if PA is hidden and client cannot see AP's ssid, what should put for wpa_passphrase?

hong zhang henryzhang
Thu Mar 1 16:20:35 PST 2007 

Dan,
   
  Authenticantion is failed.
  Auth request packet contains open and seq. num is 1
  Auth response packet from AP contains algorithm is shared key
and seq. num is 14.
   
  So auth failed. I expect seq. num should be 2 but it is 14.
  Another thing is I cannot make ieee80211_ioctl_setmlme() work right.
   
  Any clue?
   
  ----henry
  
Dan Williams <dcbw at redhat.com> wrote:
  On Wed, 2007-02-28 at 21:49 -0800, hong zhang wrote:
> Dan,
> 
> I look at my AP beacon and find two ucastcipher. One is tkip and
> another one is ccmp. I can not make it as only one ucastcipher
> ---tkip. I do not want to have ccmp.
> 
> Also, how to decide wpa_ie value?

Configure the access point to only support TKIP if you really want this.
But what are you trying to do here? You should be using CCMP on all
stations if you can, but if you have any stations that do not support
CCMP, you want to use TKIP with those. So you should probably have
_both_ CCMP and TKIP enabled on the AP.

It shouldn't matter to the station what cipher the AP uses. The client
will just pick the one that both it and the AP support, and use that.
You shouldn't need to disable one.

To specify only TKIP in wpa_supplicant, you use:

pairwise=TKIP
group=TKIP

but if you're dealing with a hidden AP, you need to make sure that your
pairwise and group cipher options match _exactly_ what the AP says in
its information element, and therefore you'd want both TKIP and CCMP in
the wpa_supplicant config file.

Dan

> ---henry
> 
> Dan Williams wrote:
> On Wed, 2007-02-28 at 12:42 -0800, hong zhang wrote:
> > List,
> > 
> > wpa_passphrase requires ssidname and passphrase as input.
> But if one
> > client/station wants to associate an hidden AP. That means
> client
> > could not see AP's ssid name (empty). How can we run
> > wpa_passphrase without ssid input and wpa_passphrase would
> not work.
> 
> You just have to know the SSID, even if the AP is hidden. You
> cannot
> connect to a hidden AP unless you know the SSID, so you'll
> have the SSID
> for the passphrase anyway.
> 
> Dan
> 
> 
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20070301/0b0a70cf/attachment.htm

More information about the Hostap mailing list