may have something to do with this bug and when they
> are sent as that is what differs between the two.
>
> Here are all the test scenarios for hostap that we tried with the exact
> same configuration except for the listed changes and whether they succeded
> or failed.
>
> configurations tested
> ------------------------------------------------------
> Y wpa=1 wpa_pairwise=TKIP
> Y wpa=1 wpa_pairwise=CCMP
> Y wpa=1 wpa_pairwise=TKIP CCMP
> Y wpa=2 wpa_pairwise=CCMP
> Y wpa=2 wpa_pairwise=TKIP CCMP
> N wpa=3 wpa_pairwise=CCMP
> N wpa=3 wpa_pairwise=TKIP CCMP
>
> $ cat /etc/hostapd.conf
>
> # Interface to run on, and driver
> interface=ath0
> driver=bsd
>
> logger_syslog=-1
> logger_syslog_level=2
> logger_stdout=-1
> logger_stdout_level=2
>
> # Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive
> debug=0
>
> # Dump file for state information (on SIGUSR1)
> dump_file=/tmp/hostapd.dump
>
> # Running interface and group
> ctrl_interface=/var/run/hostapd
> ctrl_interface_group=0
>
> # IEEE 802.11 related configuration
> ssid=accesspoint
> macaddr_acl=0
> auth_algs=1
>
> # IEEE 802.1x-rev related configruation
> ieee8021x=1
> eapol_key_index_workaround=0
>
> # Integrated EAP server
> # currently unused
> eap_server=0
>
> # RADIUS client configuration
> own_ip_addr=127.0.0.1
> auth_server_addr=10.0.0.2
> auth_server_port=1812
> auth_server_shared_secret=password
>
> # WPA/IEEE 802.11i configuration
> wpa=1
> wpa_key_mgmt=WPA-EAP
> wpa_pairwise=CCMP TKIP
> wpa_group_rekey=3600
More information about the Hostap
mailing list