LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 11-10-2010, 02:49 AM   #1
fbmd
LQ Newbie
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 10

Rep: Reputation: Disabled
WPA: 4-Way Handshake failed


Hi,

I have problems connecting to a particular wifi acces point. Generally, wifi works fine on my machine. The setup is:

Code:
lspci:
03:03.0 Ethernet controller: Atheros Communications Inc. AR2413 802.11bg NIC (rev 01)

lsmod:
Module                  Size  Used by
ath5k                 124082  0 
ath                     6632  1 ath5k
led_class               1715  1 ath5k
I am able to connect to most wifi networks using

Code:
ifconfig wlan0 up
wpa_supplicant -B -c/path/to/wpas.conf -iwlan0
dhcpcd wlan0
The scan of the problematic access point is

Code:
Cell 01 - Address: 00:27:19:FD:CA:94
          Channel:1
          Frequency:2.412 GHz (Channel 1)
          Quality=36/70  Signal level=-74 dBm  
          Encryption key:on
          ESSID:"XXXXXXXXX"
          Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                    12 Mb/s; 24 Mb/s; 36 Mb/s
          Bit Rates:9 Mb/s; 18 Mb/s; 48 Mb/s; 54 Mb/s
          Mode:Master
          Extra:tsf=000000060c9d0181
          Extra: Last beacon: 599ms ago
          IE: Unknown: 000841414A5F574C414E
          IE: Unknown: 010882848B960C183048
          IE: Unknown: 030101
          IE: Unknown: 2A0100
          IE: Unknown: 32041224606C
          IE: IEEE 802.11i/WPA2 Version 1
              Group Cipher : CCMP
              Pairwise Ciphers (1) : CCMP
              Authentication Suites (1) : PSK
             Preauthentication Supported
          IE: Unknown: DD0900037F01010008FF7F
          IE: Unknown: DD1A00037F0301000000002719FDCA94022719FDCA9414003C000808
wpa_supplicant.conf:
Code:
network={
        ssid="XXXXXXXX"
        psk=<psk is verified and correct>
        proto=WPA2
}
The entry has been created using

Code:
$ wpa_passphrase "test" "passphrase"
network={
	ssid="test"
	#psk="passphrase"
	psk=a8f6fbf02bfbd7ddd27249ac101487ff51c245b2c34c2efe46b6e680b367ee32
}
so I am pretty condifent that it is OK.

When trying connect to the AP, wpa_supplicant gets stuck in an infinite loop. Here is an excerpt:

Code:
...
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Scan requested (ret=0) - scan timeout 30 seconds
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b19 len=8
Received 3891 bytes of scan results (9 BSSes)
CTRL-EVENT-SCAN-RESULTS 
Selecting BSS from priority group 0
Try to find WPA-enabled AP
0: 00:27:19:fd:ca:94 ssid='XXXXXXXX' wpa_ie_len=0 rsn_ie_len=20 caps=0x11
   skip - SSID mismatch
   skip - SSID mismatch
   skip - SSID mismatch
   selected based on RSN IE
   selected WPA AP 00:27:19:fd:ca:94 ssid='XXXXXXXX'
Trying to associate with 00:27:19:fd:ca:94 (SSID='XXXXXXXX' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 01 00
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
wpa_driver_wext_set_psk
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b1a len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8c08 len=24
AssocResp IE wireless event - hexdump(len=16): 01 08 82 84 8b 96 0c 18 30 48 32 04 12 24 60 6c
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:27:19:fd:ca:94
Association info event
resp_ies - hexdump(len=16): 01 08 82 84 8b 96 0c 18 30 48 32 04 12 24 60 6c
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:27:19:fd:ca:94
No keys have been configured - skip key clearing
Associated with 00:27:19:fd:ca:94
WPA: Association event - clear replay counter
WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RX EAPOL from 00:27:19:fd:ca:94
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=2
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: ASSOCIATED -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)
RSN: msg 1/4 key data - hexdump(len=0):
WPA: Renewed SNonce - hexdump(len=32): 6d e5 7b a9 a6 3a 7e 8e b7 c8 a2 40 d1 f1 9c 6e 76 73 50 ec e1 77 84 38 0
WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: Sending EAPOL-Key 2/4
RX EAPOL from 00:27:19:fd:ca:94
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=2
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02
  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)
RSN: msg 1/4 key data - hexdump(len=0):
WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: Sending EAPOL-Key 2/4
RX EAPOL from 00:27:19:fd:ca:94
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=2
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 03
  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)
RSN: msg 1/4 key data - hexdump(len=0):
WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: Sending EAPOL-Key 2/4
EAPOL: startWhen --> 0
EAPOL: disable timer tick
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: enable timer tick
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
RX EAPOL from 00:27:19:fd:ca:94
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=2
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 04
  key_nonce - hexdump(len=32): af a0 0b 03 51 8b 24 56 a1 2b 35 21 8f 94 94 85 27 26 76 33 6c 7e b0 cf 2f 14 19 
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:27:19:fd:ca:94 (ver=2)
RSN: msg 1/4 key data - hexdump(len=0):
WPA: PTK derivation - A1=00:80:48:3d:5d:60 A2=00:27:19:fd:ca:94
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: Sending EAPOL-Key 2/4
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
WPA: 4-Way Handshake failed - pre-shared key may be incorrect
Setting scan request: 0 sec 100000 usec
BSSID 00:27:19:fd:ca:94 blacklist count incremented to 2
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
State: 4WAY_HANDSHAKE -> DISCONNECTED
...
... and again from the top.

