Problem with Linux and PPSK

  • 2
  • Question
  • Updated 4 years ago
  • Answered
Hi to all,

I have setup up a BR200-WP, AP330 and AP141, with a SSID and a PPSK athentication profile.

ALL device are able to connect (android, iphone, windows) but not a linux machine.

if I dual boot on Windows I'm able to connect.

I tested also with another linux box with a different distro (I'm using gentoo the other is a Fedora) with same hardware and problem, then I tested a different wireless card a RTL8191SU 802.11n WLAN Adapter (the integrated is a IWLWIFI Intel Corporation Centrino Wireless-N 1030) without success

Last I try with a "WPA2 PSK (Personal)" and it's working, so the problem seems restricted to PPSK.

Have any one experienced the same issue?

thanks
Photo of Dario Ronzani

Dario Ronzani

  • 2 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 2
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I tested using HiveOS 6.1r1 and Kali Linux 1.03 (based on Debian) and I could not associcate using a PPSK. I could, however, connect using a standard WPA2 passphrase.

The cat/proc/version command shows:

Linux version 3.7-trunk-amd64 (debian-kernel@lists.debian.org) (gcc version 4.7.2 (Debian 4.7.2-5) ) #1 SMP Debian 3.7.2-0+kali8
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
Hi Crowdie/Dario,

I will make sure I test this in the Support lab today and let you know what I find.
Photo of Dario Ronzani

Dario Ronzani

  • 2 Posts
  • 0 Reply Likes
thanks Brian, let me know if you need more detail.
bye Dario
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
Crowdie/Dario,

Can you share with me what version of HiveOS you are trying to get your Linux clients to connect to your PPSK and PSK SSIDs? Also, if you could run a client monitor against the Linux client while it is connecting to both the PSK and PPSK SSID that would be very helpful.

Thanks,
Brian
Photo of Matthew Gast

Matthew Gast

  • 284 Posts
  • 63 Reply Likes
Crowdie/Dario -- if in addition to the client monitor log, you could also get us the debug trace from the Linux supplicant as it tries to connect, that would be helpful.

Can you tell where in the 4-Way Handshake (which message number) the supplicant is failing to connect?
Photo of Dario Ronzani

Dario Ronzani

  • 2 Posts
  • 0 Reply Likes
Hi,

sorry for the late response.

the version is: HiveOS 6.1r1.1247

for the other question I'm unable for this and next week to access the aerohive installation ;-( I'll return to you in the first week of august and give you the trace and clen monitor.

thanks dario
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
To test this again I created a single SSID called "Students" that utilises PPSK authentication. I created a single PPSK user to authenticate and my wife's Windows 8 laptop associated correctly using the PPSK credentials.

I utilised a HMOL 6.1r1 with an AP121 (running HiveOS 6.1r1) for the testing.

The ClientMonitor results are as follows:

07/25/2013 07:52:46 AM 100BA9D5A9C8 4018B1348868 AH-348840 BASIC (18)Rx auth (frame 1, rssi 32dB)
07/25/2013 07:52:46 AM 100BA9D5A9C8 4018B1348868 AH-348840 BASIC (19)Tx auth (frame 2, status 0, pwr 19dBm)
07/25/2013 07:52:46 AM 100BA9D5A9C8 4018B1348868 AH-348840 BASIC (20)Rx assoc req (rssi 40dB)
07/25/2013 07:52:46 AM 100BA9D5A9C8 4018B1348868 AH-348840 BASIC (21)Tx assoc resp (status 0, pwr 19dBm)
07/25/2013 07:52:46 AM 100BA9D5A9C8 4018B1348868 AH-348840 INFO (22)WPA-PSK auth is starting (at if=wifi1.1)
07/25/2013 07:52:46 AM 100BA9D5A9C8 4018B1348868 AH-348840 INFO (23)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.1)
07/25/2013 07:52:50 AM 100BA9D5A9C8 4018B1348868 AH-348840 INFO (24)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.1)
07/25/2013 07:52:54 AM 100BA9D5A9C8 4018B1348868 AH-348840 INFO (25)Sending 1/4 msg of 4-Way Handshake (at if=wifi1.1)
07/25/2013 07:52:58 AM 100BA9D5A9C8 4018B1348868 AH-348840 BASIC (26)Sta(at if=wifi1.1) is de-authenticated because of 4way handshake failure

