Your message dated Wed, 23 May 2012 03:17:36 +0200 with message-id <[email protected]> and subject line Re: wpasupplicant: should try WPA when WPA2 fails for any reason has caused the Debian Bug report #340291, regarding wpasupplicant: should try WPA when WPA2 fails for any reason to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 340291: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340291 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: wpasupplicant Version: 0.4.6-0.2 Severity: important Hi, Wpasupplicant stopped working on my laptop some time ago (I don't use it often, so I don't know when exactly). I'm using ndiswrapper with the bcmwl5a driver. Here is the output of wpa_supplicant -w -i wlan0 -c /etc/wpa_supplicant.conf -D ndiswrapper -dd Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'ndiswrapper' ctrl_interface 'N/A' Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf' Reading configuration file '/etc/wpa_supplicant.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1 Line: 15 - start of a new network block ssid - hexdump_ascii(len=5): 4c 61 42 52 49 LaBRI key_mgmt: 0x1 eap methods - hexdump(len=2): 15 00 identity - hexdump_ascii(len=8): 74 68 69 62 61 75 6c 74 thibault anonymous_identity - hexdump_ascii(len=8): 74 68 69 62 61 75 6c 74 thibault password - hexdump_ascii(len=8): [REMOVED] ca_cert - hexdump_ascii(len=21): 2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 63 /etc/ssl/certs/c 61 2e 70 65 6d a.pem subject_match - hexdump_ascii(len=71): 43 3d 46 52 2f 4f 3d 43 4e 52 53 2f 4f 55 3d 55 C=FR/O=CNRS/OU=U 4d 52 35 38 30 30 2f 43 4e 3d 62 61 6e 71 75 69 MR5800/CN=banqui 73 65 2e 6c 61 62 72 69 2e 66 72 2f 65 6d 61 69 se.labri.fr/emai 6c 41 64 64 72 65 73 73 3d 65 71 73 79 73 40 6c lAddress=eqsys@l 61 62 72 69 2e 66 72 abri.fr priority=1 (0x1) Priority group 1 id=0 ssid='LaBRI' Initializing interface (2) 'wlan0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 SIOCGIWRANGE: WE(compiled)=19 WE(source)=18 enc_capa=0xe capabilities: key_mgmt 0xa enc 0xf Own MAC address: 00:0b:7d:08:3b:87 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 Setting scan request: 0 sec 100000 usec Added interface wlan0 Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added State: DISCONNECTED -> SCANNING Starting AP scan (broadcast SSID) Scan timeout - try to get results Received 1265 bytes of scan results (4 BSSes) Scan results: 4 Selecting BSS from priority group 1 0: 00:12:d9:42:a1:20 ssid='LaBRI' wpa_ie_len=26 rsn_ie_len=22 caps=0x11 selected based on RSN IE Trying to associate with 00:12:d9:42:a1:20 (SSID='LaBRI' freq=2462 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 16 key_mgmt 1 WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 28 00 WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 28 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing State: SCANNING -> ASSOCIATING Here kernel says: ndiswrapper (set_auth_mode:685): setting auth mode failed (6 => C0010015) Setting authentication timeout: 5 sec 0 usec EAPOL: External notification - portControl=Auto RSN: Ignored PMKID candidate without preauth flag RSN: Ignored PMKID candidate without preauth flag RSN: Ignored PMKID candidate without preauth flag CTRL-EVENT-TERMINATING - signal 2 received Removing interface wlan0 State: ASSOCIATING -> DISCONNECTED No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 No keys have been configured - skip key clearing Cancelling scan request Note the kernel error message. This tells that set_auth_mode here fails with error C0010015, i.e. "invalid parameter". The invalid parameter here is 6, i.e. WPA2 authentication mode. That hence means that WPA2 doesn't seem to be supported by the bcmwl5a driver. The solution I hence found is adding proto=WPA in /etc/wpa_supplicant.conf, so as to disable WPA2 completely, event if the AP supports it. But since the default value for "proto" is "WPA RSN", the real clean fix would be to try RSN (if supported by the AP), but then revert to WPA if RSN didn't work for some reason (whatever it may be). Regards, Samuel -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14 Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15) Versions of packages wpasupplicant depends on: ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libreadline5 5.0-11 GNU readline and history libraries ii libssl0.9.8 0.9.8a-3 SSL shared libraries wpasupplicant recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Hi I'm closing this bug, rather than keeping it tagged wontfix, given that WPA/ TKIP has effectively been broken and allowing wpasupplicant to revert to it, despite explicitly being configured differently, would open a serious security risk. Regards Stefan Lippers-Hollmann
signature.asc
Description: This is a digitally signed message part.
--- End Message ---