There's two MS Windows boxes running flawlessly with the access point. There is no MAC blocking or anything. But still WPA: 4-Way Handshake failed - pre-shared key may be incorrect - no idea why this happens.

Any pointers where to start getting this to work?

Thanks,
fbmd

P.S. I hope the hexdumps above are safe to post in public.
 
Old 11-10-2010, 04:40 AM   #2
igadoter
Member
 
Registered: Sep 2006
Location: wroclaw, poland
Distribution: slack 12.2, debian-Trinity , openbsd
Posts: 729

Rep: Reputation: 56
Hi,
I also have time to time the same problem with Realtek USB Wifi adapter. Usually I terminate dhcpcd and using wpa_cli terminate wpa_supplicant. I can tell you that I start wifi connection
with the same set of commands. In contrary my notebook with Intel ipw2100 wifi adaper connect with the same access point without troubles. It may be caused by a driver for a device. Under
2.35 kernel I have no problems with that realtek adapter. But now I am running the 2.27 kernel.
 
Old 11-11-2010, 03:33 AM   #3
fbmd
LQ Newbie
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 10

Original Poster
Rep: Reputation: Disabled
Alright, I've solved it.
Code:
network={
   ssid="test"
   #psk="passphrase"
   psk=a8f6fbf02bfbd7ddd27249ac101487ff51c245b2c34c2efe46b6e680b367ee32
}
does not work. However, when I give the passphrase in clear text
Code:
network={
   ssid="test"
   psk="passphrase"
}
it suddenly works.

As I understand, in the latter case the actual key is computed at runtime. In theory, it shouldn't make any difference.

My guess is that it is an encoding issue, since the passphrase contains a tilde (~) character.

Regards,
fbmd
 
Old 08-02-2011, 03:16 AM   #4
pologuy
LQ Newbie
 
Registered: Aug 2011
Posts: 6

Rep: Reputation: Disabled
I have the same problem

Hi fbmd,

I have same problem. Could you write the solution more detail?

How did you modify the source code?
 
Old 08-11-2011, 01:03 AM   #5
fbmd
LQ Newbie
 
Registered: Nov 2010
Location: Germany
Distribution: Gentoo
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hi pologuy,

Quote:
Originally Posted by pologuy View Post
Hi fbmd,

I have same problem. Could you write the solution more detail?

How did you modify the source code?
There is no need to modify any source code - just a config file.

As root, open the file /etc/wpa_supplicant.conf in your favourite text editor and enter

Code:
network={
   ssid="YOUR_SSID"
   psk="YOUR_PASSPHRASE_IN_CLEAR_TEXT"
}
That's it. Save, and rerun wpa_supplicant.

Hope that helps!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection Failed W/ Wpa In Backtrack 3 Not Windows J05HUA Linux - Wireless Networking 9 10-13-2008 09:43 PM
Failed to enable wpa in the driver vladoportos Linux - Wireless Networking 1 09-09-2006 06:10 AM
qpopper TLS/SSL Handshake failed: -1 frerotjs Linux - Software 0 07-15-2003 07:09 AM


All times are GMT -5. The time now is 06:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration