Re: Access Point & WPA2

From: Berend De Schouwer <berend de schouwer gmail com>
To: Thomas Haller <thaller redhat com>, "networkmanager-list gnome org" <networkmanager-list gnome org>
Subject: Re: Access Point & WPA2
Date: Wed, 12 Dec 2018 13:31:24 +0200

On Tue, 2018-12-11 at 20:12 +0100, Thomas Haller wrote:

On Tue, 2018-12-11 at 12:38 +0200, Berend De Schouwer via
networkmanager-list wrote:

On Tue, 2018-12-11 at 10:58 +0100, Thomas Haller wrote:

On Tue, 2018-12-11 at 10:41 +0200, Berend De Schouwer wrote:

On Mon, 2018-12-10 at 17:22 +0100, Thomas Haller wrote:

On Mon, 2018-12-10 at 12:15 +0200, Berend De Schouwer via


Hi Berend,


  : ifindex=3 (wlan0) alg=4
addr=0xaaaae5906648 key_idx=4 set_tx=1 seq_len=0 key_len=16
  nl80211: set_key failed; err=-22 Invalid argument)
  WPA: group state machine entering state FATAL_FAILURE

Beniamino said, "alg=4 is the IGTK, that should be required by
PMF."
Maybe try:

  nmcli connection modify "$PROFILE" wifi.pmf disable

and reactivate the profile.


That fixed it!  Thanks Beniamino and Thomas.

wifi.pmf disable resulted in alg=2:

Dec 11 12:35:16 morgue.deschouwer.co.za NetworkManager[839]:
<info>  [1544524516.5910] device (wlan0): Activation: (wifi) Stage
2
of 5 (Device Configure) successful.  Started Wi-Fi Hotspot
'HotelGUI'.
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
wpa_driver_nl80211_set_key: ifindex=3 (wlan0) alg=2
addr=0xaaaace5e1648 key_idx=1 set_tx=1 seq_len=0 key_len=32
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
nl80211: KEY_DATA - hexdump(len=32): [REMOVED]
Dec 11 12:35:16 morgue.deschouwer.co.za
wpa_supplicant[2426]:    broadcast key
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
nl80211: Set wlan0 operstate 0->1 (UP)
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=6
(IF_OPER_UP)
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
wlan0:
interface state UNINITIALIZED->ENABLED
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
wlan0:
AP-ENABLED
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:
wlan0:
State: SCANNING -> COMPLETED


Hi,

good to know. I wonder whether this is a bug in NetworkManager. If
you
leave pmf at "0 (default)", it seems it should just work.


best,
Thomas


nmcli describes the default as "optionally enabled", which would
indicate that this behaviour is a bug.

You could view it as a bug in NetworkManager or wpa_supplicant, or the
driver.  Which layer needs the change?

Also, now that I know what I'm looking for, there's this:
https://fedoramagazine.org/troubleshoot-pmf-f28/

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Access Point & WPA2
  - From: Berend De Schouwer
- Re: Access Point & WPA2
  - From: Thomas Haller
- Re: Access Point & WPA2
  - From: Berend De Schouwer
- Re: Access Point & WPA2
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]