# wpa_supplicant - No suitable AP found problem

## linuxn00bie255

Hey all who read this I'm having a heck of a time getting wpa_supplicant to work with my college's WPA network.

Here's some general information about their network:

- They do not broadcast

- It's a WPA-TKIP Setup

- They use PEAP for EAP

Now there's something else I don't quite understand. When I was setting this up on a windows machine I had to goto this section for "Trusted ROot Certification Authorities"

and select IPS SERVIDORES. I have no idea what that is

What makes things even more interesting and not necessarily related to my problem, but I don't know for sure, is that when you had to connect under windows. First you'd connect to the network and then windows would ask you for all the other necessary info, username, pass, and domain. 

Here's my config file for wpa_supplicant:

```

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=wheel

ctrl_interface_group=0

eapol_version=1

ap_scan=1

fast_reauth=1

network={

   ssid="moco"

   key_mgmt=WPA-EAP

   pairwise=TKIP

   group=TKIP

   eap=PEAP

   identity="myuser"

   password="mypass"

   priority=1

}

```

Here is the output of running wpa_supplicant in debug mode

```

Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw'

Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'

Reading configuration file '/etc/wpa_supplicant.conf'

ctrl_interface='/var/run/wpa_supplicant'

ctrl_interface_group=10 (from group name 'wheel')

ctrl_interface_group=0

eapol_version=1

ap_scan=1

fast_reauth=1

Line: 264 - start of a new network block

ssid - hexdump_ascii(len=4):

     6d 6f 63 6f                                       moco            

key_mgmt: 0x1

pairwise: 0x8

group: 0x8

eap methods - hexdump(len=2): 19 00

identity - hexdump_ascii(len=7):

     73 74 74 73 6d 30 31                              [REMOVED]         

password - hexdump_ascii(len=9): [REMOVED]

priority=1 (0x1)

Priority group 1

   id=0 ssid='moco'

Initializing interface (2) 'eth1'

EAPOL: SUPP_PAE entering state DISCONNECTED

EAPOL: KEY_RX entering state NO_KEY_RECEIVE

EAPOL: SUPP_BE entering state INITIALIZE

EAP: EAP entering state DISABLED

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

wpa_driver_ipw_init is called

Own MAC address: 00:12:f0:88:68:eb

wpa_driver_ipw_set_wpa: enabled=1

wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_countermeasures: enabled=0

wpa_driver_ipw_set_drop_unencrypted: enabled=1

Setting scan request: 0 sec 100000 usec

Wireless event: cmd=0x8b06 len=8

Starting AP scan (broadcast SSID)

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

Scan timeout - try to get results

Received 1102 bytes of scan results (4 BSSes)

Scan results: 4

Selecting BSS from priority group 1

0: 00:0b:86:a4:4a:40 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

1: 00:0b:86:a4:f5:90 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

2: 00:0b:86:a4:4b:e0 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

3: 00:0b:86:a4:e8:10 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

No suitable AP found.

Setting scan request: 5 sec 0 usec

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

Starting AP scan (broadcast SSID)

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

Scan timeout - try to get results

Received 1103 bytes of scan results (4 BSSes)

Scan results: 4

Selecting BSS from priority group 1

0: 00:0b:86:a4:4a:40 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

1: 00:0b:86:a4:f5:90 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

2: 00:0b:86:a4:e8:10 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

3: 00:0b:86:a4:4b:e0 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

No suitable AP found.

Setting scan request: 5 sec 0 usec

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

Starting AP scan (broadcast SSID)

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:00:00:00:00:00

Added BSSID 00:00:00:00:00:00 into blacklist

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

Disconnect event - remove keys

wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0

Scan timeout - try to get results

Received 1312 bytes of scan results (5 BSSes)

Scan results: 5

Selecting BSS from priority group 1

0: 00:0b:86:a4:4a:40 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

1: 00:0b:86:a4:f5:90 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

2: 00:0b:86:a4:4b:e0 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

3: 00:0b:86:a4:e8:10 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

4: 00:20:a6:50:9e:4a ssid='wmocosin2' wpa_ie_len=0 rsn_ie_len=0

   skip - no WPA/RSN IE

No APs found - clear blacklist and try again

Removed BSSID 00:00:00:00:00:00 from blacklist (clear)

Selecting BSS from priority group 1

0: 00:0b:86:a4:4a:40 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

1: 00:0b:86:a4:f5:90 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

2: 00:0b:86:a4:4b:e0 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

3: 00:0b:86:a4:e8:10 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

4: 00:20:a6:50:9e:4a ssid='wmocosin2' wpa_ie_len=0 rsn_ie_len=0

   skip - no WPA/RSN IE

No suitable AP found.

