> Is it possible that wpasupplicant reports that the driver (iwlwifi) > supports SAE but my hardware does not actually support SAE? It looks like your device supports SAE. Because SAE authentication is completed in your log. ---- Jan 18 11:36:02 pluto wpa_supplicant[86593]: SME: SAE completed - setting PMK for 4-way handshake ---- By your log, wpa_supplicant already recognize that your device does not support 802.11w (00-0f-ac:6 is missing). Therefore if wpa_supplicant can recognize your AP requires 802.11w, wpa_supplicant avoid to connect the AP. ---- Jan 18 11:35:58 pluto wpa_supplicant[86593]: Initializing interface 'wlp3s0' conf 'N/A' driver 'nl80211,wext' ctrl_interface '/run/wpa_supplicant' bridge 'N/A' Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:1 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:5 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:2 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:4 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:10 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:8 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Supported cipher 00-0f-ac:9 Jan 18 11:35:58 pluto wpa_supplicant[86593]: nl80211: Using driver-based off-channel TX ---- But your AP indicates that the AP is not capable and not required 802.11w. 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 08 80 00 <----- here ---- Jan 18 11:36:01 pluto wpa_supplicant[86593]: 38:10:d5:8f:38:e2 freq=5620 qual=0 noise=-92~ level=-61 snr=31* flags=0xb age=1048 est=135000 Jan 18 11:36:01 pluto wpa_supplicant[86593]: IEs - hexdump(len=439): 00 08 77 67 72 6f 75 74 65 72 01 08 8c 12 98 24 b0 48 60 6c 03 01 7c 07 3c 44 45 20 24 01 17 28 01 17 2c 01 17 30 01 17 34 01 17 38 01 17 3c 01 17 40 01 17 64 01 1e 68 01 1e 6c 01 1e 70 01 1e 74 01 1e 78 01 1e 7c 01 1e 80 01 1e 84 01 1e 88 01 1e 8c 01 1e 20 01 03 0b 05 02 00 01 00 00 46 05 73 d0 00 00 0c 2d 1a ef 09 1b ff ff ff 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 3d 16 7c 05 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 0e 14 00 0a 00 2c 01 c8 00 14 00 05 00 19 00 7f 08 05 00 0f 00 00 00 00 40 bf 0c b2 01 80 33 ea ff 00 00 ea ff 00 00 c0 05 01 7a 00 fc ff c1 06 00 00 00 64 00 00 c3 04 02 3c 3c 3c dd 18 00 50 f2 02 01 01 00 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f 00 dd 09 00 03 7f 01 01 00 00 ff 7f dd 0c 00 04 0e 01 01 02 01 00 00 00 00 00 dd 16 8c fd f0 04 00 00 49 4c 51 03 02 09 72 01 8c 16 00 00 3c 00 00 00 dd 6f 00 50 f2 04 10 4a 00 01 10 10 44 00 01 02 10 3b 00 01 03 10 47 00 10 c9 59 b5 c3 8d d0 39 ac a9 80 38 10 d5 65 71 88 10 21 00 03 41 56 4d 10 23 00 04 46 42 6f 78 10 24 00 04 30 30 30 30 10 42 00 04 30 30 30 30 10 54 00 08 00 06 00 50 f2 04 00 01 10 11 00 04 46 42 6f 78 10 08 00 02 02 80 10 3c 00 01 03 10 49 00 06 00 37 2a 00 01 20 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 08 80 00 dd 08 8c fd f0 01 01 02 01 00 Jan 18 11:36:01 pluto wpa_supplicant[86593]: Beacon IEs - hexdump(len=363): 00 08 77 67 72 6f 75 74 65 72 01 08 8c 12 98 24 b0 48 60 6c 03 01 7c 05 04 00 01 00 00 07 3c 44 45 20 24 01 17 28 01 17 2c 01 17 30 01 17 34 01 17 38 01 17 3c 01 17 40 01 17 64 01 1e 68 01 1e 6c 01 1e 70 01 1e 74 01 1e 78 01 1e 7c 01 1e 80 01 1e 84 01 1e 88 01 1e 8c 01 1e 20 01 03 0b 05 02 00 01 00 00 46 05 73 d0 00 00 0c 2d 1a ef 09 1b ff ff ff 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 3d 16 7c 05 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 0e 14 00 0a 00 2c 01 c8 00 14 00 05 00 19 00 7f 08 05 00 0f 00 00 00 00 40 bf 0c b2 01 80 33 ea ff 00 00 ea ff 00 00 c0 05 01 7a 00 fc ff c1 06 00 00 00 64 00 00 c3 04 02 3c 3c 3c dd 18 00 50 f2 02 01 01 00 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f 00 dd 09 00 03 7f 01 01 00 00 ff 7f dd 08 8c fd f0 01 01 02 01 00 dd 16 8c fd f0 04 00 00 49 4c 51 03 02 09 72 01 8c 16 00 00 3c 00 00 00 dd 0c 00 04 0e 01 01 02 01 00 00 00 00 00 dd 1d 00 50 f2 04 10 4a 00 01 10 10 44 00 01 02 10 3c 00 01 03 10 49 00 06 00 37 2a 00 01 20 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 08 80 00 ---- So wpa_supplicant try to connect the AP and send association request. Of course the association request does not include group management cipher suite for 802.11w. 