Where would I check the value of `ieee80211w` or `pmf` on a stock Linux Mint 21 or Ubuntu 22.04 machine, and how would I modify it? I'd like to be able to change what I need to through `nmcli` if possible. Thanks, Theron On Fri, Mar 17, 2023, at 4:00 AM, Jouni Malinen wrote: > On Thu, Mar 16, 2023 at 07:15:02PM -0500, Theron Spiegl wrote: > > Hi, I'm using a Qualcomm Atheros QCA6174 with wpa_supplicant v2.10. When I start a hotspot with the commands below, it can be joined by most devices (Linux, Windows, iOS) but not an M1 MacBook Pro. I've determined that this is because of SAE/WPA3 support: if I run macOS's `airport` CLI utility, I see that the wpa_supplicant 2.10 hotspot offers `WPA(PSK/AES/AES) RSN(PSK,PSK-SHA256,SAE/AES/AES)` in the Security column. When I use wpa_supplicant 2.9, it offers `WPA(PSK/AES/AES) RSN(PSK,PSK-SHA256/AES/AES)`, and the MacBook can join. > > > > Is there a way to disable SAE and force the use of WPA2-PSK with AES on wpa_supplicant 2.10? (Whether through nmcli or wpa_cli or something else?) > > I would strongly discourage doing that and instead, figure out why there > is no WPA3-Personal (SAE) connection. The current MacBook Pro devices > should be able to use SAE. > > Do you have management frame protection (a.k.a. PMF) enabled in > wpa_supplicant configuration? This could be enabled with ieee80211w=1 > with the particular network profile for the AP mode operation or pmf=1 > as a global parameter to enable it by default for all networks. > > -- > Jouni Malinen PGP id EFC895FA > _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
