Re: Access Point & WPA2

[Berend De Schouwer <berend de schouwer gmail com>]

On Tue, 2018-12-11 at 10:58 +0100, Thomas Haller wrote:
> On Tue, 2018-12-11 at 10:41 +0200, Berend De Schouwer wrote:
> > On Mon, 2018-12-10 at 17:22 +0100, Thomas Haller wrote:
> > > On Mon, 2018-12-10 at 12:15 +0200, Berend De Schouwer via
>
> Hi Berend,
>
>
>   : ifindex=3 (wlan0) alg=4
> addr=0xaaaae5906648 key_idx=4 set_tx=1 seq_len=0 key_len=16
>   nl80211: set_key failed; err=-22 Invalid argument)
>   WPA: group state machine entering state FATAL_FAILURE
>
> Beniamino said, "alg=4 is the IGTK, that should be required by PMF."
> Maybe try:
>
>   nmcli connection modify "$PROFILE" wifi.pmf disable
>
> and reactivate the profile.

That fixed it!  Thanks Beniamino and Thomas.

wifi.pmf disable resulted in alg=2:

Dec 11 12:35:16 morgue.deschouwer.co.za NetworkManager[839]: <info>  [1544524516.5910] device (wlan0): 
Activation: (wifi) Stage 2 of 5 (Device Configure) successful.  Started Wi-Fi Hotspot 'HotelGUI'.
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: wpa_driver_nl80211_set_key: ifindex=3 (wlan0) 
alg=2 addr=0xaaaace5e1648 key_idx=1 set_tx=1 seq_len=0 key_len=32
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: nl80211: KEY_DATA - hexdump(len=32): [REMOVED]
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]:    broadcast key
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: nl80211: Set wlan0 operstate 0->1 (UP)
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: netlink: Operstate: ifindex=3 linkmode=-1 (no 
change), operstate=6 (IF_OPER_UP)
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: wlan0: interface state UNINITIALIZED->ENABLED
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: wlan0: AP-ENABLED
Dec 11 12:35:16 morgue.deschouwer.co.za wpa_supplicant[2426]: wlan0: State: SCANNING -> COMPLETED


> best,
> Thomas
>
>
>
> PS: it would be better to reply to the mailing list, and not me
> personally. Because so nobody else can help, and it's also not
> helpful
> for others. And if you paste text (the logfile) into the email, it
> would be nice to make sure that the lines are not wrapped.
> Preferably,
> attach the file to the email instead. Thanks!!

It was my intention to mail the list, but I didn't check the To: field
after hitting 'reply'.  My mistake.  Sorry.


> > > networkmanager-list wrote:
> > > > Hi,
> > > >
> > > > I've got a system running 1.12.4 that I've got trouble setting
> > > > up
> > > > as
> > > > an
> > > > access point.
> > > >
> > > > I can set it up using hostapd, and NetworkManager without WPA,
> > > > but
> > > > cannot configure using NetworkManager with WPA.
> > > >
> > > > I've tried with a few different options, using the GUI and
> > > > nmcli,
> > > > and
> > > > I
> > > > keep seeing:
> > > >
> > > > Using interface wlan0 with hwaddr r:a:n:d:o:m and ssid
> > > > "TestNet"
> > > > Interface initialization failed
> > > > wlan0: interface state UNINITIALIZED->DISABLED
> > > > wlan0: Unable to setup interface
> > > > Failed to initialize AP interface
> > > > wlan0: interface state DISABLED->DISABLED
> > > > wlan0: AP-DISABLED
> > > > hostapd_free_hapd_data: Interface wlan0 wasn't started
> > > >
> > > >
> > > > I've noticed that hostapd needs to bring wlan0 down first,
> > > > can't
> > > > change
> > > > modes to AP while wlan0 is up.
> > > >
> > > > I've also noticed "Note: nl80211 driver interface is not
> > > > designed
> > > > to
> > > > be
> > > > used with ap_scan=2; this can result in connection failures"
> > > > which
> > > > seems to be a normal message for AP configuration.
> > > >
> > > > Hardware:
> > > > Bus 001 Device 020: ID 148f:3070 Ralink Technology, Corp.
> > > > RT2870/RT3070
> > > > Wireless Adapter
> > > >
> > > >
> > > > What do I look at next?
> > >
> > > Hi,
> > >
> > > I don't think hostapd matters much, because NetworkManager uses
> > > wpa_supplicant's AP functionality (of course, wpa_supplicant and
> > > hostapd are the same project, so they share code).
> >
> > I just mentioned that to prove the hardware could do it.  I tried
> > to
> > set nmcli equivalent.
> >
> >
> > > Is the quoted log from from wpa_supplicant?
> >
> > Yes, as started by NetworkManager
> >
> >
> > > I'd suggest, to enable level=TRACE logging for NetworkManager
> > > (see
> > > [1])
> > > and debug logging to wpa_supplicant, and look at the logs.
> > > If possible, provide them here.
> >
> > I've done so at the bottom of this e-mail.
> >
> > NetworkManager and wpa_supplicant debug separate.
> >
> >
> > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf#n28
> > >
> > >
> > > Sometimes, changing the MAC address trips up supplicant or the
> > > driver.
> > > You could disable that, see:
> > > https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/nm-conf.d/31-mac-addr-change.conf?id=8dfa903a9d6d558cac684c9a3b15bb685a369aad
> >
> > Tried disabling mac-address randomization.  It didn't help, but
> > it's
> > off now
> >
> >
> > > what's the output of `nmcli -f all device show "$WLAN_DEVICE"` ?
> >
> > The output is a lot, and is below.
> >
> >
> > > best,
> > > Thomas
> >
> > Thanks,
> > Berend

debug lines snipped.

Attachment: signature.asc
Description: This is a digitally signed message part