From owner-freebsd-stable@FreeBSD.ORG Sun Nov 8 16:48:46 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CAA21065672 for ; Sun, 8 Nov 2009 16:48:46 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 3032D8FC08 for ; Sun, 8 Nov 2009 16:48:45 +0000 (UTC) Received: from Macintosh-4.local (sam@[10.0.0.198]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id nA8GmfSR094608 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 8 Nov 2009 08:48:41 -0800 (PST) (envelope-from sam@freebsd.org) Message-ID: <4AF6F669.6050403@freebsd.org> Date: Sun, 08 Nov 2009 08:48:41 -0800 From: Sam Leffler Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: geoff@apro.com.au References: <200911090053.47239.geoff@apro.com.au> In-Reply-To: <200911090053.47239.geoff@apro.com.au> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-DCC-x.dcc-servers-Metrics: ebb.errno.com; whitelist Cc: freebsd-stable@freebsd.org Subject: Re: Problems moving hostapd AP config from 6.4 to 8.0RC2 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Nov 2009 16:48:46 -0000 Geoff Roberts wrote: > Hi, > > I had a working hostapd wireless access point configuration in FreeBSD 6.4. > The access point is being used by Windows XP workstations. > > I was using WPA-EAP with freeradius authentication very successfully on the > 6.4 backend. > > After making the changes for a new 8.0 RC2 (see below) system the XP clients > cannot seem to authenticate. The radius server does not even get contacted by > hostapd. > > I can get WEP and WPA-PSK to work OK - just WPA-EAP fails to work in 8.0RC2. > > I also have a dhcp server running to hand out dynamic addresses. > > Please let me know if you have any suggestions as to how to debug the issue > further or where I may be going wrong. > > ==== > > hostapd.log is showing the following: > > -> Startup > Nov 8 23:06:26 freebsd hostapd: wlan0: IEEE 802.11 Fetching hardware > channel/rate support not supported. > Nov 8 23:06:26 freebsd hostapd: wlan0: RADIUS Authentication server > xxx.xxx.xxx.xxx:1812 > -> When XP client tries to connect to AP > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: > associated > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 1 > notification > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: > start authentication > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: start > authentication > Nov 8 23:08:43 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: > unauthorizing port > Nov 8 23:08:46 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: > received EAPOL-Start from STA > Nov 8 23:08:46 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 5 > notification > ----> Hangs here for a while > Nov 9 00:32:23 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: > deassociated > Nov 9 00:32:23 freebsd hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 2 > notification Doesn't look like you're getting any debugging from hostapd so we cannot see why it's giving up and dropping the station. > > ===== > > tcpdump -i wlan0: > > 00:33:45.570161 xx:xx:xx:xx:xx:xx (oui Unknown) > Broadcast Null Supervisory, > Receiver not Ready, rcv seq 64, Flags [Poll], length 6 > 00:33:45.570174 xx:xx:xx:xx:xx:xx (oui Unknown) > Broadcast Null Supervisory, > Receiver not Ready, rcv seq 64, Flags [Poll], length 6 > 00:33:48.523053 EAPOL start (1) v1, len 0 > > > > === > dmesg: > ath0: mem 0xf9000000-0xf900ffff irq 16 at device 8.0 on pci1 > ath0: [ITHREAD] > ath0: AR5212 mac 5.6 RF5111 phy 4.1 > === > > rc.conf > > I have converted the 6.4 files from: > > ifconfig_ath0="inet xxx.xxx.xxx.1 netmask xxx.xxx.xxx.192 mode 11g mediaopt > hostap" > > to the newer 8.0 format: > > wlans_ath0="wlan0" > create_args_wlan0="wlanmode hostap mode 11g country Australia" > ifconfig_wlan0="inet xxx.xxx.xxx.1 netmask xxx.xxx.xxx.192" > ifconfig_wlan0_alias0="inet xxx.xxx.xxx.65 netmask xxx.xxx.xxx.192" > ifconfig_wlan0_alias1="inet xxx.xxx.xxx.129 netmask xxx.xxx.xxx.192" > ifconfig_wlan0_alias2="inet xxx.xxx.xxx.193 netmask xxx.xxx.xxx.192" > > NOTE, I found the order of items in create_args_wlan0 important. Yes, you cannot change the country code once the interface is marked UP and that happens implicitly when you set the ip address on an ifnet. > > ==== > > I also adjusted the 6.4 hostapd.conf. Changes in 8.0RC2 are shown with -> > ===== > interface=ath0 -> wlan0 > driver=bsd > -> country_code=Australia Not used by hostapd on freebsd (pretty sure). > logger_syslog=-1 > logger_syslog_level=0 > logger_stdout=-1 > logger_stdout_level=0 > debug=4 > dump_file=/tmp/hostapd.dump > ctrl_interface=/var/run/hostapd > ctrl_interface_group=wheel > ssid=netname > macaddr_acl=0 > ieee8021x=1 > own_ip_addr=127.0.0.1 > auth_server_addr=xxx.xxx.xxx.xxx > auth_server_port=1812 > auth_server_shared_secret=secretpw > wpa=1 > wpa_key_mgmt=WPA-EAP > wpa_pairwise=CCMP TKIP > === > > Extra debugging output from wlandebug: > > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] recv probe req > Nov 9 00:44:07 freebsd kernel: wlan0: send probe resp on channel 1 to > xx:xx:xx:xx:xx:xx > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] recv probe req > Nov 9 00:44:07 freebsd kernel: wlan0: send probe resp on channel 1 to > xx:xx:xx:xx:xx:xx > Nov 9 00:44:07 freebsd kernel: wlan0: received auth from xx:xx:xx:xx:xx:xx > rssi 24 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] recv auth frame > with algorithm 0 seq 1 > Nov 9 00:44:07 freebsd kernel: [xx:xx:xx:xx:xx:xx] send auth on channel 1 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] station > authenticated (open) > Nov 9 00:44:07 freebsd kernel: wlan0: received assoc_req from > xx:xx:xx:xx:xx:xx rssi 24 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] WPA ie: mc 1/0 uc > 3/0 key 1 caps 0x0 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] station associated > at aid 1: short preamble, short slot time, QoS > Nov 9 00:44:07 freebsd kernel: [xx:xx:xx:xx:xx:xx] send assoc_resp on channel > 1 > Nov 9 00:44:07 freebsd kernel: wlan0: [xx:xx:xx:xx:xx:xx] station unauthorize > via MLME So your station associated and hostapd saw it but nothing in your logs shows what hostapd did or did not do to complete the radius handshake. All we see is that hostapd dropped the station--presumably because it timed out trying to authenticated against the backend. Not sure what debug level you need for hostapd; I usually use the cmd line options. Sam