From: "Chuck Crisler" <ccrisler@vgocom.com>
To: <linux-wireless@vger.kernel.org>
Subject: intermittent eap authentication failure
Date: Fri, 14 Jan 2011 13:51:08 -0500 [thread overview]
Message-ID: <D323CFEF4DEC4E18AFF56742F78C16B6@ChuckPC> (raw)
I am running wpa_supplicant v. 0.6.10. I am having a problem remaining on a
network with PEEP authentication. I can initially get on the network but
then fail with the first session timeout sent by the AP. Sometimes if the
ESS is hidden I will have a subsequent probe request fail, causing me to
re-start the entire process, which will then succeed, only to fail with the
next session timeout.
Sometime ago I found a conflict between the supplicant and the MAC80211 code
dealing with Cisco session timeouts. When we were 'deauthenticated', the MAC
code notified the supplicant AND re-associated with the AP. When the driver
got the association response, it then notified the supplicant, which was in
the process of running a scan, which had often already been sent to the
driver, causing a mess. We modified the driver so that if it received a
de-auth with reason code 1 (undefined?), it would *NOT* notify the
supplicant but would re-associate, then notify the supplicant of the new
association. We modified the supplicant so that when it was in the completed
state and received an association event, it went through the disassociation
sequence of calls, then proceeded with whatever was remaining for the
authentication. Later we determined that we could receive the deauth with a
reason code = 4 also, so that was added.
Specifically, this is what we do with a COMPLETED->ASSOCIATED transition in
wpa_supplicant_event_assoc in events.c:
wpa_clear_keys(wpa_s, wpa_s->bssid);
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt))
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
wpa_sm_set_config(wpa_s->eapol, NULL, NULL);
wpa_s->new_connection = 1;
This works fine with WPA/WPA2, but seems to fail with PEEP and (I guess) the
other EAP methods. I don't know EAP well enough yet to understand why this
is failing or what I need to do to make WPA/WPA2 and EAP all work. Would
someone please shed some light on this for me?
Thank you,
Chuck Crisler
next reply other threads:[~2011-01-14 18:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-14 18:51 Chuck Crisler [this message]
2011-01-18 10:52 ` intermittent eap authentication failure Johannes Berg
2011-01-18 14:33 ` Chuck Crisler
2011-01-18 14:54 ` Chuck Crisler
2011-01-18 14:57 ` Johannes Berg
2011-01-18 15:15 ` Chuck Crisler
2011-01-18 15:21 ` Chuck Crisler
2011-01-18 15:23 ` Johannes Berg
2011-01-18 15:33 ` Chuck Crisler
2011-01-18 15:39 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D323CFEF4DEC4E18AFF56742F78C16B6@ChuckPC \
--to=ccrisler@vgocom.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox