Re: wpa2 and osx
On Fri, Feb 13, 2009 at 05:39:24PM +0100, Tim Saueressig, thepixelz.com wrote: > Stefan Sperling schrieb: >> The MacBook would always try to use WPA Enterprise no matter what. >> There was no apparent way (at least in the GUI) to convince the >> thing to just do WPA PSK instead. >> > ot: there is a way, go to the top airport icon, at the pulldown select > "join othe network" > even when your network shows up in the list, type your nwid and select > your wpa or > wpa2 personal from the security dropdown. Right. We never tried to join an "other network" because we wanted to join the network it was already showing us. Not a very intuitive UI. Anyway, Damien just committed a change to CVS so that just 'psk' will be the wpaakms default in 4.5. Since we don't yet support anything else anyway that makes sense. Stefan
Re: wpa2 and osx
Stefan Sperling schrieb: On Fri, Feb 13, 2009 at 05:12:06PM +0100, Tim Saueressig, thepixelz.com wrote: damien.bergam...@free.fr schrieb: Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) as for 4.5, imho just leave it as is. no one has cared so far. maybe some sort of documentation/caveat in man ifconfig would help other users. I had to 'ifconfig ral0 wpaakms psk' to remove 802.1x from the akm list, so a MacBook could manage to associate with my network. this did not the trick for me, even if i force it with the airport util[1]. i have a black macbook3,1 with broadcom airport-xtream, and a newer macpook pro. both behave in the same way... The MacBook would always try to use WPA Enterprise no matter what. There was no apparent way (at least in the GUI) to convince the thing to just do WPA PSK instead. ot: there is a way, go to the top airport icon, at the pulldown select "join othe network" even when your network shows up in the list, type your nwid and select your wpa or wpa2 personal from the security dropdown. regards tim [1] http://osxdaily.com/2007/01/18/airport-the-little-known-command-line-wireless-utility/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: wpa2 and osx
On Fri, Feb 13, 2009 at 05:12:06PM +0100, Tim Saueressig, thepixelz.com wrote: > damien.bergam...@free.fr schrieb: >> Because we are approaching release, I will probably stop >> advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD >> clients are currently capable of selecting this authentication >> protocol, although some very recent versions of wpa_supplicant >> may support it too.) >> > as for 4.5, imho just leave it as is. no one has cared so far. > maybe some sort of documentation/caveat in man ifconfig would help other > users. I had to 'ifconfig ral0 wpaakms psk' to remove 802.1x from the akm list, so a MacBook could manage to associate with my network. The MacBook would always try to use WPA Enterprise no matter what. There was no apparent way (at least in the GUI) to convince the thing to just do WPA PSK instead. Once I had made the change on my router, it automatically went for WPA PSK and things just worked. We might also want to document that somewhere? I don't know where an appropriate place would be though. Man page? FAQ? Just leave it here in the list archive? Or maybe make even default to 'wpaakms psk' if PSK is configured, until OpenBSD supports 802.1x properly? Stefan
Re: wpa2 and osx
damien.bergam...@free.fr schrieb: | hi list, | i have a problem with wpa2 and osx. i could connect to the ap | if i force it to use wpa1 only. all other wpaprotos gives a : | "WPA2(PSK,unknown/TKIP,AES/TKIP)" | while scanning with airport and the association failed. the test | cases and dmesg could be found here: | http://sumi.thepixelz.com/obsd/wpa-openbsd.txt The "unknown" comes from the PSK-SHA-256 authentication protocol supported by OpenBSD (this is a protocol defined in Draft 802.11w that has a stronger key derivation function than the legacy PSK-SHA1). Unfortunately, some broken (non standard compliant) supplicants are confused by unknown authentication protocols and try to associate using 802.1X in this case. I've seen this with Intel PRO/Set on XP too. thx, this explains the behaviour I'm not quite sure what to do since it's not OpenBSD fault at all. The current approach is that if a user specifies "psk" with the "wpaakms" ifconfig command, both PSK-SHA1 and PSK-SHA-256 are advertised by the AP. Maybe I should add "psk-sha256" to the list of supported values for "wpaakms" so that people who have interoperability problems can disable PSK-SHA-256 with "wpaakms psk". The default setting would be "psk,psk-sha256". that would be great but i should hammer on apple to get psk-sha-256 working ;) Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) as for 4.5, imho just leave it as is. no one has cared so far. maybe some sort of documentation/caveat in man ifconfig would help other users. Damien thx again tim -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: wpa2 and osx
| hi list, | i have a problem with wpa2 and osx. i could connect to the ap | if i force it to use wpa1 only. all other wpaprotos gives a : | "WPA2(PSK,unknown/TKIP,AES/TKIP)" | while scanning with airport and the association failed. the test | cases and dmesg could be found here: | http://sumi.thepixelz.com/obsd/wpa-openbsd.txt The "unknown" comes from the PSK-SHA-256 authentication protocol supported by OpenBSD (this is a protocol defined in Draft 802.11w that has a stronger key derivation function than the legacy PSK-SHA1). Unfortunately, some broken (non standard compliant) supplicants are confused by unknown authentication protocols and try to associate using 802.1X in this case. I've seen this with Intel PRO/Set on XP too. I'm not quite sure what to do since it's not OpenBSD fault at all. The current approach is that if a user specifies "psk" with the "wpaakms" ifconfig command, both PSK-SHA1 and PSK-SHA-256 are advertised by the AP. Maybe I should add "psk-sha256" to the list of supported values for "wpaakms" so that people who have interoperability problems can disable PSK-SHA-256 with "wpaakms psk". The default setting would be "psk,psk-sha256". Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) Damien
wpa2 and osx
hi list, i have a problem with wpa2 and osx. i could connect to the ap if i force it to use wpa1 only. all other wpaprotos gives a : "WPA2(PSK,unknown/TKIP,AES/TKIP)" while scanning with airport and the association failed. the test cases and dmesg could be found here: http://sumi.thepixelz.com/obsd/wpa-openbsd.txt same tests apply to ral(4) in another soekris4801 with the same results. all this was done with a stock snapshot from ftp.openbsd.org fetched 3h ago. xpsp3 behaves a little bit different, "wpaprotos wpa1,wpa2" works "wpaprotos wpa2" dose not. could anyone verify this behaviour or do i something completely wrong? regards tim p.s. don't care about wpapsk, this is a test setup only ;) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
