On Sun, May 21, 2023 at 08:41:22PM +0200, Robert Senger wrote:
> Hi all,
>
> I am having trouble getting a Windows 11 client connected to a WPA3
> Enterprise network.
>
> While clients using wpa_supplicant can connect fine, the Windows 11
> machine fails in early stage.
>
> When running hostapd with the -d switch from the commmand linbe, I see
> this during a connection attempt of the Windows 11 machine:
>
> association request: STA=04:7b:cb:29:e0:94 capab_info=0x11 listen_interval=1 seq_ctrl=0x1020
> Validating WMM IE: OUI 00:50:f2 OUI type 2 OUI sub-type 0 version 1 QoS info 0x0
> Unsupported management group cipher 4096
>
> This error occurs always, whatever I set for rsn or group cipher in hostapd.conf
>
> I digged into the sources for that message and found this in
> wpa_common.c:
>
> int wpa_cipher_valid_mgmt_group(int cipher)
> {
> return cipher == WPA_CIPHER_GTK_NOT_USED ||
> cipher == WPA_CIPHER_AES_128_CMAC ||
> cipher == WPA_CIPHER_BIP_GMAC_128 ||
> cipher == WPA_CIPHER_BIP_GMAC_256 ||
> cipher == WPA_CIPHER_BIP_CMAC_256;
> }
Hi,
I think the error comes from wpa_auth_ie.c:
if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
{
wpa_printf(MSG_DEBUG, "Unsupported management group "
"cipher %d", data.mgmt_group_cipher);
return WPA_INVALID_MGMT_GROUP_CIPHER;
}
(Note that the cipher is displayed in decimal here, while it's printed
in hex in wpa_common.c).
It seems the problem is that PMF is required and the group management
cipher from configuration (group_mgmt_cipher=) doesn't match the one
from the IE?
Beniamino
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
