PTK cipher mismatch

Jouni Malinen jkmaline
Fri Jun 9 21:03:15 PDT 2006


On Fri, Jun 09, 2006 at 09:08:30AM +0300, Mihai Maties wrote:

> network={
>         ssid="SomeNet"
>         key_mgmt=IEEE8021X
>         eap=LEAP
>         identity="mihai.maties"
>         password="mypassword"
> }
> 
> I'm pretty sure the wireless network configuration didn't change, the only 
> things that did change are: the kernel version (2.6.12 -> 2.6.15) and 
> wpa_supplicant version (0.4.5 -> 0.4.8).

This configuration would be using IEEE 802.1X and LEAP with WEP keys and
looks fine for that kind of use.

> I cannot describe the AP configuration since I do not have access to it, but 
> if you are interested in a specific parameter tell me and I'll try to figure 
> it out from a friend that uses Windows (the parameters are configured 
> automatically).
> 
> I followed your suggestions and changed the config file to:
> 
> network={
>         ssid="SomeNet"
>         key_mgmt=WPA-EAP
>         auth_alg=LEAP
>         identity="mihai.maties"
>         password="mypassword"
> }

This would be using WPA and LEAP with TKIP or CCMP encryption.

> ... but from my point of view the things are pretty much the same: "PTK cipher 
> mismatch". I attached the debug log, maybe it helps.

This looks like the AP would indeed be advertising WPA support. Since
your configuration file did not limit the cipher suite, I would assume
that the AP is trying to use one of the Cisco specific ciphers (CKIP,
CMIC, or CKIP+CMIC). It _may_ also allow non-WPA case (i.e., your
earlier configuration with IEEE 802.1X). It would be worth verifying
whether this is indeed allowed before spending much time with this.

> One more thing: in the 0.4.8 version I see now some parameters related to 
> opensc engine. Could this be an issue ? I tried setting these parmaters to 
> some libraries that seem to be what the program needs but still no luck.

No, those are not used with LEAP.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list