**wpa supplicant authentication issues

patkalolo · 05-05-2005, 11:36 PM

I am running ndiswrapper-1.1 and wpa_supplicant-0.3.8 with a "DStink" di-624 AP and Belkin F5D7050 usb wireless adapter and cannot autenticate when my AP is in WPA-PSK encryption mode.

typing:

Code:

ndiwrapper -l

gives:

Code:

rt2500usb       driver present, hardware present

lsmod outputs:

Code:

Module                  Size  Used by
ndiswrapper           132504  -
intel_mch_agp           7996  -
nvidia               3916316  -

Here is the procedure I use to connect when my AP IS NOT encrypted:

Code:

ifconfig eth0 down
ifconfig wlan0 up

route add -net default gw 192.168.0.1

The important thing to note here is that I can connect to my AP, but not to the internet until the "route add -net default gw 192.168.0.1" command is issued.

Here is the procedure I use to connect when my AP IS encrypted:

Code:

ifconfig eth0 down
ifconfig wlan0 up
route add -net default gw 192.168.0.1
wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -dd

Here is my /etc/wpa_supplicant.conf file:

Code:

ctrl_interface=/var/run/wpa_supplicant # for wpa_cli support

network={
  ssid="makaha"
  psk="XXXXX"
  key_mgmt=WPA-PSK
  proto=WPA
}

Of course when my AP is WPA-PSK encrypted I just cannot connect. Whats the deal? Here is the message I am getting following initilization if wpa_supplicant using the final comand listed above:

Code:

root@XXXX:/home/pat# wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant
.conf -dd
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'ndiswrapp
er'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
Line: 3 - start of a new network block
ssid - hexdump_ascii(len=6):
     6d 61 6b 61 68 61                                 makaha
PSK (ASCII passphrase) - hexdump_ascii(len=20): [REMOVED]
key_mgmt: 0x2
proto: 0x1
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Priority group 0
   id=0 ssid='makaha'
Initializing interface (2) 'wlan0'
Own MAC address: 00:11:50:46:c5:23
Setting scan request: 0 sec 100000 usec
Using existing control interface directory.
Wireless event: cmd=0x8b06 len=8
Starting AP scan (broadcast SSID)
RX EAPOL from 00:0d:88:bc:4b:f3
RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 a
8 7d a9 33 7b 28 55 d0 03 1e 20 e8 70 ed 0a 5a 42 22 42 0b 77 e7 b9 bd 48 2e 4f
8e 83 8f b5 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 0
0 00 01 a8 7d a9 33 7b 28 55 d0 03 1e 20 e8 70 ed 0a 5a 42 22 42 0b 77 e7 b9 bd
48 2e 4f 8e 83 8f b5 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00
WPA: RX message 1 of 4-Way Handshake from 00:0d:88:bc:4b:f3 (ver=1)
Invalid group cipher (0).
WPA: Failed to generate WPA IE (for msg 2 of 4).
RX EAPOL from 00:0d:88:bc:4b:f3
RX EAPOL - hexdump(len=123): 01 03 00 77 fe 01 c9 00 20 00 00 00 00 00 00 00 02
a8 7d a9 33 7b 28 55 d0 03 1e 20 e8 70 ed 0a 5a 42 22 42 0b 77 e7 b9 bd 48 2e 4f
 8e 83 8f b5 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 20 e5 61 2f 99 02 e5 a3 dc 90 51 30 c2 7d 61 df
00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02
IEEE 802.1X RX: version=1 type=3 length=119
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=123): 01 03 00 77 fe 01 c9 00 20 00 00 00 00 00
00 00 02 a8 7d a9 33 7b 28 55 d0 03 1e 20 e8 70 ed 0a 5a 42 22 42 0b 77 e7 b9 bd
 48 2e 4f 8e 83 8f b5 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 20 e5 61 2f 99 02 e5 a3 dc 90 51 30 c2
7d 61 df 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50
 f2 02
WPA: Could not verify EAPOL-Key MIC - dropping packet
RX EAPOL from 00:0d:88:bc:4b:f3
RX EAPOL - hexdump(len=131): 01 03 00 7f fe 03 91 00 20 00 00 00 00 00 00 00 03
a4 86 9d 21 d7 5a 6c 0b 2e 22 1a 24 f2 69 f1 bd b7 fe 37 2c f0 03 1c cc 86 bc 47
 92 1d cc c4 95 48 f7 79 84 d5 e7 dc 58 99 ac d4 9f cb ef ed 75 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 36 90 31 77 a2 db 8c 37 f5 e4 a1 76 28 a7 49 39
00 20 df 03 45 a3 f2 b5 95 70 74 7c 71 81 f2 e7 49 c5 32 a4 c9 77 44 4d 56 23 59
 c9 f9 e7 60 30 30 7c
IEEE 802.1X RX: version=1 type=3 length=127
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=131): 01 03 00 7f fe 03 91 00 20 00 00 00 00 00
00 00 03 a4 86 9d 21 d7 5a 6c 0b 2e 22 1a 24 f2 69 f1 bd b7 fe 37 2c f0 03 1c cc
 86 bc 47 92 1d cc c4 95 48 f7 79 84 d5 e7 dc 58 99 ac d4 9f cb ef ed 75 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 36 90 31 77 a2 db 8c 37 f5 e4 a1 76 28
a7 49 39 00 20 df 03 45 a3 f2 b5 95 70 74 7c 71 81 f2 e7 49 c5 32 a4 c9 77 44 4d
 56 23 59 c9 f9 e7 60 30 30 7c
WPA: Could not verify EAPOL-Key MIC - dropping packet
Scan timeout - try to get results
ioctl[SIOCGIWSCAN]: Resource temporarily unavailable
Scan results: -1