```

This last part just repeats over and over again

And lastly I have the latest version of the wpa_supplicant

and I am using the ipw2200 drivers latest version

I get one thing at dmesg and that is: 

ipw2200: Can't set TKIP countermeasures: crypt not set!

If anyone has some insite into my problem I'd love to hear it

Thanks in advance!

----------

## Kruegi

 *linuxn00bie255 wrote:*   

> - They do not broadcast

 

They do! But they don't include the SSID field in the broadcast. Since it does not comply with the IEEE 802.11 standard it may be the cause of the problem.

You can try an other scanning mode or tell the admin that deactiviating the SSID broadcast is useless and does not give any security but many troubles.

Thomas

----------

## linuxn00bie255

Hmmmm, that's interesting, I had not heard that before. I could try talking to the people in charge of the network. I know a few of them and have some friends that work for them. Unfortunetly they don't generally seem to willing to listen to what students have to say in regards to the condition of their network. They are, for whatever reason, really concerned about letting the SSID be sent. It's kind of silly given the area of the college, not exactly a war driving neighborhood *sigh*. At any rate, you mentioned changing the scanning mode. By that I assume you mean th ap_scan setting? If so I have tried modes 0 and 2 just for the heck of it. The messages I get are still basically the same, but in the end it still doesn't work. However another odd thing I should mention is that after I run in mode 2, if I go back to mode 1, what it does is very different. I figured I would post it here too, in case it helps somehow. Also after I run in mode 2 when I do a iwlist scan  it shows the network shows up in the list...

```

Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw'

Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'

Reading configuration file '/etc/wpa_supplicant.conf'

ctrl_interface='/var/run/wpa_supplicant'

ctrl_interface_group=10 (from group name 'wheel')

ctrl_interface_group=0

eapol_version=1

ap_scan=1

fast_reauth=1

Priority group 0

   id=0 ssid='moco'

Initializing interface (2) 'eth1'

EAPOL: SUPP_PAE entering state DISCONNECTED

EAPOL: KEY_RX entering state NO_KEY_RECEIVE

EAPOL: SUPP_BE entering state INITIALIZE

EAP: EAP entering state DISABLED

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

wpa_driver_ipw_init is called

Own MAC address: 00:12:f0:88:68:eb

wpa_driver_ipw_set_wpa: enabled=1

wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_countermeasures: enabled=0

wpa_driver_ipw_set_drop_unencrypted: enabled=1

Setting scan request: 0 sec 100000 usec

Wireless event: cmd=0x8b06 len=8

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added

Starting AP scan (broadcast SSID)

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:00:00:00:00:00

Added BSSID 00:00:00:00:00:00 into blacklist

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

Disconnect event - remove keys

wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0

Scan timeout - try to get results

Received 2124 bytes of scan results (8 BSSes)

Scan results: 8

Selecting BSS from priority group 0

0: 00:0b:86:a4:4a:40 ssid='<hidden>' wpa_ie_len=24 rsn_ie_len=0

   skip - SSID mismatch

1: 00:0b:86:a4:4a:40 ssid='moco' wpa_ie_len=24 rsn_ie_len=0

   selected

Trying to associate with 00:0b:86:a4:4a:40 (SSID='moco' freq=0 MHz)

Cancelling scan request

Automatic auth_alg selection: 0x1

wpa_driver_ipw_set_auth_alg: auth_alg=0x1

WPA: using IEEE 802.11i/D3.0

WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1

WPA: using GTK TKIP

WPA: using PTK TKIP

WPA: using KEY_MGMT 802.1X

WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01

No keys have been configured - skip key clearing

wpa_driver_ipw_set_drop_unencrypted: enabled=1

Setting authentication timeout: 5 sec 0 usec

EAPOL: External notification - portControl=Auto

Wireless event: cmd=0x8b1a len=17

Wireless event: cmd=0x8b15 len=20

Wireless event: new AP: 00:0b:86:a4:4a:40

Association event - clear replay counter

Associated to a new BSS: BSSID=00:0b:86:a4:4a:40

No keys have been configured - skip key clearing

Associated with 00:0b:86:a4:4a:40

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

EAPOL: External notification - portEnabled=1

EAPOL: SUPP_PAE entering state CONNECTING

EAPOL: txStart

EAPOL: SUPP_BE entering state IDLE

EAP: EAP entering state INITIALIZE

EAP: EAP entering state IDLE

Setting authentication timeout: 10 sec 0 usec

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added

RX EAPOL from 00:0b:86:a4:4a:40

Setting authentication timeout: 70 sec 0 usec

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_PAE entering state RESTART

EAP: EAP entering state INITIALIZE

EAP: EAP entering state IDLE

EAPOL: SUPP_PAE entering state AUTHENTICATING

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=1 id=1

EAP: EAP entering state IDENTITY

EAP: EAP-Request Identity data - hexdump_ascii(len=0):

EAP: using real identity - hexdump_ascii(len=7):

     73 74 74 73 6d 30 31                              [REMOVED]         

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 46, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=1 id=1

EAP: EAP entering state RETRANSMIT

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 46, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=2

EAP: EAP entering state GET_METHOD

EAP: initialize selected EAP method (25, PEAP)

EAP-PEAP: Phase2 EAP types - hexdump(len=1): 1a

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=6) - Flags 0x20

EAP-PEAP: Start (server ver=0, own ver=1)

EAP-PEAP: Using PEAP version 0

SSL: (where=0x10 ret=0x1)

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:before/connect initialization

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write client hello A

SSL: (where=0x1002 ret=0xffffffff)

SSL: SSL_connect:error in SSLv3 read server hello A

SSL: SSL_connect - want more data

SSL: 102 bytes pending from ssl_out

SSL: 102 bytes left to be sent out (of total 102 bytes)

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 46, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=3

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=1096) - Flags 0xc0

EAP-PEAP: TLS Message Length: 6390

SSL: Need 5304 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

IEEE 802.1X RX: version=1 type=0 length=1096

WPA: EAPOL frame (type 0) discarded, not a Key frame

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=4

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=1096) - Flags 0x40

SSL: Need 4214 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

IEEE 802.1X RX: version=1 type=0 length=1096

WPA: EAPOL frame (type 0) discarded, not a Key frame

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=5

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=1096) - Flags 0x40

SSL: Need 3124 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

IEEE 802.1X RX: version=1 type=0 length=1096

WPA: EAPOL frame (type 0) discarded, not a Key frame

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=6

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=1096) - Flags 0x40

SSL: Need 2034 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

IEEE 802.1X RX: version=1 type=0 length=1096

WPA: EAPOL frame (type 0) discarded, not a Key frame

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=7

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=1096) - Flags 0x40

SSL: Need 944 bytes more input data

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

IEEE 802.1X RX: version=1 type=0 length=1096

WPA: EAPOL frame (type 0) discarded, not a Key frame

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=8

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=950) - Flags 0x00

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server hello A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server certificate A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server certificate request A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read server done A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write client certificate A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write client key exchange A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write change cipher spec A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 write finished A

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 flush data

SSL: (where=0x1002 ret=0xffffffff)

SSL: SSL_connect:error in SSLv3 read finished A

SSL: SSL_connect - want more data

SSL: 194 bytes pending from ssl_out

SSL: 194 bytes left to be sent out (of total 194 bytes)

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

IEEE 802.1X RX: version=1 type=0 length=950

WPA: EAPOL frame (type 0) discarded, not a Key frame

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=9

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=53) - Flags 0x80

EAP-PEAP: TLS Message Length: 43

SSL: (where=0x1001 ret=0x1)

SSL: SSL_connect:SSLv3 read finished A

SSL: (where=0x20 ret=0x1)

SSL: (where=0x1002 ret=0x1)

SSL: 0 bytes pending from ssl_out

SSL: No data to be sent out

EAP-PEAP: TLS done, proceed to Phase 2

EAP-PEAP: using label 'client EAP encryption' in key derivation

EAP-PEAP: Derived key - hexdump(len=64): [REMOVED]

SSL: Building ACK

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 57, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=10

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=28) - Flags 0x00

EAP-PEAP: received 22 bytes encrypted data for Phase 2

EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=1): 01

EAP-PEAP: received Phase 2: code=1 identifier=10 length=5

EAP-PEAP: Phase 2 Request: type=1

EAP: using real identity - hexdump_ascii(len=7):

     73 74 74 73 6d 30 31                              [REMOVED]         

EAP-PEAP: Encrypting Phase 2 data - hexdump(len=12): [REMOVED]

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 46, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=11

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=57) - Flags 0x00

EAP-PEAP: received 51 bytes encrypted data for Phase 2

EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=30): 1a 01 0b 00 1d 10 e8 bc 96 78 fc ea eb 88 06 de cd d4 98 9a 72 7f 43 45 52 42 45 52 55 53

EAP-PEAP: received Phase 2: code=1 identifier=11 length=34

EAP-PEAP: Phase 2 Request: type=26

EAP-PEAP: Selected Phase 2 EAP method 26

EAP-MSCHAPV2: Received challenge

EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=8):

     43 45 52 42 45 52 55 53                           CERBERUS        

EAP-MSCHAPV2: Generating Challenge Response

EAP-MSCHAPV2: auth_challenge - hexdump(len=16): e8 bc 96 78 fc ea eb 88 06 de cd d4 98 9a 72 7f

EAP-MSCHAPV2: peer_challenge - hexdump(len=16): 63 6b 4f 4a 5c 7d 9f fa a2 5f 2b 45 ea 5c 72 69

EAP-MSCHAPV2: username - hexdump_ascii(len=7):

     73 74 74 73 6d 30 31                              sttsm01         

EAP-MSCHAPV2: password - hexdump_ascii(len=9): [REMOVED]

EAP-MSCHAPV2: response - hexdump(len=24): f5 f6 0b bc 33 c7 68 86 51 07 1c 5e 33 6e c2 35 58 bc 4b e0 32 d4 1e e9

EAP-PEAP: Encrypting Phase 2 data - hexdump(len=66): [REMOVED]

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 61, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=12

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=74) - Flags 0x00

EAP-PEAP: received 68 bytes encrypted data for Phase 2

EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 1a 03 0b 00 2e 53 3d 44 45 33 39 46 36 39 33 45 38 42 37 42 39 34 44 33 34 31 42 45 31 32 42 42 44 31 37 38 46 30 35 31 30 46 38 36 39 36 35

EAP-PEAP: received Phase 2: code=1 identifier=12 length=51

EAP-PEAP: Phase 2 Request: type=26

EAP-MSCHAPV2: Received success

EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):

EAP-MSCHAPV2: Authentication succeeded

EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): [REMOVED]

EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 78, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Request method=25 id=13

EAP: EAP entering state METHOD

EAP-PEAP: Received packet(len=38) - Flags 0x00

EAP-PEAP: received 32 bytes encrypted data for Phase 2

EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 0d 00 0b 21 80 03 00 02 00 01

EAP-PEAP: received Phase 2: code=1 identifier=13 length=11

EAP-PEAP: Phase 2 Request: type=33

EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01

EAP-TLV: Result TLV - hexdump(len=2): 00 01

EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed

EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED]

EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC

EAP: EAP entering state SEND_RESPONSE

EAP: EAP entering state IDLE

EAPOL: SUPP_BE entering state RESPONSE

EAPOL: txSuppRsp

EAPOL: SUPP_BE entering state RECEIVE

WPA: EAPOL frame too short, len 46, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Received EAP-Packet frame

EAPOL: SUPP_BE entering state REQUEST

EAPOL: getSuppRsp

EAP: EAP entering state RECEIVED

EAP: Received EAP-Success

EAP: Workaround for unexpected identifier field in EAP Success: reqId=14 lastId=13 (these are supposed to be same)

EAP: EAP entering state SUCCESS

EAPOL: SUPP_BE entering state RECEIVE

EAPOL: SUPP_BE entering state SUCCESS

EAPOL: SUPP_BE entering state IDLE

WPA: EAPOL frame too short, len 46, expecting at least 99

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines

IEEE 802.1X RX: version=1 type=3 length=95

  EAPOL-Key type=254

WPA: RX message 1 of 4-Way Handshake from 00:0b:86:a4:4a:40 (ver=1)

WPA: Renewed SNonce - hexdump(len=32): 4b 5e 9c 6d a7 b8 ad ec 00 de e6 ed e7 27 d2 f4 d8 9f 51 32 6f 2c e6 8e d6 28 6d 8d 55 dc f8 a8

WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]

WPA: PMK - hexdump(len=32): [REMOVED]

WPA: PTK - hexdump(len=64): [REMOVED]

WPA: EAPOL-Key MIC - hexdump(len=16): f5 5d 58 f4 c0 96 d9 52 57 bf a9 fd cd 02 9a ed

WPA: Sending EAPOL-Key 2/4

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines

IEEE 802.1X RX: version=1 type=3 length=119

  EAPOL-Key type=254

WPA: RX message 3 of 4-Way Handshake from 00:0b:86:a4:4a:40 (ver=1)

WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01

WPA: Sending EAPOL-Key 4/4

WPA: Installing PTK to the driver.

WPA: RSC - hexdump(len=6): 00 00 00 00 00 00

wpa_driver_ipw_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32

RX EAPOL from 00:0b:86:a4:4a:40

EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines

IEEE 802.1X RX: version=1 type=3 length=127

  EAPOL-Key type=254

WPA: RX message 1 of Group Key Handshake from 00:0b:86:a4:4a:40 (ver=1)

WPA: Group Key - hexdump(len=32): [REMOVED]

WPA: Installing GTK to the driver (keyidx=1 tx=0).

WPA: RSC - hexdump(len=6): a0 00 00 00 00 00

wpa_driver_ipw_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32

WPA: Sending EAPOL-Key 2/2

WPA: Key negotiation completed with 00:0b:86:a4:4a:40 [PTK=TKIP GTK=TKIP]

Cancelling authentication timeout

EAPOL: External notification - portValid=1

EAPOL: SUPP_PAE entering state AUTHENTICATED

```

At this point, it hangs and I have no idea what's going on @_@

And all I wanted to do was surf the web in peace....

Thanks again!

----------

## linuxn00bie255

OK!!!!!!!!!!!!!!!!!!!!!!111111

I got it working... more or less. There's still some rough edges to say the least.

If anyone could answer my remaining questions that would be great

Ok, so here's what I have to do, right now to get this thing to work.

-ifconfig eth1 up

-run wpa_supp. in ap_scan mode 2

-This always fails

-After it fails however I can see the network in the iwlist that I want to connect to

-So can wpa_supp in mode 1 which is what I run it in next

-It seems to hang like I said in my last post

-So I background the process at that point

-I call dhcpcd eth1 to request an ip address

-I get the ip address and I'm good to go!!!

I could put most of that in a script I guess, but there has to be a better way to get the wpa_supplicant to see the network than running mode 2 then mode 1

Any suggestions?

Thanks again for teh help!

----------

## djnauk

There is an option under each 'group setting', called scan_ssid - I don't know whether this will help?

```
# scan_ssid:

#       0 = do not scan this SSID with specific Probe Request frames (default)

#       1 = scan with SSID-specific Probe Request frames (this can be used to

#           find APs that do not accept broadcast SSID or use multiple SSIDs;

#           this will add latency to scanning, so enable this only when needed)
```

----------

## linuxn00bie255

I tried the scan_ssid option and that didn't seem to work, however

Upon further research of what to do. I found a command

iwconfig eth1 essid <network>

and that makes it such that ap_scan mode 1 and iwlist scan can see the ssid of the network

then I just made a simple script to combine all that I did and it runs great!

w000000t!!!

Thanks one last time!

----------

## djnauk

 *linuxn00bie255 wrote:*   

> Upon further research of what to do. I found a command
> 
> iwconfig eth1 essid <network>
> 
> and that makes it such that ap_scan mode 1 and iwlist scan can see the ssid of the network
> ...

 

You could probably combine it into the pre-up function with /etc/conf.d/net:

```
preup() {

        if [ "${IFACE}" == "eth1" ]; then

                /sbin/iwconfig eth1 essid <network>

                return $?

        fi

        if mii-tool ${IFACE} 2> /dev/null | grep -q 'no link'; then

                ewarn "No link on ${IFACE}, aborting configuration"

                return 1

        fi

        return 0

}
```

That'll save you writing an independent script  :Smile: 

----------

## ennservogt

I had exactly the same "skip - SSID mismatch" problem. My configuration:

WPA-PSK / TKIP

no SSID broadcast

No matter what "ap_scan" option i set, I never could associate with the AP. But after adding "scan_ssid=1" to the network settings everything worked like a charm  :Wink: 

A big THX to both of you  :Wink: 

----------

