Re: Cannot connect to FT networks (CTRL-EVENT-ASSOC-REJECT bssid=00:00:00:00:00:00)

michael-dev <michael-dev@xxxxxxxxxxxxx> · Mon, 21 Oct 2019 19:55:07 +0200

Hi,

the hostapd config looks reasonable. But without an FT debug log 
messages, it is really hard to tell what goes wrong.
Sadly, openwrt strips the debug messages from hostapd at compile time 
(https://dev.archive.openwrt.org/ticket/15658), so debugging on this AP 
would require rebuilding the hostapd package with the relevant patch 
removed.
An other approach would be to add and run a testcase to the hostapd 
hwsim test that matches your configuration files as close as possible to 
rule out that it is caused by an uncaught interference of your settings 
or the openwrt patches for hostapd.

Regards,
M. Braun

Am 15.10.2019 23:00, schrieb Matteo Fortini:
Hi,
unfortunately, that's the only log I can see with level=0. "working
config" means a config without FT-PSK, which connects very well.

I tried both with wpad and hostapd, with the same results:
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 WPA: event 0 notification
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 MLME: MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
Tue Oct 15 20:59:04 2019 daemon.info hostapd: wlan0-1: STA
30:52:cb:81:c0:29 IEEE 802.11: authenticated
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 WPA: event 0 notification
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
Tue Oct 15 20:59:04 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 MLME: MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
Tue Oct 15 20:59:04 2019 daemon.info hostapd: wlan0-1: STA
30:52:cb:81:c0:29 IEEE 802.11: authenticated
Tue Oct 15 20:59:05 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
Tue Oct 15 20:59:05 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 WPA: event 0 notification
Tue Oct 15 20:59:05 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
Tue Oct 15 20:59:05 2019 daemon.debug hostapd: wlan0-1: STA
30:52:cb:81:c0:29 MLME: MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
Tue Oct 15 20:59:05 2019 daemon.info hostapd: wlan0-1: STA
30:52:cb:81:c0:29 IEEE 802.11: authenticated

hostapd config is:
###########################################
driver=nl80211
logger_syslog=127
logger_syslog_level=0
logger_stdout=127
logger_stdout_level=0
country_code=IT
ieee80211d=1
hw_mode=g
supported_rates=120 180 240 360 480 540
basic_rates=120 180 240 360 480 540
beacon_int=250
channel=acs_survey

ieee80211n=1
ht_coex=0
ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]

interface=wlan0-1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
nas_identifier=14CC20F16D1C
wpa_passphrase=XXXXXXXXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=XXXXXXXX
bridge=br-lan
mobility_domain=beef
ft_psk_generate_local=1
ft_over_ds=0
reassociation_deadline=1000
wpa_disable_eapol_key_retries=1
wpa_key_mgmt=WPA-PSK FT-PSK
okc=0
disable_pmksa_caching=1
bssid=86:16:f9:9b:cd:32
###########################################

Il 15/10/19 19:04, michael-dev ha scritto:
Hi,

the hostapd output is lacking all FT related messages. Can you 
increase the debug level?
With working config you mean wpa_supplicant config?
Can you show your hostapd config?

Regards,
M. Braun

Am 14.10.2019 22:51, schrieb Matteo Fortini:
This happens both on OpenWrt (hostapd) and Ubiquity networks.

I own the OpenWrt router.

This is the output with FT-PSK as a key_mgmt option (broken config):
STA 30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
STA 30:52:cb:81:c0:29 MLME: MLME-AUTHENTICATE.indicatiroot@LEDESu:~#
logread -f -e hostapd
STA 30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
STA 30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
STA 30:52:cb:81:c0:29 MLME: 
MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 IEEE 802.11: authenticated
STA 30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
STA 30:52:cb:81:c0:29 WPA: event 0 notification
STA 30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
STA 30:52:cb:81:c0:29 MLME: 
MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 IEEE 802.11: authenticated
STA 30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
STA 30:52:cb:81:c0:29 WPA: event 0 notification
STA 30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
STA 30:52:cb:81:c0:29 MLME: 
MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 IEEE 802.11: authenticated
STA 30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
STA 30:52:cb:81:c0:29 WPA: event 0 notification
STA 30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
STA 30:52:cb:81:c0:29 MLME: 
MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 IEEE 802.11: authenticated