07/25/2013 07:52:58 AM 100BA9D5A9C8 4018B1348868 AH-348840 BASIC (28)Sta(at if=wifi1.1) is de-authenticated because of notification of driver
07/25/2013 07:53:04 AM 100BA9D5A9C8 4018B1348854 AH-348840 BASIC (51)Rx auth (frame 1, rssi 28dB)
07/25/2013 07:53:04 AM 100BA9D5A9C8 4018B1348854 AH-348840 BASIC (52)Tx auth (frame 2, status 0, pwr 11dBm)
07/25/2013 07:53:04 AM 100BA9D5A9C8 4018B1348854 AH-348840 BASIC (53)Rx assoc req (rssi 36dB)
07/25/2013 07:53:04 AM 100BA9D5A9C8 4018B1348854 AH-348840 BASIC (54)Tx assoc resp (status 0, pwr 11dBm)
07/25/2013 07:53:04 AM 100BA9D5A9C8 4018B1348854 AH-348840 INFO (55)WPA-PSK auth is starting (at if=wifi0.1)
07/25/2013 07:53:04 AM 100BA9D5A9C8 4018B1348854 AH-348840 INFO (56)Sending 1/4 msg of 4-Way Handshake (at if=wifi0.1)
07/25/2013 07:53:08 AM 100BA9D5A9C8 4018B1348854 AH-348840 INFO (57)Sending 1/4 msg of 4-Way Handshake (at if=wifi0.1)
07/25/2013 07:53:12 AM 100BA9D5A9C8 4018B1348854 AH-348840 INFO (58)Sending 1/4 msg of 4-Way Handshake (at if=wifi0.1)
07/25/2013 07:53:16 AM 100BA9D5A9C8 4018B1348854 AH-348840 BASIC (59)Sta(at if=wifi0.1) is de-authenticated because of 4way handshake failure
07/25/2013 07:53:16 AM 100BA9D5A9C8 4018B1348854 AH-348840 BASIC (61)Sta(at if=wifi0.1) is de-authenticated because of notification of driver

The WPA Supplicant debug logs are as follows:

wpa_supplicant v1.0
random: Trying to read entropy from /dev/random
Initializing interface 'wlan0' conf '/root/Students.conf' driver 'default' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/root/Students.conf' -> '/root/Students.conf'
Reading configuration file '/root/Students.conf'
Priority group 0
id=0 ssid='Students'
WEXT: cfg80211-based driver detected
wext: interface wlan0 phy: phy0
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
rfkill: initial event: idx=1 type=2 op=0 soft=1 hard=0
rfkill: initial event: idx=2 type=5 op=0 soft=1 hard=0
rfkill: initial event: idx=3 type=1 op=0 soft=0 hard=0
SIOCGIWRANGE: WE(compiled)=22 WE(source)=21 enc_capa=0xf
capabilities: key_mgmt 0xf enc 0xf flags 0x0
netlink: Operstate: linkmode=1, operstate=5
wlan0: Own MAC address: 10:0b:a9:d5:a9:c8
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=4 set_tx=0 seq_len=0 key_len=0
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_key: alg=0 key_idx=5 set_tx=0 seq_len=0 key_len=0
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_countermeasures
wlan0: RSN: flushing PMKID list in the driver
wlan0: Setting scan request: 0 sec 100000 usec
WPS: Set UUID for interface wlan0
WPS: UUID based on MAC address - hexdump(len=16): 1e 6c 6e 51 17 97 52 00 91 e5 0e a0 4f 37 14 53
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: Supplicant port status: Unauthorized
EAPOL: Supplicant port status: Unauthorized
wlan0: Added interface wlan0
random: Got 20/20 bytes from /dev/random
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b06 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b1a len=16
wlan0: State: DISCONNECTED -> SCANNING
Scan SSID - hexdump_ascii(len=8):
53 74 75 64 65 6e 74 73 Students
wlan0: Starting AP scan for specific SSID(s)
Scan requested (ret=0) - scan timeout 10 seconds
EAPOL: disable timer tick
EAPOL: Supplicant port status: Unauthorized
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b19 len=16
wlan0: Event SCAN_RESULTS (3) received
Received 3227 bytes of scan results (5 BSSes)
wlan0: BSS: Start scan result update 1
wlan0: BSS: Add new id 0 BSSID 40:18:b1:34:88:68 SSID 'Students'
wlan0: BSS: Add new id 1 BSSID 2c:b0:5d:4b:2a:79 SSID 'Celtic'
wlan0: BSS: Add new id 2 BSSID 40:18:b1:34:88:54 SSID 'Students'
wlan0: BSS: Add new id 3 BSSID 78:a0:51:21:b2:f5 SSID 'Orcon-Wireless'
wlan0: BSS: Add new id 4 BSSID 6a:5f:db:14:16:40 SSID 'vodafone1643'
wlan0: New scan results available
wlan0: Selecting BSS from priority group 0
wlan0: 0: 40:18:b1:34:88:68 ssid='Students' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 level=-61
wlan0: selected based on RSN IE
wlan0: selected BSS 40:18:b1:34:88:68 ssid='Students'
wlan0: Request association: reassociate: 0 selected: 40:18:b1:34:88:68 bssid: 00:00:00:00:00:00 pending: 00:00:00:00:00:00 wpa_state: SCANNING
wlan0: Trying to associate with 40:18:b1:34:88:68 (SSID='Students' freq=5785 MHz)
FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0):
wlan0: Cancelling scan request
wlan0: WPA: clearing own WPA/RSN IE
wlan0: Automatic auth_alg selection: 0x1
wlan0: RSN: using IEEE 802.11i/D9.0
wlan0: WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2 proto 2
wlan0: WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=24): 30 16 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 00 00
wlan0: WPA: using GTK CCMP
wlan0: WPA: using PTK CCMP
wlan0: WPA: using KEY_MGMT WPA-PSK
wlan0: WPA: not using MGMT group cipher
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
wlan0: No keys have been configured - skip key clearing
wlan0: State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
wpa_driver_wext_set_drop_unencrypted
wpa_driver_wext_set_psk
wlan0: Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - EAP fail=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portControl=Auto
EAPOL: Supplicant port status: Unauthorized
RSN: Ignored PMKID candidate without preauth flag
RSN: Ignored PMKID candidate without preauth flag
wlan0: Checking for other virtual interfaces sharing same radio (phy0) in event_scan_results
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b1a len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b06 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b04 len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b1a len=24
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8c08 len=179
AssocResp IE wireless event - hexdump(len=163): 01 08 8c 12 98 24 b0 48 60 6c 2d 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 16 9d 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 16 9d 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 0e 14 00 0a 00 2c 01 c8 00 14 00 05 00 19 00 7f 05 01 00 00 00 00 dd 18 00 50 f2 02 01 01 04 00 00 00 00 00 20 00 00 00 40 00 00 00 60 00 00 00
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 40:18:b1:34:88:68
wlan0: Event ASSOCINFO (4) received
wlan0: Association info event
resp_ies - hexdump(len=163): 01 08 8c 12 98 24 b0 48 60 6c 2d 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 16 9d 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 16 9d 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 0e 14 00 0a 00 2c 01 c8 00 14 00 05 00 19 00 7f 05 01 00 00 00 00 dd 18 00 50 f2 02 01 01 04 00 00 00 00 00 20 00 00 00 40 00 00 00 60 00 00 00
FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0):
wlan0: Event ASSOC (0) received
wlan0: State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
wlan0: Associated with 00:00:00:00:00:00
wlan0: WPA: Association event - clear replay counter
wlan0: WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portValid=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - EAP success=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: enable timer tick
EAPOL: SUPP_BE entering state IDLE
wlan0: Setting authentication timeout: 10 sec 0 usec
wlan0: Cancelling scan request
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 00:00:00:00:00:00
wlan0: Event DISASSOC (1) received
wlan0: Disassociation notification
wlan0: WPA: Auto connect enabled: try to reconnect (wps=0)
wlan0: Setting scan request: 0 sec 100000 usec
Added BSSID 40:18:b1:34:88:68 into blacklist
wlan0: Another BSS in this ESS has been seen; try it next
BSSID 40:18:b1:34:88:68 blacklist count incremented to 2
wlan0: Not rescheduling scan to ensure that specific SSID scans occur
wlan0: CTRL-EVENT-DISCONNECTED bssid=40:18:b1:34:88:68 reason=0
wlan0: Disconnect event - remove keys
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=4 set_tx=0 seq_len=0 key_len=0
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_key: alg=0 key_idx=5 set_tx=0 seq_len=0 key_len=0
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wlan0: State: ASSOCIATED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state INITIALIZE
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portValid=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - EAP success=0
EAPOL: Supplicant port status: Unauthorized
wlan0: RX EAPOL from 40:18:b1:34:88:68
wlan0: Not associated - Delay processing of received EAPOL frame
wlan0: State: DISCONNECTED -> SCANNING
wlan0: Starting AP scan for wildcard SSID
wlan0: Optimize scan based on previously generated frequency list
Scan requested (ret=0) - scan timeout 30 seconds
EAPOL: startWhen --> 0
EAPOL: disable timer tick
EAPOL: Supplicant port status: Unauthorized
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b19 len=16
wlan0: Event SCAN_RESULTS (3) received
Scan results did not fit - trying larger buffer (8192 bytes)
Received 5562 bytes of scan results (9 BSSes)
wlan0: BSS: Start scan result update 2
wlan0: BSS: Add new id 5 BSSID 2c:b0:5d:4b:2a:78 SSID 'Celtic'
wlan0: BSS: Add new id 6 BSSID 00:0e:8f:a2:8b:92 SSID 'vodafoneCVX8'
wlan0: BSS: Add new id 7 BSSID 78:a0:51:21:6e:03 SSID 'Orcon-Wireless'
wlan0: BSS: Add new id 8 BSSID 98:fc:11:d6:63:19 SSID 'Cisco04526'
wlan0: New scan results available
wlan0: Selecting BSS from priority group 0
wlan0: 0: 2c:b0:5d:4b:2a:79 ssid='Celtic' wpa_ie_len=0 rsn_ie_len=20 caps=0x11 level=-63 wps
wlan0: skip - SSID mismatch
wlan0: 1: 40:18:b1:34:88:68 ssid='Students' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 level=-64
wlan0: skip - blacklisted (count=2 limit=0)
wlan0: 2: 2c:b0:5d:4b:2a:78 ssid='Celtic' wpa_ie_len=0 rsn_ie_len=20 caps=0x11 level=-55 wps
wlan0: skip - SSID mismatch
wlan0: 3: 40:18:b1:34:88:54 ssid='Students' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 level=-61
wlan0: selected based on RSN IE
wlan0: selected BSS 40:18:b1:34:88:54 ssid='Students'
wlan0: Request association: reassociate: 0 selected: 40:18:b1:34:88:54 bssid: 00:00:00:00:00:00 pending: 00:00:00:00:00:00 wpa_state: SCANNING
wlan0: Trying to associate with 40:18:b1:34:88:54 (SSID='Students' freq=2452 MHz)
FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0):
wlan0: Cancelling scan request
wlan0: WPA: clearing own WPA/RSN IE
wlan0: Automatic auth_alg selection: 0x1
wlan0: RSN: using IEEE 802.11i/D9.0
wlan0: WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2 proto 2
wlan0: WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=24): 30 16 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 00 00
wlan0: WPA: using GTK CCMP
wlan0: WPA: using PTK CCMP
wlan0: WPA: using KEY_MGMT WPA-PSK
wlan0: WPA: not using MGMT group cipher
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
wlan0: No keys have been configured - skip key clearing
wlan0: State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
wpa_driver_wext_set_drop_unencrypted
wpa_driver_wext_set_psk
wlan0: Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - EAP fail=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portControl=Auto
EAPOL: Supplicant port status: Unauthorized
RSN: Ignored PMKID candidate without preauth flag
RSN: Ignored PMKID candidate without preauth flag
wlan0: Checking for other virtual interfaces sharing same radio (phy0) in event_scan_results
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b1a len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b06 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b04 len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b1a len=24
wlan0: RX EAPOL from 40:18:b1:34:88:54
wlan0: Not associated - Delay processing of received EAPOL frame
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8c08 len=185
AssocResp IE wireless event - hexdump(len=169): 01 08 82 84 8b 0c 12 96 18 24 32 04 30 48 60 6c 2d 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 16 09 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 16 09 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 0e 14 00 0a 00 2c 01 c8 00 14 00 05 00 19 00 7f 05 01 00 00 00 00 dd 18 00 50 f2 02 01 01 04 00 00 00 00 00 20 00 00 00 40 00 00 00 60 00 00 00
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 40:18:b1:34:88:54
wlan0: Event ASSOCINFO (4) received
wlan0: Association info event
resp_ies - hexdump(len=169): 01 08 82 84 8b 0c 12 96 18 24 32 04 30 48 60 6c 2d 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 1a 8d 01 1b ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d 16 09 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 16 09 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 0e 14 00 0a 00 2c 01 c8 00 14 00 05 00 19 00 7f 05 01 00 00 00 00 dd 18 00 50 f2 02 01 01 04 00 00 00 00 00 20 00 00 00 40 00 00 00 60 00 00 00
FT: Stored MDIE and FTIE from (Re)Association Response - hexdump(len=0):
wlan0: Event ASSOC (0) received
wlan0: State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
wlan0: Associated with 00:00:00:00:00:00
wlan0: WPA: Association event - clear replay counter
wlan0: WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portValid=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - EAP success=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: enable timer tick
EAPOL: SUPP_BE entering state IDLE
wlan0: Setting authentication timeout: 10 sec 0 usec
wlan0: Cancelling scan request
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
WEXT: if_removed already cleared - ignore event
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 00:00:00:00:00:00
wlan0: Event DISASSOC (1) received
wlan0: Disassociation notification
wlan0: WPA: Auto connect enabled: try to reconnect (wps=0)
wlan0: Setting scan request: 0 sec 100000 usec
Added BSSID 40:18:b1:34:88:54 into blacklist
wlan0: Not rescheduling scan to ensure that specific SSID scans occur
wlan0: CTRL-EVENT-DISCONNECTED bssid=40:18:b1:34:88:54 reason=0
wlan0: Disconnect event - remove keys
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=4 set_tx=0 seq_len=0 key_len=0
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_key: alg=0 key_idx=5 set_tx=0 seq_len=0 key_len=0
Driver did not support SIOCSIWENCODEEXT
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wlan0: State: ASSOCIATED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: SUPP_BE entering state INITIALIZE
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portValid=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - EAP success=0
EAPOL: Supplicant port status: Unauthorized

If I try to manually associate to the SSID using my Kali Linux 1.03 laptop it also fails to associate and challenges for a valid passphrase again.
Photo of Matthew Gast

Matthew Gast

  • 284 Posts
  • 63 Reply Likes
According to the client monitor log, the AP is sending the first frame in the 4WHS but is not getting a response.

The AP RSN IE has the following data: 30 16 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 00 00. (For those of you following along at home, search on the text "WPA: set AP RSN IE" to located it in the wpa_supplicant trace) That looks like it's set to use WEP40 as the group cipher with PSK authentication, which is an odd combo to say the least.

It looks like wpa_supplicant might be ignoring the AP RSN IE and choosing its own security. With a mismatch like that, it wouldn't respond to the first frame in the 4WHS and that would explain the behavior we're seeing.

I hate to ask for more information, but can you get us a trace of what's happening in the air? I want a third-party capture of the information elements so I can see what's really going on.
Photo of Robbie Behan

Robbie Behan

  • 1 Post
  • 1 Reply Like
I hate re-opening old threads, but was there any further progress made on this issue?
I have a number of Ubuntu 12.04 clients trying to connect to a PPSK network, and getting output exactly the same as above.
Using AP-330's on OS6.1r1.
Thanks
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I will test this again once the 6.1r3 firmware is released.

Matthew, I can provide you a capture from AirMagnet's WiFi Analyzer if that is suitable.
Photo of Quentin Pidduck

Quentin Pidduck

  • 1 Post
  • 0 Reply Likes
If anyone's watching this thread still, looks like there may be an issue with PSKs that user special characters ~! etc.
Source http://www.linuxquestions.org/questions/linux-wireless-networking-41/wpa-4-way-handshake-failed-8433...

I will test my network without the ! in the PSK and see if the Linux laptops play nicely.

Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I have completed testing using the latest version of Kali Linux and found the following:
  • Manually created PPSKs work correctly whether the passphrase has special characters or not
  • Automatically created PPSKs fail whether the passphrase has special characters or not
Just for an excuse to unpack my Wii console I repeated the tests and the results were the same.  The Wii console would connect using the manually created PPSKs but not the automatically created PPSKs.