[Ndiswrapper-general] wpa_supplicant, ndiswrapper, bcm4309 and cisco ap issue
Status: Beta
Brought to you by:
pgiri
From: Sandro P. <sp...@gm...> - 2005-06-05 18:20:05
|
Hi, First of all: Sorry for the lengthy post but I think it's necessary ;) I'm having troubles connecting to a Cisco Aironet 1200 series ap using my Dell Wireless 1450 mini-PCI card with ndiswrapper 1.2rc1. linux kernel is self compiled 2.6.11.10 with CONFIG_4KSTACKS disabled. The 1450 is found and the drivers install properly: lspci: 02:03.0 Network controller: Broadcom Corporation BCM4309 802.11a/b/g (rev03) 02:03.0 Class 0280: 14e4:4324 (rev 03) modprobe ndiswrapper: kernel: ndiswrapper version 1.2rc1 loaded (preempt=no,smp=no) kernel: ndiswrapper: driver bcmwl5a (Broadcom,02/10/2005, 3.100.35.1) loaded kernel: ACPI: PCI interrupt 0000:02:03.0[A] -> GSI 5 (level, low) -> IRQ 5 kernel: ndiswrapper: using irq 5 kernel: wlan0: ndiswrapper ethernet device 00:11:f5:33:08:eb using driver bcmwl5a, configuration file 14E4:4324.5.conf kernel: wlan0: encryption modes supported: WEP, WPA with TKIP, WPA with AES/CCMP Tested with Dell drivers R90501.EXE and R94827.EXE, both with same results. Authentication is setup locally via radius on the ap. wpa_supplicant.conf.LEAP-TKIP looks like this: ctrl_interface=/var/run/wpa_supplicant # for wpa_cli support network={ ssid="ssid" key_mgmt=WPA-EAP group=TKIP pairwise=TKIP auth_alg=OPEN LEAP eap=LEAP priority=2 proto=WPA identity="userid" password="password" } I did # modprobe ndiswrapper # ifconfig wlan0 up I also tried to set the essid via # iwconfig wlan0 essid ssid but it doesn't seem to work: wlan0 IEEE 802.11g ESSID:off/any Mode:Managed Frequency:5.18 GHz Access Point: 00:00:00:00:00:00 Bit Rate:54 Mb/s Tx-Power:25 dBm RTS thr:2347 B Fragment thr:2346 B Encryption key:off Power Management:off Link Quality:100/100 Signal level:-56 dBm Noise level:-256 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 # iwconfig --version iwconfig Wireless-Tools version 28 Compatible with Wireless Extension v11 to v18. Kernel Currently compiled with Wireless Extension v17. wlan0 Recommend Wireless Extension v18 or later, Currently compiled with Wireless Extension v17. It seems that there are issues within the EAPOL 4way handshake, step 2/4 since debug on the ap shows the following message: dot11_dot1x_verify_ptk_handshake: Invalid EAPOL-Key Data Len: exp=26, act=24 Here's the output of # wpa_supplicant -iwlan0 -Dndiswrapper -c/etc/wpa_supplicant-home.conf.LEAP-TKIP -dd Initializing interface 'wlan0' conf '/etc/wpa_supplicant-home.conf.LEAP-TKIP' driver 'ndiswrapper' Configuration file '/etc/wpa_supplicant-home.conf.LEAP-TKIP' -> '/etc/wpa_supplicant-home.conf.LEAP-TKIP' Reading configuration file '/etc/wpa_supplicant-home.conf.LEAP-TKIP' ctrl_interface='/var/run/wpa_supplicant' Line: 3 - start of a new network block ssid - hexdump_ascii(len=5): [removed] key_mgmt: 0x1 group: 0x8 pairwise: 0x8 auth_alg: 0x5 eap methods - hexdump(len=2): 11 00 priority=2 (0x2) proto: 0x1 identity - hexdump_ascii(len=8): [removed] password - hexdump_ascii(len=8): [REMOVED] ap_scan=2 Priority group 2 id=0 ssid='ssid' Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 ioctl[SIOCSIWPMKSA]: No such device Own MAC address: 00:11:f5:33:08:eb Setting scan request: 0 sec 100000 usec Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added Trying to associate with SSID 'ssid' Cancelling scan request Automatic auth_alg selection: 0x1 Overriding auth_alg selection: 0x5 WPA: Set cipher suites based on configuration WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT 802.1X WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 No keys have been configured - skip key clearing State: DISCONNECTED -> ASSOCIATING Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:13:19:92:9f:00 State: ASSOCIATING -> ASSOCIATED Association event - clear replay counter Associated to a new BSS: BSSID=00:13:19:92:9f:00 No keys have been configured - skip key clearing Network configuration found for the current AP WPA: Using WPA IE from AssocReq to set cipher suites WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT 802.1X WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 EAPOL: External notification - portControl=Auto Associated with 00:13:19:92:9f:00 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: txStart TX EAPOL - hexdump(len=18): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 01 00 00 EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=46): 01 00 00 05 01 01 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=1 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): [removed] EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=31): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 00 00 0d 02 01 00 0d 01 70 6f 70 70 69 2d 73 61 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=46): 01 00 00 05 01 02 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=1 id=2 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): [removed] EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=31): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 00 00 0d 02 02 00 0d 01 70 6f 70 70 69 2d 73 61 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=46): 01 00 00 18 01 02 00 18 11 01 00 08 39 6e 4e b5 e7 f6 e1 76 70 6f 70 70 69 2d 73 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request method=17 id=2 EAP: AS used the same Id again, but EAP packets were not identical EAP: workaround - assume this is not a duplicate packet EAP: EAP entering state GET_METHOD EAP: initialize selected EAP method (17, LEAP) CTRL-EVENT-EAP-METHOD EAP method 17 (LEAP) selected EAP: EAP entering state METHOD EAP-LEAP: Processing EAP-Request EAP-LEAP: Challenge from AP - hexdump(len=8): 39 6e 4e b5 e7 f6 e1 76 EAP-LEAP: Generating Challenge Response EAP-LEAP: Response - hexdump(len=24): 37 7c ef ec 58 1c df 3f 3a 20 13 6b 6f 69 96 30 ab 4c b4 a6 e2 6a 0e c6 EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=58): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 00 00 28 02 02 00 28 11 01 00 18 37 7c ef ec 58 1c df 3f 3a 20 13 6b 6f 69 96 30 ab 4c b4 a6 e2 6a 0e c6 70 6f 70 70 69 2d 73 61 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=46): 01 00 00 04 03 02 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: AS used the same Id again, but EAP packets were not identical EAP: workaround - assume this is not a duplicate packet EAP: EAP entering state METHOD EAP-LEAP: Processing EAP-Success EAP-LEAP: Challenge to AP/AS - hexdump(len=8): 2c 54 5d 10 d4 ed d8 43 EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=42): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 00 00 18 01 02 00 18 11 01 00 08 2c 54 5d 10 d4 ed d8 43 70 6f 70 70 69 2d 73 61 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=46): 01 00 00 28 02 02 00 28 11 01 00 18 80 be f8 7b 4c 9c 0b 1a 73 d7 d3 2a 69 9b d8 f9 7c cd 90 d6 4d d9 13 ee 70 6f 70 70 69 2d 73 61 00 00 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Response for LEAP method=17 id=2 EAP: AS used the same Id again, but EAP packets were not identical EAP: workaround - assume this is not a duplicate packet EAP: EAP entering state METHOD EAP-LEAP: Processing EAP-Response EAP-LEAP: Response from AP - hexdump(len=24): 80 be f8 7b 4c 9c 0b 1a 73 d7 d3 2a 69 9b d8 f9 7c cd 90 d6 4d d9 13 ee EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP-LEAP: pw_hash_hash - hexdump(len=16): [REMOVED] EAP-LEAP: peer_challenge - hexdump(len=8): 39 6e 4e b5 e7 f6 e1 76 EAP-LEAP: peer_response - hexdump(len=24): 37 7c ef ec 58 1c df 3f 3a 20 13 6b 6f 69 96 30 ab 4c b4 a6 e2 6a 0e c6 EAP-LEAP: ap_challenge - hexdump(len=8): 2c 54 5d 10 d4 ed d8 43 EAP-LEAP: ap_response - hexdump(len=24): 80 be f8 7b 4c 9c 0b 1a 73 d7 d3 2a 69 9b d8 f9 7c cd 90 d6 4d d9 13 ee EAP-LEAP: master key - hexdump(len=16): [REMOVED] EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 4a e7 f8 99 7f 7b a3 