WPA-PSK not working, but unsecured wireless OK

Bleys Maynard · 04-11-2006, 10:21 AM

I've already asked about this on my distro's forums and the folks there (however helpful), have run out of ideas.

I have made some progress lately, but still no joy.

I'm running Gentoo 2006.0 on a Toshiba Laptop with an Intel wireless card

Code:

 lspci | grep Wireless
06:02.0 Network controller: Intel Corporation PRO/Wireless 2915ABG Network Connection (rev 05)

The router is a Linksys WRT54GS. There are two wireless networks in range, Terminus (mine) and Ultramagnus (a neighbor's). I can connect to mine no problem in Windows using WPA-PSK/TKIP.

at present, to even scan for networks, I have to go into a terminal and manually call wpa_supplicant in background mode. wpa_gui works, but it's completely useless--it won't make any changes to /etc/wpa_supplicant.conf.

If I completely turn encryption off, I can connect wirelessly, but it fails with any sort of encryption, even 64-bit WEP, which isn't much better than zero encryption. I know I'm not just typo'ing the PSK, since it's my root password and I type it dozens of times per day. When I tried WEP, I used my phone number--impossible to b0rk the key. The PSK is 9 characters in length

eth0 doesn't seem to be anything on my system, eth1 is the wlan, and eth2 is my working ethernet connection.

Here's my current wpa_supplicant.conf (with the psk changed, of course

)

Code:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=1

#network={
#        ssid="Terminus"
#        psk=abcde12345
#       priority=5
#}

#network={
#        ssid="Terminus"
#        #psk="abcde12345"
#        psk=random crap generated by wpa_passphrase
#}

# Only WPA-PSK is used. Any valid cipher combination is accepted.
network={
        ssid="Terminus"
        proto=WPA
        key_mgmt=WPA-PSK
        pairwise=TKIP
        group=CCMP TKIP WEP104 WEP40
        psk="abcde12345"
        priority=2
}


blob-base64-exampleblob={
SGVsbG8gV29ybGQhCg==
}

I'm calling wpa_supplicant as follows:

Code:

wpa_supplicant -Dipw -ieth1 -c/etc/wpa_supplicant.conf -B

(for some reason I have to use -B instead of just adding & to the end

)

Here's what iwconfig tells me when I have encryption turned off at the AP:

Code:

 iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      IEEE 802.11g  ESSID:"Terminus"
          Mode:Managed  Frequency:2.452 GHz  Access Point: 00:0F:66:95:03:31
          Bit Rate=54 Mb/s   Tx-Power=20 dBm
          Retry limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=93/100  Signal level=-34 dBm  Noise level=-86 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:18   Missed beacon:0

eth2      no wireless extensions.

When I try to use wpa_gui with encryption turned on, it will start by saying "associating with (correct MAC address of the router)", but then change to "Authentication with 00:00:00:00:00:00 failed"...so I'm thinking if I can find a way to hard-code my router's MAC address, I should be able to authenticate and connect succesfully.

I don't know if this output is any good, it appears to be in Croatian to my untrained eye:

Code:

 wpa_supplicant -Dipw -ieth1 -c/etc/wpa_supplicant.conf -Bioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
Failed to set encryption.
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
ioctl[IPW_IOCTL_WPA_SUPPLICANT]: Operation not supported
bind(PF_UNIX): Address already in use

Code:

wpa_gui
Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
Selected interface 'eth1'
Trying to connect to '/var/run/wpa_supplicant/eth1'

JunctaJuvant · 04-13-2006, 08:40 AM

Perhaps your AP requires CCMP (AES, I think you need this for WPA2)? In which case you should add CCMP to the pairwise option, like this "pairwise=CCMP TKIP". Since this is the default value if the pairwise option is not specified in the block, and since your group options are also the same as the defaults, I believe you can safely ommit them from the network block. And the priority option also doesn't work well with ap_scan=1, so you can leave the priority option out too. I would use something like this:

Code:

network={
        ssid="Terminus"
        proto=WPA
        key_mgmt=WPA-PSK
        psk="abcde12345"
}

I don't know why WEP isn't working though. Perhaps you could try using iwconfig to configure WEP. If it works there, it becomes more likely that the problem is with wpa_supplicant and not with something else. I would also remove any blocks you don't need (the "blob" thing at the bottom).
Just some things you could try, hope that helps.

Citizen Bleys · 04-14-2006, 09:15 AM

same output with wpa_supplicant.conf modified as listed above.

The blob thing came out of wpa_supplicant.conf.example, so I thought it was necessary.

I'm thinking that if I can figure out why WEP won't work, I'll also know why WPA won't work.

I don't know what changed, but the SCAN function in wpa_gui won't pick up my SSID or my neighbor's anymore.

EDIT: I am the OP, I initially had some authentication issues and made a new account ><. Got access to my real one again, though.

EDIT2: It wouldn't scan for SSIDs because I had my wlan switch turned off. After turning it back on, I still had no change from my prior results. It keeps trying to authenticate with 00:00:00:00:00:00 instead of my router's MAC address.

JunctaJuvant · 04-15-2006, 08:45 AM

Another thing you could try is making sure all the right wireless/cryptographic options are compiled into the kernel (or as modules) and all the right modules are loaded. Have you configured your wireless card according to this wiki page?
Hope that helps.

Citizen Bleys · 04-18-2006, 10:42 AM

Aye, if it weren't for the Gentoo Wiki, I would still be wondering where to start

I've got a couple of articles from there printed out so that I can pore over it at work

Squiggles · 01-21-2007, 01:11 PM

I had the same problem with my Intel(R) PRO/Wireless 2915ABG using Backtrack v2 beta. I found this solution on another forum somewhere. Seems to work.

------- Comment #1 From Jouni Malinen 2006-01-30 05:09:56 -------

Have you tried using driver_wext.c (i.e., -Dwext on the wpa_supplicant command
line)? ipw2200 driver changes WPA configuration from private ioctls to WE-18
when the Linux wireless extensions in the kernel are new enough and it looks
like your driver is built against WE-18 which has WPA support.

Quakeboy02 · 01-21-2007, 03:47 PM

In addition to "-Dwext" try just creating a simple config file with "wpa_passphrase "myessid" "my passphrase" > /etc/my_supplicant.conf". Then run that with "wpa_supplicant -Bw -Dwext -c/etc/my_supplicant.conf -ieth1".

KenWPeek · 04-30-2007, 03:42 PM

You have to add this line at the top of your /etc/wpa_supplicant.conf file:

update_config=1

NOTE: If you don't do this, wpa_supplicant (and therefore wpa_cli and wpa_gui) cannot update the config file. If you *DO* turn this on, and the file is automatically updated, you will *LOSE* all of the comments in your config file-- so if the comments are important to you, make a backup of the config file before turning this option on.

I found this information in the example config file on the wpa_supplicant home page. Give that a whirl, and please report back your results...

~Ken

SuSE_Lamer · 05-17-2007, 05:49 AM

Hello everybody!

At the present I have the same issue with T43p and Debian Etch. I used this link to configure my interface. I get exactly the same messages...

I will try to research further on, but would appreciate any hint...

Regards,
Andrey.

P.S. And WEP didn't work for me either!

Z038 · 06-11-2007, 07:33 AM

Quote:

Originally Posted by Squiggles

I had the same problem with my Intel(R) PRO/Wireless 2915ABG using Backtrack v2 beta. I found this solution on another forum somewhere. Seems to work.

------- Comment #1 From Jouni Malinen 2006-01-30 05:09:56 -------

Have you tried using driver_wext.c (i.e., -Dwext on the wpa_supplicant command
line)? ipw2200 driver changes WPA configuration from private ioctls to WE-18
when the Linux wireless extensions in the kernel are new enough and it looks
like your driver is built against WE-18 which has WPA support.

I also had the same problem being described in this thread on my IBM Thinkpad T43 with the Intel PRO/Wireless 2915ABG card. I removed WPADRIVER="ipw" line from my /etc/rc.d/rc.wireless.conf and restarted my eth1 interface /etc/rc.d/rc.inet1 eth1_restart and it connected up and got an IP address from my router. Your wireless config file may be in a different place, I'm running Slackware 11.0.