Shared Key with wireless in Linux -- is this possible?

[alex]

Archived from groups: (More info?)

Hi all,

I've spent the last 2 days trying to connect to our wireless network
at work, and I think I've finally found the issue... we used shared
key on our access points, but all I've read says Linux has issues with
shared key and generally won't work.

My system is below:
Dell Inspiron 3800 (600 Mhz)
SuSE 9.1 Pro
Proxim Orinoco Gold A/B Combo, Model# 8460-05

When I first installed SuSE and plugged this card in (just bought card
4 days ago), it works great on my home network.. but it's open with no
WEP. To get it working at work however, neither the stock SuSE
drivers nor downloaded Linuxant drivers have worked. I considered
trying madwifi, but the FAQ's said madwifi doesn't support shared key
either. When reviewing /var/log/messages I have the following error:
authentication failed (reason 13)
.... and after more research I found this was due to shared key on the
access point.

So... what next? The access point shows-up with typing 'iwlist scan'
and when I type iwconfig it appears to have all information correct
(correct SSID and key). Is there no way to connect to a network using
shared key? If so, can someone point me in the correct direction?
And as Shared Key so popular, why don't the popular Linux wireless
drivers support it yet?

Thanks for any suggestions or ideas. I'm at a total loss on what to
try next. I've used Linux for years, but I have little experience
with wireless. Plus this is the second card I"ve tried with the first
being a Linksys with same results.

Take care and thanks for your time,

Alex.

 

[Guest]

Archived from groups: (More info?)

>Thanks for any suggestions or ideas. I'm at a total loss on what to
>try next. I've used Linux for years, but I have little experience
>with wireless. Plus this is the second card I"ve tried with the first
>being a Linksys with same results.
Workaround:
Consider getting a bridge (e.g. Linksys WET11 or it's sucessor).
With a bridge the OS is not important, as there are no drivers needed.
Your PC connects to the bridge by common ethernet.

/Jan

 

[alex]

Archived from groups: (More info?)

Jan Bachman wrote:

>>Thanks for any suggestions or ideas. I'm at a total loss on what to
>>try next. I've used Linux for years, but I have little experience
>>with wireless. Plus this is the second card I"ve tried with the first
>>being a Linksys with same results.
>
> Workaround:
> Consider getting a bridge (e.g. Linksys WET11 or it's sucessor).
> With a bridge the OS is not important, as there are no drivers needed.
> Your PC connects to the bridge by common ethernet.
>
> /Jan
>

Hi Jan,

Thanks for the suggestion... I never though about doing something like this, but I don't think it'll
accomplish what I'm needing in this application. We have 5-6 access points around our office, all
using shared keys, so I need something very portable and easy to setup and configure.

But thanks for the idea, and take care,

Alex.

 

[gerry]

Archived from groups: (More info?)

[original post is likely clipped to save bandwidth]
On Mon, 24 May 2004 20:04:27 +0200, Jan Bachman <jamen@davs.du> wrote:

>>Thanks for any suggestions or ideas. I'm at a total loss on what to
>>try next. I've used Linux for years, but I have little experience
>>with wireless. Plus this is the second card I"ve tried with the first
>>being a Linksys with same results.
>Workaround:
>Consider getting a bridge (e.g. Linksys WET11 or it's sucessor).
>With a bridge the OS is not important, as there are no drivers needed.
>Your PC connects to the bridge by common ethernet.
>
>/Jan

Be a bit careful when buying bridges. Many will only connects to matched
access points ort another identical bridge.

I found D-Link bridges horrible in this respect, Netgear are AP agnostic
(at least mine)

Check compatibility!

gerry

--

Personal home page - http://gogood.com

gerry misspelled in my email address to confuse robots

 

[Guest]

Archived from groups: (More info?)

In comp.os.linux.networking Alex <alex@totallynerd.com> wrote:

> So... what next? The access point shows-up with typing 'iwlist scan'
> and when I type iwconfig it appears to have all information correct
> (correct SSID and key). Is there no way to connect to a network using
> shared key?

