Date: Sat, 14 Jul 2007 15:09:20 -0700 From: Sam Leffler <sam@errno.com> To: "Bruce A. Mah" <bmah@freebsd.org> Cc: freebsd-mobile@freebsd.org Subject: Re: ath(4), wpa_supplicant, WPA2, Netgear WG302 problem Message-ID: <46994990.1070505@errno.com> In-Reply-To: <20070713202015.GA1718@phantom.kitchenlab.org> References: <20070713202015.GA1718@phantom.kitchenlab.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce A. Mah wrote:
> I'm having a problem getting a Netgear WG511T in my FreeBSD CURRENT
> laptop to do WPA2-PSK with a Netgear WG302 access point. I'm hoping
> someone here can give me a nudge in the right direction to help
> troubleshoot this.
>
> The laptop is an old Sony Vaio (PCG-Z505HS). The Netgear WG511T
> probes thusly:
>
> ath0: <Atheros 5212> mem 0x88000000-0x8800ffff irq 9 at device 0.0 on cardbus0
> ath0: [ITHREAD]
> ath0: using obsoleted if_watchdog interface
> ath0: Ethernet address: 00:0f:b5:af:81:39
> ath0: mac 7.9 phy 4.5 radio 5.6
>
> The OS is FreeBSD HEAD as of yesterday, GENERIC kernel. Note that
> this has the recent HAL import, as well as wpa_supplicant v0.5.8:
>
> ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
not sure what "the recent hal import" is
>
> The AP is a Netgear WG302 with Firmware 4.2.17. It's configured for
> WPA2-PSK. Several other clients can communicate with this AP without
> any problems. A slightly sanitized wpa_supplicant.conf is:
>
> -----
> network={
> ssid="kitchenlab.org"
> scan_ssid=1
> psk="REAL_PSK_REMOVED"
> }
> -----
>
> Some output from wpa_supplicant -dd is below:
>
> -----
> Starting AP scan (specific SSID)
> Scan SSID - hexdump_ascii(len=14):
> 6b 69 74 63 68 65 6e 6c 61 62 2e 6f 72 67 kitchenlab.org
> Received 0 bytes of scan results (6 BSSes)
> Scan results: 6
> Selecting BSS from priority group 0
> Try to find WPA-enabled AP
> 0: 00:14:6c:6f:2e:7d ssid='kitchenlab.org' wpa_ie_len=0 rsn_ie_len=26 caps=0x31
> selected based on RSN IE
> selected WPA AP 00:14:6c:6f:2e:7d ssid='kitchenlab.org'
> Try to find non-WPA AP
> Trying to associate with 00:14:6c:6f:2e:7d (SSID='kitchenlab.org' freq=2412 MHz)
> Cancelling scan request
> WPA: clearing own WPA/RSN IE
> Automatic auth_alg selection: 0x1
> wpa_driver_bsd_set_auth_alg alg 0x1 authmode 1
> RSN: using IEEE 802.11i/D9.0
> WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 2 proto 2
> WPA: clearing AP WPA IE
> WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 02 01 00
> WPA: using GTK TKIP
> WPA: using PTK CCMP
> WPA: using KEY_MGMT WPA-PSK
> WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
> No keys have been configured - skip key clearing
> wpa_driver_bsd_set_drop_unencrypted: enabled=1
> State: SCANNING -> ASSOCIATING
> wpa_driver_bsd_associate: ssid 'kitchenlab.org' wpa ie len 22 pairwise 3 group 2 key mgmt 1
> wpa_driver_bsd_associate: set PRIVACY 1
> Setting authentication timeout: 10 sec 0 usec
> EAPOL: External notification - EAP success=0
> EAPOL: External notification - EAP fail=0
> EAPOL: External notification - portControl=Auto
> RSN: added PMKSA cache candidate 00:14:6c:6f:2e:7d prio 1000
> RSN: processing PMKSA candidate list
> RSN: not in suitable state for new pre-authentication
> Authentication with 00:00:00:00:00:00 timed out.
> BSSID 00:14:6c:6f:2e:7d blacklist count incremented to 2
> No keys have been configured - skip key clearing
> State: ASSOCIATING -> DISCONNECTED
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> EAPOL: External notification - EAP success=0
> Setting scan request: 0 sec 0 usec
> State: DISCONNECTED -> SCANNING
> -----
>
> It's interesting that the WG511T can associate with this AP if both
> are configured for WEP, and it can do WPA2 with a Linksys WRT54G
> (unknown version). Also I saw superficially similar results while
> running 6.2-RELEASE and RELENG_6 on the same hardware. Debugging by
> Google hasn't helped me yet either, so I'm running out of ideas.
>
> Any thoughts?
It appears wpa_supplicant is timing out waiting for an initial EAPOL
frame from the ap. I'd verify traffic is getting through; possibly with
tcpdump. BTW I'd expect more verbose debug output from wpa_supplicant
with -dd.
Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46994990.1070505>