From owner-freebsd-current@FreeBSD.ORG Wed Jan 17 06:32:52 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 86A2F16A40F for ; Wed, 17 Jan 2007 06:32:52 +0000 (UTC) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 5CE3413C465 for ; Wed, 17 Jan 2007 06:32:52 +0000 (UTC) (envelope-from sam@errno.com) Received: from [10.0.0.105] ([10.0.0.105]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id l0H6Wnsb046963 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 16 Jan 2007 22:32:49 -0800 (PST) (envelope-from sam@errno.com) Message-ID: <45ADC311.90008@errno.com> Date: Tue, 16 Jan 2007 22:32:49 -0800 From: Sam Leffler Organization: Errno Consulting User-Agent: Thunderbird 1.5.0.9 (Macintosh/20061207) MIME-Version: 1.0 To: "Daniel O'Connor" References: <200701171608.49339.doconnor@gsoft.com.au> In-Reply-To: <200701171608.49339.doconnor@gsoft.com.au> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: WPA-EAP problems X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jan 2007 06:32:52 -0000 Daniel O'Connor wrote: > Hi, > I have a WPA-EAP network setup (to a WRT54G with OpenRadius which > authenticates against an OpenLDAP server on my FreeBSD server), however quite > often dhclient fails to get a lease at first go. > > My wpa_supplicant file looks like.. > network={ > ssid="dons" > scan_ssid=1 > key_mgmt=WPA-EAP > identity="username" > password="password" > phase2="auth=PAP" > } > > I have the following in rc.conf.. > ifconfig_ath0="WPA DHCP" > background_dhclient="YES" > > If I kill dhclient and restart it I can get a lease just fine. I don't see the > problem on a WPA-TKIP network. Sounds like an issue with dhclient. I rarely use anything but WPA-PSK so haven't noticed issues. It would be useful to get a wpa log to see how long it's taking to authenticate. It'd be nice if dhclient were triggered by authentication rather than association as packets cannot pass until before. I've considered changing things to work in this way. > > I think the problem is that the ath interface comes up but no packets can be > transferred because WPA stuff is still happening the initial requests get > lost. But dhclient should retry and get a lease w/o your restarting it. > > I note that it takes Windows a long time to get a lease - it spends a while > saying "waiting for network to become ready". >