Certainly, AFAIK, all reasonably mature wireless drivers can do WEP,
even the beta MadWiFi drivers for Atheros can do WEP without problems.

It's a simple matter of doing the following. (this is what I would do by
hand with me Orinoco Gold 11b)

ifconfig eth1 up
#iwlist eth1 scanning <-- not supported on my Orinoco Gold 11b
iwconfig eth1 essid MYESSID
iwconfig eth1 key 's:MYASCIIKEY' <-- note this must be 5 characters
for 64/40 bit encryption, 10
for 128/104 bit encryption.
This is not a passphrase.
iwconfig eth1 key '018c2b382b' <-- Or you can use hex-keys, which
are much harder to remember.
dhclient <-- Or whatever you use to get an
IP address. zcip is useful on
an ad-hoc network.

> And as Shared Key so popular, why don't the popular Linux wireless
> drivers support it yet?

They do. Where did you get your information?

--
Cameron Kerr
cameron.kerr@paradise.net.nz : http://nzgeeks.org/cameron/
Empowered by Perl!

 

[alex]

Archived from groups: (More info?)

Cameron Kerr wrote:
> In comp.os.linux.networking Alex <alex@totallynerd.com> wrote:
>
>
>>So... what next? The access point shows-up with typing 'iwlist scan'
>>and when I type iwconfig it appears to have all information correct
>>(correct SSID and key). Is there no way to connect to a network using
>>shared key?
>
>
> Certainly, AFAIK, all reasonably mature wireless drivers can do WEP,
> even the beta MadWiFi drivers for Atheros can do WEP without problems.
>
> It's a simple matter of doing the following. (this is what I would do by
> hand with me Orinoco Gold 11b)
>
> ifconfig eth1 up
> #iwlist eth1 scanning <-- not supported on my Orinoco Gold 11b
> iwconfig eth1 essid MYESSID
> iwconfig eth1 key 's:MYASCIIKEY' <-- note this must be 5 characters
> for 64/40 bit encryption, 10
> for 128/104 bit encryption.
> This is not a passphrase.
> iwconfig eth1 key '018c2b382b' <-- Or you can use hex-keys, which
> are much harder to remember.
> dhclient <-- Or whatever you use to get an
> IP address. zcip is useful on
> an ad-hoc network.
>
>
>>And as Shared Key so popular, why don't the popular Linux wireless
>>drivers support it yet?
>
>
> They do. Where did you get your information?
>


Hi Cameron,

I'm using the madwifi drivers now, and they seem to work quite well with all open access points, but
not Shared Key. On the madwifi FAQ's it even says the following:

http://www.mattfoster.clara.co.uk/madwifi-faq.htm
-- <snip> --
4.13. What security features does madwifi support?
Currently 'restricted' and 'shared key' WEP do not work. I have read reports of people getting
802.1x working with some sucess however. There is also a WPA branch of the CVS. See the project page
for more info.
-- </snip> --

I've also ran across many messages in newsgroups from folks trying to get shared key authentication
working, and most folks say it's not supported or working properly in current Linux drivers. I'll
admit I'm not totally up to par on wireless terms or the technology in general, but I know the card
works fine with open networks... just not encrypted networks. And AFAICT it's configured properly.
I've used both SuSE's YaST, iwconfig, and even editing the file manually in /etc/sysconfig/network.

Thanks for any suggestions or comments, and take care,

Alex.

 

[Guest]

Archived from groups: (More info?)

gerry wrote:

> Be a bit careful when buying bridges. Many will only connects to matched
> access points ort another identical bridge.
>
> I found D-Link bridges horrible in this respect, Netgear are AP agnostic
> (at least mine)
>
> Check compatibility!
>

Good point.

Can you post a good compatibility report link?

Specifically I'd like to know if others are having issues with Motorola
wireless bridges.