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 08 00 00 ---- Jan 18 11:36:02 pluto wpa_supplicant[86593]: nl80211: Associate (ifindex=9) Jan 18 11:36:02 pluto wpa_supplicant[86593]: * bssid=38:10:d5:8f:38:e2 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * freq=5620 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * SSID=wgrouter Jan 18 11:36:02 pluto wpa_supplicant[86593]: * IEs - hexdump(len=61): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 08 00 00 7f 0b 00 00 0a 02 01 40 40 40 00 01 20 46 05 70 00 00 00 00 3b 11 80 51 53 54 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f Jan 18 11:36:02 pluto wpa_supplicant[86593]: * WPA Versions 0x2 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * pairwise=0xfac04 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * group=0xfac04 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * akm=0xfac08 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * htcaps - hexdump(len=26): 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * htcaps_mask - hexdump(len=26): 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * vhtcaps - hexdump(len=12): 00 00 00 00 00 00 00 00 00 00 00 00 Jan 18 11:36:02 pluto wpa_supplicant[86593]: * vhtcaps_mask - hexdump(len=12): 00 00 00 00 00 00 00 00 00 00 00 00 ---- The AP reject with WLAN_STATUS_INVALID_IE. I guess this is because lack of group management cipher suite for 802.11w. ---- Jan 18 11:36:02 pluto wpa_supplicant[86593]: wlp3s0: CTRL-EVENT-ASSOC-REJECT bssid=38:10:d5:8f:38:e2 status_code=40 ---- I'm still having problems buying that access point from Japan. But this comment would be helpful. > To connect the wireless device anyway, you must adjust the security settings in the FRITZ!Box: > Disabling WPA3 transition mode (WPA2 + WPA3) Almost APs allows no 802.11w STAs when "WPA3 transition mode (WPA2 + WPA3)" is enabled. But unfortunately the AP does not allow it. > Still curious, why this worked flawlessly with this device with 2.9.0-23 Before the commit 7a9c36722511ce4df88b76cceceb241d6c6a151e "DBus: Add "sae" to interface key_mgmt capabilities", there is no way to enable WPA3 via DBus. So your station just using WPA2. Your access point does not appear to require 802.11w for WPA2. To summarize, the AP indicates that it does not require 802.11w for WPA3, when in fact it does. So it could not be solved by wpa_supplicant. Regards, Masashi Honma. 2022年1月31日(月) 1:01 Michael Biebl <biebl@xxxxxxxxxx>: > > > Since I could easily reproduce it, I ran git bisect. > > 7a9c36722511ce4df88b76cceceb241d6c6a151e is the first bad commit > commit 7a9c36722511ce4df88b76cceceb241d6c6a151e > Author: Brian Norris <briannorris@xxxxxxxxxxxx> > Date: Fri Feb 28 15:50:47 2020 -0800 > > DBus: Add "sae" to interface key_mgmt capabilities > > This will be present when the driver supports SAE and it's included in > the wpa_supplicant build. > > Signed-off-by: Brian Norris <briannorris@xxxxxxxxxxxx> > > > Reverting that commit on top of 2.10 I was again able to successfully > establish a connection. > > The debian build uses CONFIG_SAE=y. > Is it possible that wpasupplicant reports that the driver (iwlwifi) > supports SAE but my hardware does not actually support SAE? > > https://www.intel.com/content/www/us/en/support/articles/000054783/wireless.html > > My network controller is an "Intel Corporation Centrino Advanced-N 6205" _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
