WPA-EAP problems

Brooks Davis brooks at freebsd.org
Wed Jan 17 16:10:33 UTC 2007


On Tue, Jan 16, 2007 at 10:32:49PM -0800, Sam Leffler wrote:
> Daniel O'Connor wrote:
> > Hi,
> > I have a WPA-EAP network setup (to a WRT54G with OpenRadius which 
> > authenticates against an OpenLDAP server on my FreeBSD server), however quite 
> > often dhclient fails to get a lease at first go.
> > 
> > My wpa_supplicant file looks like..
> > network={
> >         ssid="dons"
> >         scan_ssid=1
> >         key_mgmt=WPA-EAP
> >         identity="username"
> >         password="password"
> >         phase2="auth=PAP"
> > }
> > 
> > I have the following in rc.conf..
> > ifconfig_ath0="WPA DHCP"
> > background_dhclient="YES"
> > 
> > If I kill dhclient and restart it I can get a lease just fine. I don't see the 
> > problem on a WPA-TKIP network.
> 
> Sounds like an issue with dhclient.  I rarely use anything but WPA-PSK
> so haven't noticed issues.
> 
> It would be useful to get a wpa log to see how long it's taking to
> authenticate.  It'd be nice if dhclient were triggered by authentication
> rather than association as packets cannot pass until before.  I've
> considered changing things to work in this way.

This seems like a good idea.  The link isn't really up until you can
actually pass packets on it.

> > I think the problem is that the ath interface comes up but no
> > packets can be transferred because WPA stuff is still happening the
> > initial requests get lost.
> 
> But dhclient should retry and get a lease w/o your restarting it.

I think this should happen, but I think the back off is random exponential
so it doesn't take long to get to the point where it will appear hung
because it tries for >60s.  Is there an 802.11 event we could key
off of to reset the timeouts when authentication occurs?

-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20070117/457bd804/attachment.pgp


More information about the freebsd-current mailing list