Date: Wed, 17 Jan 2007 10:09:06 -0600 From: Brooks Davis <brooks@freebsd.org> To: Sam Leffler <sam@errno.com> Cc: freebsd-current@freebsd.org Subject: Re: WPA-EAP problems Message-ID: <20070117160906.GB1333@lor.one-eyed-alien.net> In-Reply-To: <45ADC311.90008@errno.com> References: <200701171608.49339.doconnor@gsoft.com.au> <45ADC311.90008@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--eJnRUKwClWJh1Khz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 16, 2007 at 10:32:49PM -0800, Sam Leffler wrote: > Daniel O'Connor wrote: > > Hi, > > I have a WPA-EAP network setup (to a WRT54G with OpenRadius which=20 > > authenticates against an OpenLDAP server on my FreeBSD server), however= quite=20 > > often dhclient fails to get a lease at first go. > >=20 > > My wpa_supplicant file looks like.. > > network=3D{ > > ssid=3D"dons" > > scan_ssid=3D1 > > key_mgmt=3DWPA-EAP > > identity=3D"username" > > password=3D"password" > > phase2=3D"auth=3DPAP" > > } > >=20 > > I have the following in rc.conf.. > > ifconfig_ath0=3D"WPA DHCP" > > background_dhclient=3D"YES" > >=20 > > If I kill dhclient and restart it I can get a lease just fine. I don't = see the=20 > > problem on a WPA-TKIP network. >=20 > Sounds like an issue with dhclient. I rarely use anything but WPA-PSK > so haven't noticed issues. >=20 > It would be useful to get a wpa log to see how long it's taking to > authenticate. It'd be nice if dhclient were triggered by authentication > rather than association as packets cannot pass until before. I've > considered changing things to work in this way. This seems like a good idea. The link isn't really up until you can actually pass packets on it. > > I think the problem is that the ath interface comes up but no > > packets can be transferred because WPA stuff is still happening the > > initial requests get lost. >=20 > But dhclient should retry and get a lease w/o your restarting it. I think this should happen, but I think the back off is random exponential so it doesn't take long to get to the point where it will appear hung because it tries for >60s. Is there an 802.11 event we could key off of to reset the timeouts when authentication occurs? -- Brooks --eJnRUKwClWJh1Khz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFrkohXY6L6fI4GtQRAg6WAJwNzi2FBuYSaaQNhXrDw/qDOED0fwCg0c1p nbCc9giQpvPGUFEBKOweoq4= =zOf9 -----END PGP SIGNATURE----- --eJnRUKwClWJh1Khz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070117160906.GB1333>