So what in the world is going on?

stuNNed · 05-06-2005, 12:51 AM

look at the sample wpa_supplicant.conf, it is well commented and you will probably find your answers there.

patkalolo · 05-06-2005, 04:26 PM

Quote:

Originally posted by stuNNed
look at the sample wpa_supplicant.conf, it is well commented and you will probably find your answers there.

Dude...added one line to my /etc/wpa_supplicant.conf file:

Code:

eapol_version=1

Now my /etc/wpa_supplicant.conf file looks like this:

Code:

ctrl_interface=/var/run/wpa_supplicant # for wpa_cli support
eapol_version=1

network={
  ssid="makaha"
  psk="XXX"
  key_mgmt=WPA-PSK
  proto=WPA
}

The reasoning for this is as follows:

Quote:

# IEEE 802.1X/EAPOL version
# wpa_supplicant was implemented based on IEEE 802-1X-REV-d8 which defines
# EAPOL version 2. However, there are many APs that do not handle the new
# version number correctly (they seem to drop the frames completely). In order
# to make wpa_supplicant interoperate with these APs, the version number is set
# to 1 by default. This configuration value can be used to set it to the new
# version (2).

Sometimes quitting for a little while and coming back to a problem the next day reall helps. Thanks for your help stuNNed.

patkalolo · 05-06-2005, 06:11 PM

For al lof you slack users out there, I initiated my wireless connection at boot time by editing my /etc/rc.d/rc.local file as follows:

Code:

#!/bin/sh
#
# /etc/rc.d/rc.local:  Local system initialization script.
#
# Put any local setup commands in here

modprobe ndiswrapper
ifconfig wlan0 192.168.0.111
route add -net default gw 192.168.0.1
wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -B

stuNNed · 05-07-2005, 12:43 AM

congrats mate, glad it worked out. i also use:

ap_scan=1 -- in the first section

and in the network section:

scan_ssid=1

I think these are good for if your SSID is hidden and not broadcast.

See http://hostap.epitest.fi/cgi-bin/vie...ype=text/plain

GROS MINET · 12-28-2005, 01:59 PM

wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -B
and use
wpa_supplicant -Dndiswrapper -iwlan0 -c/etc/wpa_supplicant.conf -dd for verbose mode
ctrl_interface=/var/run/wpa_supplicant # for wpa_cli support

network={
ssid="makaha"
psk="XXXXX"
key_mgmt=WPA-PSK
proto=WPA
}
in this configuration file has error on my config
I change in this
ap_scan=1 -- in the first section
and in the network section:
network={
scan_ssid=1
ssid="makaha"
key_mgmt=WPA-PSK
psk="XXXXX"
proto=WPA
}
but my config don'work well
arp associated card is in my table security on the router but i have an error key cipher lenght