Re: [Madwifi-users] MADWifi 802.1x fix.
Status: Beta
Brought to you by:
otaku
From: Ramon C. <cas...@in...> - 2004-03-26 08:57:14
|
Hi Terry, Thanks for your answer and patience, please see comments inline. On Thu, 25 Mar 2004, Terry Simons wrote: > One problem is that you are actually able to associate to the network > without encryption turned on. What I have typically seen is that when > 802.1x is enabled, you can ONLY associate when a key (even a bogus one) > is set. So it seems odd to me that you can associate without a key > set. Maybe I should explain a little further... I'm using a linux laptop in a windows centric environment. The wifi infrastructure has been set up so the same access points (cisco aironets 1200) manage both a public (limited) ssid "GUEST" so guests can use it getting a private address and a second ssid "STAFF" (hidden). The later works with WPA+Certs (in windows people usually install both the CA and personal certs and they are ready to go). (Disclaimer: I changed the names of the essid for clarity purposes) A iwconfig ath0 scan shows the public ones, e.g. Cell 02 - Address: 00:0E:38:4E:47:30 Mode:Master Encryption key:off Quality:18/94 Signal level:-77 dBm Noise level:-95dBm Mode:Master ESSID:"GUEST" ath_hal: 0.9.8.6 wlan: 0.7.3.1 BETA-802.1x ath_pci: 0.8.5.4 BETA-802.1x Setup queue (0) for WME_AC_BK Setup queue (1) for WME_AC_BE Setup queue (2) for WME_AC_VI Setup queue (3) for WME_AC_VO ath0: mac 4.2 phy 3.0 5ghz radio 1.7 2ghz radio 2.3 ath0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ath0: 802.11 address: 00:05:4e:40:22:0a ath0: Atheros 5211: mem=0xc0210000, irq=9 > Can you associate to the network with a WEP key set (without > xsupplicant running)? Yes, I can (automatically, as soon as I set the interface up) associate to the public "GUEST" one... **However** please note that in my previous email I was associated with the "STAFF" one, since I set the essid _before_ bringing the interface up. ath0 IEEE 802.11 ESSID:"GUEST" Mode:Managed Frequency:2.442GHz Access Point: 00:0E:38:4E:45:90 Bit Rate:11Mb/s Tx-Power:off Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:36/94 Signal level:-59 dBm Noise level:-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 > > You will probably have to issue something like: > > iwconfig ath0 key 1234567890 > iwconfig ath0 enc on iwconfig ath0 key 1234567890 iwconfig ath0 enc on at this moment the assoc. with "GUEST" is lost: ath0 IEEE 802.11 ESSID:"GUEST" Mode:Managed Frequency:2.462GHz Access Point: FF:FF:FF:FF:FF:FF Bit Rate:1Mb/s Tx-Power:off Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:1234-5678-90 Security mode:open Power Management:off Link Quality:0/94 Signal level:-95 dBm Noise level:-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 but it shows that the key has been set. > In order to get encryption working properly since the MADWifi patch > seems to have broken manual key sets, though that combination works for the key is set, but as shown below, it does not associate.... I set the ESSID to "STAFF" and it simply never associates... keeps on scanning. So I cannot start xsupplicant (or if I start it, it complains as expected...) [ALL] Processing interface ath0... [INT] All Fs for dest mac! Resetting keys! [INT] Successfully set WEP key [1] [INT] Successfully set the WEP transmit key [1] [ALL] Clock tick! authWhile=0 heldWhile=18 startWhen=18 curState=CONNECTING etc.... etc... So my next test is as follows: remove modules, shutdown everything wifi related, modprobe ath_pci, and *without* bringing the interface up, set a key, set enc on and set directly the ESSID to "STAFF", bring it up (the main idea is to avoid associating with "GUEST") (Interface is down) ath0 IEEE 802.11 ESSID:"STAFF" Mode:Managed Frequency:2.412GHz Access Point: 00:00:00:00:00:00 Bit Rate:0kb/s Tx-Power:off Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:1234-5678-90 Security mode:open Power Management:off Link Quality:0/94 Signal level:-95 dBm Noise level:-95 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 ifconfig ath0 up and it keeps on scanning and never associates. xsupplicant bugs ------------------------------------------------------------------ an extra } at the end of the config file causes xsupplicant to segfault (lexer.l) launching xsupplicant with no key set when the card is associated with the GUEST essid causes xsupplicant to segfault. I recompiled with symbols on: Program received signal SIGSEGV, Segmentation fault. 0x0804bd54 in sendframe (thisint=0x806ba50, sendframe=0xbfffe140 "", sendsize=18) at os_cardif.c:591 591 if (memcmp(nomac, (char *)&thisint->userdata->dest_mac[0], 6) != 0) (gdb) bt #0 0x0804bd54 in sendframe (thisint=0x806ba50, sendframe=0xbfffe140 "", sendsize=18) at os_cardif.c:591 #1 0x0804ef72 in eapol_execute (workint=0x806ba50) at eapol.c:215 #2 0x0804aa2a in main (argc=5, argv=0xbfffeea4) at xsup_driver.c:814 madwifi bugs ------------------------------------------------------------------- Badness in remove_proc_entry at fs/proc/generic.c:660 Call Trace: [<c018dc0d>] remove_proc_entry+0x11d/0x160 [<f9b5bed7>] ieee80211_proc_remove+0x47/0x60 [wlan] [<f9b549f7>] ieee80211_ifdetach+0x57/0xd0 [wlan] [<f9b63778>] ath_detach+0x48/0x70 [ath_pci] [<f9b68a84>] ath_pci_remove+0x24/0xb0 [ath_pci] [<c01e089b>] pci_device_remove+0x3b/0x40 [<c023be76>] device_release_driver+0x66/0x70 [<c023beab>] driver_detach+0x2b/0x40 [<c023c0ed>] bus_remove_driver+0x3d/0x80 [<c023c4f3>] driver_unregister+0x13/0x28 [<c01e0a76>] pci_unregister_driver+0x16/0x30 [<f9b68bd4>] exit_ath_pci+0x14/0x2d [ath_pci] [<c013699e>] sys_delete_module+0x13e/0x180 [<c014eeda>] do_munmap+0x14a/0x190 [<c033a34e>] sysenter_past_esp+0x43/0x65 ath_pci: driver unloaded ieee80211_ifdetach(struct net_device *dev) { struct ieee80211com *ic = dev->priv; /**** Is the device still valid at this point ?? */ .... #ifdef CONFIG_PROC_FS ieee80211_proc_remove(ic); #endif static void ieee80211_proc_remove(struct ieee80211com *ic) { if (ic->i I really don't have the time to fix it, but I report it nevertheless... ---------------------------------------------------------------------- > > Also, please send me (off madwifi list, or to the xsupplicant list) the > following: > > Your xsupplicant configuration (no passwords please). Sure, by private mail. I've changed the password in the file, but what is the role of the password with certs and TLS ? (sorry, this must be a FAQ question). Thanks, Ramon |