Cannot connect to Enterprise WPA2 wireless (Invalid Compound_MAC)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wpasupplicant (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I am using Ubuntu Intrepid Ibex (8.10) with wpasupplicant version 0.6.4 (standard package provided by Ubuntu). I used to be able to connect to a WPA(2?) wireless connection in Ubuntu 7.04, yet now it won't work with 8.10. Let me give you some background info to be helpful: here is the connection/
SSID W-M_Wireless_
Encryption WPA2 Enterprise
802.1x/EAP Type PEAP (Protected EAP)
Authentication MS-CHAPv2
My hardware is a Dell Latitude D600 (the motherboard, at least) and the network card is an Intel IPW2200BG:
/var/log # lspci
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O Controller (rev 03)
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-
00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-
00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 81)
00:1f.0 ISA bridge: Intel Corporation 82801DBM (ICH4-M) LPC Interface Bridge (rev 01)
00:1f.1 IDE interface: Intel Corporation 82801DBM (ICH4-M) IDE Controller (rev 01)
00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon RV250 [Mobility FireGL 9000] (rev 02)
02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5705M Gigabit Ethernet (rev 03)
02:01.0 CardBus bridge: O2 Micro, Inc. OZ711EC1 SmartCardBus Controller (rev 20)
02:01.1 CardBus bridge: O2 Micro, Inc. OZ711EC1 SmartCardBus Controller (rev 20)
02:03.0 Network controller: Intel Corporation PRO/Wireless 2200BG [Calexico2] Network Connection (rev 05)
I made wpa_supplicant to dump a lot of things (-ddd switch) and after a painstaking examination of the output log (/var/log/
EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0
where id goes up (1, 2, 3, ... etc). At id=9 the message says "success":
EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=91) - Flags 0x00
EAP-PEAP: received 85 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): ... (junked)
EAP-PEAP: received Phase 2: code=1 identifier=9 length=51
EAP-PEAP: Phase 2 Request: type=26
EAP-MSCHAPV2: RX identifier 9 mschapv2_id 8
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_
EAP-MSCHAPV2: Authentication succeeded
But the next segment shows failure:
EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=
EAP: EAP entering state METHOD
SSL: Received packet(len=107) - Flags 0x00
EAP-PEAP: received 101 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=71): ... (junked)
EAP-PEAP: received Phase 2: code=1 identifier=10 length=71
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=66): ... (junked)
EAP-PEAP: Cryptobinding TLV - hexdump(len=56): ... (junked)
EAP-PEAP: TK - hexdump(len=60): [REMOVED]
EAP-MSCHAPV2: Derived key - hexdump(len=32): [REMOVED]
EAP-PEAP: ISK - hexdump(len=32): [REMOVED]
EAP-PEAP: TempKey - hexdump(len=40): [REMOVED]
EAP-PEAP: IMCK (IPMKj) - hexdump(len=60): [REMOVED]
EAP-PEAP: IPMK (S-IPMKj) - hexdump(len=40): [REMOVED]
EAP-PEAP: CMK (CMKj) - hexdump(len=20): [REMOVED]
EAP-PEAP: Invalid Compound_MAC in cryptobinding TLV
EAP-TLV: Result TLV - hexdump(len=2): 00 01
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-TLV: Earlier failure - force failed Phase 2
See the "Invalid Compound_MAC" above? That's where the failure comes from. Looking at the source code (/tmp/wpasuppli
A simple web (google) search shows only the following page, which looks like relevant:
-----------
Now how come it could work in Ubuntu 7.04: A clue may be given by the following line in the verbose debugging output (also id=10):
EAP-TLV: Unsupported TLV Type 12
Source file eap_common/
If anything more can be supplied by me, please don't hesitate writing. I am anxious to get the WPA wireless working with Ubuntu 8.10 !
Wirawan
This is an interoperability issue with EAP-PEAPv0 Cryptobinding between wpa_supplicant and Windows Server 2008 NPS. wpa_supplicant 0.6.6 works around this by disabling cryptobinding use by default. This can be done in older versions, too, by adding crypto_binding=0 into the network configuration parameter phase1 (e.g., phase1= "crypto_ binding= 0").
Even more relevanrt technet thread is at http:// social. msdn.microsoft. com/Forums/ en-US/os_ windowsprotocol s/thread/ 05494a49- 5811-4fbd- 9171-bbfa0178d2 75