Re: Bug#919138: wpasupplicant: Fails to connect to some Wifi networks on version 2:2.7-3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On Thu, 31 Jan 2019 at 09:57, Beniamino Galvani <bgalvani@xxxxxxxxxx> wrote:
> On Thu, Jan 31, 2019 at 02:44:58AM +0000, Different55 wrote:
> > > Could you please configure a more verbose debug level and paste the
> > > lines related to the IGTK just before "Failed to configure IGTK"?
> > >
> > > Disabling PMF in NetworkManager would probably solve the problem:
> > >
> > > nmcli connection modify 'Depeche Modem' wifi-sec.pmf disable
> > >
> > > but I think it's worth investigating the root cause of the issue.
> > >
> > > Newer NM versions don't set 'ieee80211w=1' but instead use the global
> > > 'Pmf' property, which should work better in cases where the driver
> > > doesn't support PMF.
> > >
> > > Beniamino
> >
>
> > Beniamino's suggestion did work out great. As far as finding a root cause, I've attached 2 more logs. Probably not the cleanest/easiest way, I stopped the systemd-controlled wpa_supplicant service and started it on the terminal in the foreground, copying the options it had under systemd but swapping -s for -d and -dd. Let me know if you need me to do it a different way, I'd be happy to!
>
> > ...
> > EAPOL: SUPP_PAE entering state AUTHENTICATING
> > EAPOL: SUPP_BE entering state SUCCESS
> > EAP: EAP entering state DISABLED
> > EAPOL: SUPP_PAE entering state AUTHENTICATED
> > EAPOL: Supplicant port status: Authorized
> > nl80211: Set supplicant port authorized for d8:b6:b7:ee:fc:18
> > EAPOL: SUPP_BE entering state IDLE
> > EAPOL authentication completed - result=SUCCESS
> > wlp5s0: WPA: IGTK keyid 1024 pn d0caa82e44b2
> > WPA: IGTK - hexdump(len=16): [REMOVED]
> > wpa_driver_nl80211_set_key: ifindex=3 (wlp5s0) alg=4 addr=0x55e7e55d2909 key_idx=1024 set_tx=0 seq_len=6 key_len=16
>
> A key_idx=1024 looks wrong, it should be 4 or 5 for IGTK. I tend to
> think it's a fault of the AP which sends an invalid key index.

Just wondering, any updates on this? Is there any workaround I can
apply to make that work for most users?

-- 
Cheers,
  Andrej

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux