Getting 'RSN: PMKID mismatch" when attempting to connect to SSID using RSN + WPA-EAP + PEAP + MSCHAPV2. Tried both 'pkg install' and 'cd /usr/ports/security/wpa_supplicant && make && make install'... when compiling from ports tree, I enabled and disabled the OpenSSLv1.2 option seeing where there were issues on linux forums related to this. Don't believe it to be an issue with the 8260 as at the house it works flawlessly with WPA-PSK, just not at the office when using WPA-EAP.
demsg output related to wlan0:
wpa_supplicant.conf
logged output of
'/usr/local/sbin/wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -P /var/run/wpa_supplicant/wlan0.pid -t -d'
demsg output related to wlan0:
Code:
iwm0: <Intel(R) Dual Band Wireless AC 8260> mem 0xe1100000-0xe1101fff irq 16 at device 0.0 on pci1
iwm0: hw rev 0x200, fw ver 22.361476.0, address b8:8a:60:c5:cf:10
wpa_supplicant.conf
Code:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="Enterprise-Test"
key_mgmt=WPA-EAP
eap=PEAP
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
identity="TestUser"
password="Passw0Rd!"
}
logged output of
'/usr/local/sbin/wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -P /var/run/wpa_supplicant/wlan0.pid -t -d'
Code:
.... head of log removed ... see the following for detail: https://pastebin.com/qU5V5dZN
1514935413.932983: EAPOL: SUPP_BE entering state SUCCESS
1514935413.932985: EAPOL: SUPP_BE entering state IDLE
1514935413.933199: wlan0: RX EAPOL from 04:62:73:b4:8c:5f
1514935413.933204: EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
1514935413.933209: wlan0: IEEE 802.1X RX: version=2 type=3 length=117
1514935413.933213: wlan0: EAPOL-Key type=2
1514935413.933220: wlan0: key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
1514935413.933224: wlan0: key_length=16 key_data_length=22
1514935413.933226: replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 00
1514935413.933230: key_nonce - hexdump(len=32): 85 00 39 dd fc 8e 54 f3 35 04 7d 5e 0a e6 7b 77 25 cf 2c 52 77 31 b9 0e 08 eb c9 3d e9 5f e2 5b
1514935413.933240: key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1514935413.933247: key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
1514935413.933251: key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
1514935413.933256: key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1514935413.933272: wlan0: State: ASSOCIATED -> 4WAY_HANDSHAKE
1514935413.933278: wlan0: WPA: RX message 1 of 4-Way Handshake from 04:62:73:b4:8c:5f (ver=2)
1514935413.933280: RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 a8 c4 bb 5c 35 22 e9 43 14 13 58 3e 4b cf 93 45
1514935413.933288: WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 a8 c4 bb 5c 35 22 e9 43 14 13 58 3e 4b cf 93 45
1514935413.933296: RSN: PMKID from Authenticator - hexdump(len=16): a8 c4 bb 5c 35 22 e9 43 14 13 58 3e 4b cf 93 45
1514935413.933303: wlan0: RSN: no matching PMKID found
1514935413.933305: EAPOL: Successfully fetched key (len=32)
1514935413.933308: EAPOL: Successfully fetched key (len=64)
1514935413.933310: WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
1514935413.933321: RSN: Added PMKSA cache entry for 04:62:73:b4:8c:5f network_ctx=0x8007b8c00
1514935413.933326: wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!
1514935413.933334: wlan0: Request to deauthenticate - bssid=04:62:73:b4:8c:5f pending_bssid=00:00:00:00:00:00 reason=1 state=4WAY_HANDSHAKE
1514935413.933355: wlan0: Event DEAUTH (12) received
1514935413.933359: wlan0: Deauthentication notification
1514935413.933363: wlan0: * reason 1 (locally generated)
1514935413.933365: Deauthentication frame IE(s) - hexdump(len=0): [NULL]
1514935413.933371: wlan0: CTRL-EVENT-DISCONNECTED bssid=04:62:73:b4:8c:5f reason=1 locally_generated=1