This is a working config:
STA 30:52:cb:81:c0:29 IEEE 802.11: authentication OK (open system)
STA 30:52:cb:81:c0:29 MLME:
MLME-AUTHENTICATE.indication(30:52:cb:81:c0:29, OPEN_SYSTEM)
STA 30:52:cb:81:c0:29 MLME: 
MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 IEEE 802.11: authenticated
STA 30:52:cb:81:c0:29 IEEE 802.11: association OK (aid 3)
STA 30:52:cb:81:c0:29 IEEE 802.11: associated (aid 3)
STA 30:52:cb:81:c0:29 MLME: 
MLME-ASSOCIATE.indication(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 MLME: 
MLME-DELETEKEYS.request(30:52:cb:81:c0:29)
STA 30:52:cb:81:c0:29 IEEE 802.11: binding station to interface 
'wlan0-1'
STA 30:52:cb:81:c0:29 WPA: event 1 notification
STA 30:52:cb:81:c0:29 WPA: start authentication
STA 30:52:cb:81:c0:29 IEEE 802.1X: unauthorizing port
STA 30:52:cb:81:c0:29 WPA: sending 1/4 msg of 4-Way Handshake
STA 30:52:cb:81:c0:29 WPA: received EAPOL-Key frame (2/4 Pairwise)
STA 30:52:cb:81:c0:29 WPA: sending 3/4 msg of 4-Way Handshake
STA 30:52:cb:81:c0:29 WPA: received EAPOL-Key frame (4/4 Pairwise)
AP-STA-CONNECTED 30:52:cb:81:c0:29
STA 30:52:cb:81:c0:29 IEEE 802.1X: authorizing port
STA 30:52:cb:81:c0:29 RADIUS: starting accounting session 
FE1A7096D90FD955
STA 30:52:cb:81:c0:29 WPA: pairwise key handshake completed (RSN)

Il 14/10/19 21:52, michael-dev ha scritto:
Hi,

it basically reads:

nl80211: Connect request send successfully
...
wlan0: Event ASSOC_REJECT (12) received
wlan0: CTRL-EVENT-ASSOC-REJECT bssid=00:00:00:00:00:00 
status_code=16

so your AP advertises FT/1X support, but then does not accept the 
(should be FT-filled) Association Request.

How much control do you have over the AP? Is it hostapd running 
there? Can you produce an AP debug log?

Regards,
M. Braun

Am 14.10.2019 14:00, schrieb Matteo Fortini:
Hi,
I reran the debug test with FT-EAP. I attach the corresponding log.

Thank you,
Matteo

Il 13/10/19 11:59, michael-dev@xxxxxxxxxxxxx ha scritto:
Hi,

having key mgmt restricted to wpa-eap basically disables FT at 
runtime.
Though the debug log is about PSK not EAP so it does not help 
explain why FT-EAP fails for you.

Could you please attach an FT-EAP enabled debug log?

Thanks,
M. Braun

Am 11. Oktober 2019 17:11:49 MESZ schrieb Matteo Fortini 
<matteo.fortini@xxxxxxxxx>:

    I'm using wpa_supplicant 2.9.3

    I cannot connect to any fast transition (FT) networks. I 
attach a debug log.

    This includes for instance all the Ubiquity networks, but I 
tested it also on OpenWrt+Roaming (802.11r)

    It seems that the FT-XXX key_mgmt configuration which is set 
by NM triggers some bug.

    Configuration which doesn't work:

    network={
          ssid="myNetwork"
          scan_ssid=1
          proto=RSN
          key_mgmt=WPA-EAP WPA-EAP-SHA256 FT-EAP FT-EAP-SHA384
          pairwise=CCMP
          auth_alg=OPEN
          bgscan="simple:30:-65:300"
          eap=PEAP
          identity="myuser"
          password="*******"
          fragment_size=1266
          proactive_key_caching=1
    }

    Configuration which works:

    network={
          ssid="myNetwork"
          scan_ssid=1
          proto=RSN
          key_mgmt=WPA-EAP
          pairwise=CCMP
          auth_alg=OPEN
          bgscan="simple:30:-65:300"
          eap=PEAP
          identity="myuser"
          password="*******"
          fragment_size=1266
          proactive_key_caching=1
    }

    My network card is a BCM4350 802.11ac Wireless Network Adapter 
running on Linux 5.3

    * wpasupplicant=2:2.4-1+deb9u4 (oldstable) *works*, but 
because NetworkManager uses "Config: added 'key_mgmt' value 
'WPA-EAP'"
    * wpasupplicant=2:2.7+git20190128+0c1e29f-6 (stable) *doesn't 
work*, but because NetworkManager uses "Config: added 'key_mgmt' 
value 'WPA-EAP
    WPA-EAP-SHA256 FT-EAP FT-EAP-SHA384'"

    Now I'm on wpasupplicant=2:2.9.3 and it doesn't work, either, 
for the same config reason

    Apparently nm uses the capabilities and triggers the bug.

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap