Ubuntu
wpasupplicant package

Cannot connect to Enterprise WPA2 wireless (Invalid Compound_MAC)

Bug #304126 reported by Wirawan Purwanto
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wpasupplicant (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

I am using Ubuntu Intrepid Ibex (8.10) with wpasupplicant version 0.6.4 (standard package provided by Ubuntu). I used to be able to connect to a WPA(2?) wireless connection in Ubuntu 7.04, yet now it won't work with 8.10. Let me give you some background info to be helpful: here is the connection/encryption details for the wireless network: (ref: http://connect.wm.edu/config_encryption/other/index.htm)

SSID W-M_Wireless_Encrypted
Encryption WPA2 Enterprise
802.1x/EAP Type PEAP (Protected EAP)
Authentication MS-CHAPv2

My hardware is a Dell Latitude D600 (the motherboard, at least) and the network card is an Intel IPW2200BG:

/var/log # lspci
00:00.0 Host bridge: Intel Corporation 82855PM Processor to I/O Controller (rev 03)
00:01.0 PCI bridge: Intel Corporation 82855PM Processor to AGP Controller (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 01)
00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 (rev 01)
00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 81)
00:1f.0 ISA bridge: Intel Corporation 82801DBM (ICH4-M) LPC Interface Bridge (rev 01)
00:1f.1 IDE interface: Intel Corporation 82801DBM (ICH4-M) IDE Controller (rev 01)
00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 01)
00:1f.6 Modem: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Modem Controller (rev 01)
01:00.0 VGA compatible controller: ATI Technologies Inc Radeon RV250 [Mobility FireGL 9000] (rev 02)
02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5705M Gigabit Ethernet (rev 03)
02:01.0 CardBus bridge: O2 Micro, Inc. OZ711EC1 SmartCardBus Controller (rev 20)
02:01.1 CardBus bridge: O2 Micro, Inc. OZ711EC1 SmartCardBus Controller (rev 20)
02:03.0 Network controller: Intel Corporation PRO/Wireless 2200BG [Calexico2] Network Connection (rev 05)

I made wpa_supplicant to dump a lot of things (-ddd switch) and after a painstaking examination of the output log (/var/log/wpa_supplicant.eth1.log) I discovered that the error is in the "EAP-TLV" after the MS-CHAPv2 authenticaion was successfully done. Specifically, I use the following log output as a "bookmark":

   EAP: Received EAP-Request id=1 method=1 vendor=0 vendorMethod=0

where id goes up (1, 2, 3, ... etc). At id=9 the message says "success":

   EAP: Received EAP-Request id=9 method=25 vendor=0 vendorMethod=0
   EAP: EAP entering state METHOD
   SSL: Received packet(len=91) - Flags 0x00
   EAP-PEAP: received 85 bytes encrypted data for Phase 2
   EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): ... (junked)
   EAP-PEAP: received Phase 2: code=1 identifier=9 length=51
   EAP-PEAP: Phase 2 Request: type=26
   EAP-MSCHAPV2: RX identifier 9 mschapv2_id 8
   EAP-MSCHAPV2: Received success
   EAP-MSCHAPV2: Success message - hexdump_ascii(len=0):
   EAP-MSCHAPV2: Authentication succeeded

But the next segment shows failure:

   EAP: Received EAP-Request id=10 method=25 vendor=0 vendorMethod=
   EAP: EAP entering state METHOD
   SSL: Received packet(len=107) - Flags 0x00
   EAP-PEAP: received 101 bytes encrypted data for Phase 2
   EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=71): ... (junked)
   EAP-PEAP: received Phase 2: code=1 identifier=10 length=71
   EAP-PEAP: Phase 2 Request: type=33
   EAP-TLV: Received TLVs - hexdump(len=66): ... (junked)
   EAP-PEAP: Cryptobinding TLV - hexdump(len=56): ... (junked)
   EAP-PEAP: TK - hexdump(len=60): [REMOVED]
   EAP-MSCHAPV2: Derived key - hexdump(len=32): [REMOVED]
   EAP-PEAP: ISK - hexdump(len=32): [REMOVED]
   EAP-PEAP: TempKey - hexdump(len=40): [REMOVED]
   EAP-PEAP: IMCK (IPMKj) - hexdump(len=60): [REMOVED]
   EAP-PEAP: IPMK (S-IPMKj) - hexdump(len=40): [REMOVED]
   EAP-PEAP: CMK (CMKj) - hexdump(len=20): [REMOVED]
   EAP-PEAP: Invalid Compound_MAC in cryptobinding TLV
   EAP-TLV: Result TLV - hexdump(len=2): 00 01
   EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
   EAP-TLV: Earlier failure - force failed Phase 2

See the "Invalid Compound_MAC" above? That's where the failure comes from. Looking at the source code (/tmp/wpasupplicant-0.6.4/src/eap_peer/eap_peap.c) the failure happens at subroutine eap_tlv_validate_cryptobinding.

A simple web (google) search shows only the following page, which looks like relevant:

http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/a3f01cb1-4b34-4235-ad55-48b954baa5f4/

-----------

Now how come it could work in Ubuntu 7.04: A clue may be given by the following line in the verbose debugging output (also id=10):

   EAP-TLV: Unsupported TLV Type 12

Source file eap_common/eap_tlv_common.h gives TLV type 12 as EAP_TLV_CRYPTO_BINDING_TLV, indeed.

If anything more can be supplied by me, please don't hesitate writing. I am anxious to get the WPA wireless working with Ubuntu 8.10 !

Wirawan

Revision history for this message
Jouni Malinen (jkmaline) wrote :

This is an interoperability issue with EAP-PEAPv0 Cryptobinding between wpa_supplicant and Windows Server 2008 NPS. wpa_supplicant 0.6.6 works around this by disabling cryptobinding use by default. This can be done in older versions, too, by adding crypto_binding=0 into the network configuration parameter phase1 (e.g., phase1="crypto_binding=0").

Even more relevanrt technet thread is at http://social.msdn.microsoft.com/Forums/en-US/os_windowsprotocols/thread/05494a49-5811-4fbd-9171-bbfa0178d275

Revision history for this message
Jouni Malinen (jkmaline) wrote :

The interop issue is now resolved in git version of wpa_supplicant and the fix should show up in 0.6.7 with the 0.6.6-workaround removed.

Revision history for this message
Wirawan Purwanto (wirawan0) wrote :

Confirming that this is not a problem with 0.6.7. Just FYI, I am reporting another bug which seems to be unrelated:

https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/316460

Wirawan

Revision history for this message
Maarten Bezemer (veger) wrote :

This bug report is being closed due to the last two comments regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status. Thank you again for taking the time to report this bug and helping to make Ubuntu better. Please submit any future bugs you may find.

Changed in wpasupplicant (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.