ee d7 3c 82 5f 11 22 7e ee 3e 78 13 20 22 f1 55 4f 44 dd 81 af 47 bb 18 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 4a e7 f8 99 7f 7b a3 ee d7 3c 82 5f 11 22 7e ee 3e 78 13 20 22 f1 55 4f 44 dd 81 af 47 bb 18 e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 State: ASSOCIATED -> 4WAY_HANDSHAKE WPA: RX message 1 of 4-Way Handshake from 00:13:19:92:9f:00 (ver=1) WPA: PMK from EAPOL state machines - hexdump(len=16): [REMOVED] WPA: Renewed SNonce - hexdump(len=32): e7 64 a1 b1 d6 b2 c6 0e 64 af 7d 2a 11 6c 36 93 78 41 26 87 8e 89 be 82 64 86 ff bf d4 33 1d 1d WPA: PMK - hexdump(len=16): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key - hexdump(len=137): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 e7 64 a1 b1 d6 b2 c6 0e 64 af 7d 2a 11 6c 36 93 78 41 26 87 8e 89 be 82 64 86 ff bf d4 33 1d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 62 f2 8c 3e 99 45 f9 c9 64 b7 33 bb 5e 71 08 44 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 02 4a e7 f8 99 7f 7b a3 ee d7 3c 82 5f 11 22 7e ee 3e 78 13 20 22 f1 55 4f 44 dd 81 af 47 bb 18 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 02 4a e7 f8 99 7f 7b a3 ee d7 3c 82 5f 11 22 7e ee 3e 78 13 20 22 f1 55 4f 44 dd 81 af 47 bb 18 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE WPA: RX message 1 of 4-Way Handshake from 00:13:19:92:9f:00 (ver=1) WPA: PMK from EAPOL state machines - hexdump(len=16): [REMOVED] WPA: PMK - hexdump(len=16): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key - hexdump(len=137): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 02 e7 64 a1 b1 d6 b2 c6 0e 64 af 7d 2a 11 6c 36 93 78 41 26 87 8e 89 be 82 64 86 ff bf d4 33 1d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 e7 27 28 cd cc 5d c8 8d 87 5c 86 50 65 ba 66 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 RX EAPOL from 00:13:19:92:9f:00 RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 03 4a e7 f8 99 7f 7b a3 ee d7 3c 82 5f 11 22 7e ee 3e 78 13 20 22 f1 55 4f 44 dd 81 af 47 bb 18 eb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines IEEE 802.1X RX: version=1 type=3 length=95 EAPOL-Key type=254 WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 03 4a e7 f8 99 7f 7b a3 ee d7 3c 82 5f 11 22 7e ee 3e 78 13 20 22 f1 55 4f 44 dd 81 af 47 bb 18 eb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE WPA: RX message 1 of 4-Way Handshake from 00:13:19:92:9f:00 (ver=1) WPA: PMK from EAPOL state machines - hexdump(len=16): [REMOVED] WPA: PMK - hexdump(len=16): [REMOVED] WPA: PTK - hexdump(len=64): [REMOVED] WPA: Sending EAPOL-Key 2/4 WPA: TX EAPOL-Key - hexdump(len=137): 00 13 19 92 9f 00 00 11 f5 33 08 eb 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 03 e7 64 a1 b1 d6 b2 c6 0e 64 af 7d 2a 11 6c 36 93 78 41 26 87 8e 89 be 82 64 86 ff bf d4 33 1d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 5e dc a3 85 7b 7c ae f5 f2 fe 0f 0e f0 f7 87 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 CTRL-EVENT-TERMINATING - signal 2 received State: 4WAY_HANDSHAKE -> DISCONNECTED No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 No keys have been configured - skip key clearing EAP: deinitialize previously used EAP method (17, LEAP) at EAP deinit I already posted this to the hostap list and they told me it most probably is an ndiswrapper issue: "This is the default WPA IE generated by wpa_supplicant. However, NDIS drivers generate their own IE for association and it may differ from this (in this case, it is likely to include extra 00 00 in the end). The driver will need to notify wpa_supplicant about the used WPA IE when they are generating WPA IEs, but the debug log does not include such notification." iwevent also doen's show any ASSOCINFO(ReqIEs=...) event, the only ones I get is "Set Mode: Managed" and 2 x "New Access Point/Cell...", one with the MAC of the AP and one with only 0's. Any hint is greatly appreciated! Thank you, Sandro -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl |