Date: Sun, 08 Nov 2009 08:48:41 -0800 From: Sam Leffler <sam@freebsd.org> To: geoff@apro.com.au Cc: freebsd-stable@freebsd.org Subject: Re: Problems moving hostapd AP config from 6.4 to 8.0RC2 Message-ID: <4AF6F669.6050403@freebsd.org> In-Reply-To: <200911090053.47239.geoff@apro.com.au> References: <200911090053.47239.geoff@apro.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Geoff Roberts wrote: > Hi, > > I had a working hostapd wireless access point configuration in FreeBSD 6.4. > The access point is being used by Windows XP workstations. > > I was using WPA-EAP with freeradius authentication very successfully on the > 6.4 backend. > > After making the changes for a new 8.0 RC2 (see below) system the XP clients > cannot seem to authenticate. The radius server does not even get contacted by > hostapd. > > I can get WEP and WPA-PSK to work OK - just WPA-EAP fails to work in 8.0RC2. > > I also have a dhcp server running to hand out dynamic addresses. > > Please let me know if you have any suggestions as to how to debug the issue > further or where I may be going wrong. > > ==== > > hostapd.log is showing the following: > > -> Startup > Nov 8 23:06:26 freebsd hostapd: wlan0: IEEE 802.11 Fetching hardware > channel/rate support not supported. > Nov 8 23:06:26 freebsd hostapd: wlan0: RADIUS Authentication server > xxx.xxx.xxx.xxx:1812 > -> When XP client tries to connect to AP > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: > associated > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 1 > notification > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: > start authentication > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: start > authentication > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: > unauthorizing port > Nov 8 23:08:46 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: > received EAPOL-Start from STA > Nov 8 23:08:46 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 5 > notification > ----> Hangs here for a while > Nov 9 00:32:23 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: > deassociated > Nov 9 00:32:23 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 2 > notification Doesn't look like you're getting any debugging from hostapd so we cannot see why it's giving up and dropping the station. > > ===== > > tcpdump -i wlan0: > > 00:33:45.570161 xx:xx:xx:xx:xx:xx (oui Unknown) > Broadcast Null Supervisory, > Receiver not Ready, rcv seq 64, Flags [Poll], length 6 > 00:33:45.570174 xx:xx:xx:xx:xx:xx (oui Unknown) > Broadcast Null Supervisory, > Receiver not Ready, rcv seq 64, Flags [Poll], length 6 > 00:33:48.523053 EAPOL start (1) v1, len 0 > > > > === > dmesg: > ath0: <Atheros 5212> mem 0xf9000000-0xf900ffff irq 16 at device 8.0 on pci1 > ath0: [ITHREAD] > ath0: AR5212 mac 5.6 RF5111 phy 4.1 > === > > rc.conf > > I have converted the 6.4 files from: > > ifconfig_ath0="inet xxx.xxx.xxx.1 netmask xxx.xxx.xxx.192 mode 11g mediaopt > hostap" > > to the newer 8.0 format: > > wlans_ath0="wlan0" > create_args_wlan0="wlanmode hostap mode 11g country Australia" > ifconfig_wlan0="inet xxx.xxx.xxx.1 netmask xxx.xxx.xxx.192" > ifconfig_wlan0_alias0="inet xxx.xxx.xxx.65 netmask xxx.xxx.xxx.192" > ifconfig_wlan0_alias1="inet xxx.xxx.xxx.129 netmask xxx.xxx.xxx.192" > ifconfig_wlan0_alias2="inet xxx.xxx.xxx.193 netmask xxx.xxx.xxx.192" > > NOTE, I found the order of items in create_args_wlan0 important. Yes, you cannot change the country code once the interface is marked UP and that happens implicitly when you set the ip address on an ifnet. > > ==== > > I also adjusted the 6.4 hostapd.conf. Changes in 8.0RC2 are shown with -> > ===== > interface=ath0 -> wlan0 > driver=bsd > -> country_code=Australia Not used by hostapd on freebsd (pretty sure). > logger_syslog=-1 > logger_syslog_level=0 > logger_stdout=-1 > logger_stdout_level=0 > debug=4 > dump_file=/tmp/hostapd.dump > ctrl_interface=/var/run/hostapd > ctrl_interface_group=wheel > ssid=netname > macaddr_acl=0 > ieee8021x=1 > own_ip_addr=127.0.0.1 > auth_server_addr=xxx.xxx.xxx.xxx > auth_server_port=1812 > auth_server_shared_secret=secretpw > wpa=1 > wpa_key_mgmt=WPA-EAP > wpa_pairwise=CCMP TKIP > === > > Extra debugging output from wlandebug: <debug,input,xrate,assoc,auth,output> > > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] recv probe req > Nov 9 00:44:07 freebsd kernel: wlan0: send probe resp on channel 1 to > xx:xx:xx:xx:xx:xx > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] recv probe req > Nov 9 00:44:07 freebsd kernel: wlan0: send probe resp on channel 1 to > xx:xx:xx:xx:xx:xx > Nov 9 00:44:07 freebsd kernel: wlan0: received auth from xx:xx:xx:xx:xx:xx > rssi 24 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] recv auth frame > with algorithm 0 seq 1 > Nov 9 00:44:07 freebsd kernel: [xx:xx:xx:xx:xx:xx] send auth on channel 1 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] station > authenticated (open) > Nov 9 00:44:07 freebsd kernel: wlan0: received assoc_req from > xx:xx:xx:xx:xx:xx rssi 24 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] WPA ie: mc 1/0 uc > 3/0 key 1 caps 0x0 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] station associated > at aid 1: short preamble, short slot time, QoS > Nov 9 00:44:07 freebsd kernel: [xx:xx:xx:xx:xx:xx] send assoc_resp on channel > 1 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] station unauthorize > via MLME So your station associated and hostapd saw it but nothing in your logs shows what hostapd did or did not do to complete the radius handshake. All we see is that hostapd dropped the station--presumably because it timed out trying to authenticated against the backend. Not sure what debug level you need for hostapd; I usually use the cmd line options. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AF6F669.6050403>