Doubt about PPSK authentication

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hi
I along with two colleagues  working together on a client. On this account we are doing a "standard" configuration, which are two SSIDs (Corporate and Guest). We configured the SSID Corporate , including integration with RADIUS server and everything worked fine. In the SSID Guest, had a problem with the "secretary" module, with PPSK authentication. We spent the whole day trying to solve this problem but did not succeed. The error in question was the handshake of 4 attempts, only 2 were made​​. We research, we found some materials, but can not solve the problem. At the end of the day we tested another authentication method and all went well. However the client needs the PPSK authentication to keep track of your visitors.
Could you help us with that?
Photo of Cassiano Pinheiro

Cassiano Pinheiro

  • 16 Posts
  • 0 Reply Likes
  • lost

Posted 4 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes

When a PSK or PPSK authentication attempt fails after the second message of the four way handshake it is nearly always due to the access point having a different pairwise master key than the wireless client for the SSID.   This is due to the wireless client having a different PSK/PPSK passphrase than the access point (the passphrase is converted to the pairwise master key with PSK/PPSK authentication).

Possible causes:

  • The user typed the wrong passphrase.  This can also occur when the passphrase is copied from a HTML based form or E-mail.  The copy process can include "hidden" characters from the form/E-mail and this can cause the two passphrases to be different.
  • If the PPSK has a date/time association (it may only be valid for one day, for example) then ensure that the HiveManager and access point both have valid NTP sources.  If the time in the HiveManager is significantly different to the access point than associating with date/time associated PPSKs can fail.


Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Crowdie is absolutely right here, the most likely explanation is that the PSK has been entered incorrectly or is invalid from the APs perspective for some reason.

This reason could even be because the expected configuration has not been uploaded and applied from HiveManger to the AP successfully...