On Sun, Oct 03, 2021 at 10:04:24PM +0000, Piotr Lobacz wrote:
Hi again Beniamino, this problem also exsists on Hotspot... and I'm afraid that it hasn't been solved in there yet... If hotspot is being created like this: nmcli dev wifi hotspot ifname wlan0_ap ssid test password "test1234" the default security is set to WPA2 and if i switch it to WPA3 then my client device is being rejected because of: ieee80211 phy0: brcmf_cfg80211_external_auth: External authentication failed: status=1 I'm pretty sure that this is the same error as previous one.
Hi Piotr,
since [1], NetworkManager also enables WPA3 (SAE) when the connection
is configured with key_mgmt=wpa-psk (both in STA and AP mode).
When adding SAE to the key_mgmt list, NM needs first to know if
wpa_supplicant supports it, otherwise wpa_supplicant would fail to
start.
NM looks at the "Capabilities" D-Bus property of the Interface object
to detect SAE support [2]. wpa_supplicant started to export the value in
[3], which is not in the 2.9 release.
I think what's happening is that NM passes a configuration to
wpa_supplicant without SAE because the supplicant doesn't export the
capability.
Can you please try with that wpa_supplicant commit? With the commit
applied you should see in NM logs something similar to:
Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK SAE FT-SAE'
^^^^^^^^^^
Beniamino
[1]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f5d78c2d289c9e4a4c247d2520c7c3e2baf537c8
[2]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f7f4db156ffdd0792dbfcddde3ba60a7ee561dcc
[3] https://w1.fi/cgit/hostap/commit/?id=7a9c36722511ce4df88b76cceceb241d6c6a151e
Attachment:
signature.asc
Description: PGP signature