revert fix for Nokia N900 WPA-EAP connect problems

Message ID
State Deferred
Headers show

Commit Message

David Fries March 30, 2013, 4:27 a.m.
Jouni Malinen,
Cc'ed, you as your name was on the commit I seem to be having problems

Since the commit
"EAPOL auth: Disconnect after IEEE 802.1X failure"
was applied to hostapd, the Nokia N900 is having problems connecting
to hostapd for me.  I'm running hostapd with WPA-EAP TTLS, MSCHAPV2,
and Integrated EAP server.

It seems like the first time I try to connect, as in start hostapd,
connect, it doesn't have any problems.  But if I disconnect, and
reconnect within some time window, that's when I have problems.
Sometimes I'll tell the N900 to connect, and it will blink the WiFi
network until it timesout and asks to try again.  Other times, as I
have the N900 certificate encryped, it will prompt me for the
password, then immediately turn around and prompt me again, in which
case the connection will succeed, but after a few minutes (9 minutes
in one case), it will drop while hostapd is trying to rekey.

I updated today to commit ce26864e79144cba12d5ff98632570593cc57b8a and
still see the problem.  If I apply the following patch, which mostly
reverts the earlier commit fd8e4fda506f3 I mentioned, I can connect
and disconnect without any problems.

From b421cc082b90d302ccc542c15062c26b457a4db2 Mon Sep 17 00:00:00 2001
From: David Fries <>
Date: Sat, 13 Oct 2012 20:42:08 -0500
Subject: [PATCH] Revert "EAPOL auth: Disconnect after IEEE 802.1X failure"

This reverts commit fd8e4fda506f32efadebdf62aaf51769a4d08fdc.
Committer: Jouni Malinen <> 

debug message format has changed
 src/ap/ieee802_1x.c |   13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)


diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index e87431e..0314417 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2206,16 +2206,12 @@  static void ieee802_1x_finished(struct hostapd_data *hapd,
 			       "Added PMKSA cache entry (IEEE 802.1X)");
-	if (!success) {
+#ifdef CONFIG_WPS
+	if (!success && (sta->flags & WLAN_STA_WPS)) {
 		 * Many devices require deauthentication after WPS provisioning
 		 * and some may not be be able to do that themselves, so
-		 * disconnect the client here. In addition, this may also
-		 * benefit IEEE 802.1X/EAPOL authentication cases, too since
-		 * the EAPOL PAE state machine would remain in HELD state for
-		 * considerable amount of time and some EAP methods, like
-		 * EAP-FAST with anonymous provisioning, may require another
-		 * EAPOL authentication to be started to complete connection.
+		 * disconnect the client here.
 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG, "IEEE 802.1X: Force "
 			"disconnection after EAP-Failure");
@@ -2225,6 +2221,7 @@  static void ieee802_1x_finished(struct hostapd_data *hapd,
 		os_sleep(0, 10000);
 		ap_sta_disconnect(hapd, sta, sta->addr,
+#endif /* CONFIG_WPS */