 

[Guest]

Archived from groups: (More info?)

There is not yet any such thing as AP agnostic bridges. Bridging, as well
as repeating, depend upon a feature called Wireless Distribution System
(roaming depends on Distribution System, which may be wireless or wired).
There isn't a ratified standard for a Distribution System, wireless or
otherwise, yet. IEEE 802.11F is now available in draft format. For lack of
a standard, each vendor had to solve the DS problem for themselves. Some
vendors may have collaborated on this, thus providing interoperability.

When 802.11F is ratified, will vendors provide firmware upgrades for
existing equipment, or will only new products follow the standard? Well,
when WPA came out in 6/03 almost no vendors retrofitted their 802.11b
products to support it; even though WPA was specifically designed to work
without requiring more powerful processors or any other hardware
improvements over WEP.

Ron Bandes, CCNP, CTT+, etc.

"gerry" <gerrry_net@gogood.com> wrote in message
news:krc6b09jvejedva2j5l1ledtpu7donlo31@4ax.com...
> [original post is likely clipped to save bandwidth]
> On Mon, 24 May 2004 20:04:27 +0200, Jan Bachman <jamen@davs.du> wrote:
>
> >>Thanks for any suggestions or ideas. I'm at a total loss on what to
> >>try next. I've used Linux for years, but I have little experience
> >>with wireless. Plus this is the second card I"ve tried with the first
> >>being a Linksys with same results.
> >Workaround:
> >Consider getting a bridge (e.g. Linksys WET11 or it's sucessor).
> >With a bridge the OS is not important, as there are no drivers needed.
> >Your PC connects to the bridge by common ethernet.
> >
> >/Jan
>
> Be a bit careful when buying bridges. Many will only connects to matched
> access points ort another identical bridge.
>
> I found D-Link bridges horrible in this respect, Netgear are AP agnostic
> (at least mine)
>
> Check compatibility!
>
> gerry
>
> --
>
> Personal home page - http://gogood.com
>
> gerry misspelled in my email address to confuse robots

 

[alex]

Archived from groups: (More info?)

Alex wrote:

> Hi all,
>
> I've spent the last 2 days trying to connect to our wireless network
> at work, and I think I've finally found the issue... we used shared
> key on our access points, but all I've read says Linux has issues with
> shared key and generally won't work.
>
> <SNIP>

Though there were many replies, no one has answered my question... do any drivers for the Orinoco
Gold card support Shared Key Authentication??? Or I should say, has anyone gotten any drivers to
work with an access point configured for shared key authentication? And if so, can you post your
wireless config file (minus the secure stuff of course)?

I'm grasping at straws here, and after several days of trying to get it going, it's a no go. Under
windows it's a matter of one check box, but it's not turning out to be as simple under Linux.
Connecting to open networks works like a charm, even Kismet works great, but connecting to my
corporate network that uses shared keys doesn't work.

I'd post my wireless config file, but I've fudged with it so much that wouldn't do much good anyway.
I'd really like to hear from anyone who's gotten this working.

Thanks and take care,

Alex.

 

[Guest]

Archived from groups: (More info?)

Hi,

These may help. Good luck!

Config from benq awl 100 using yast/orinoco_cs on suse 9.1:

BOOTPROTO='static'
BROADCAST='172.16.2.255'
IPADDR='172.16.2.33'
MTU=''
NETMASK='255.255.255.0'
NETWORK='172.16.2.0'
REMOTE_IPADDR=''
STARTMODE='onboot'
UNIQUE='k1PK.qjED'
WIRELESS_AP=''
####WIRELESS_AUTH_MODE='open'
WIRELESS_AUTH_MODE='shared'
WIRELESS_BITRATE='auto'
WIRELESS_CHANNEL=''
WIRELESS_DEFAULT_KEY='0'
WIRELESS_ESSID='nameofessid'
WIRELESS_KEY=''
WIRELESS_KEY_0='1234567890123456789012345678'
WIRELESS_KEY_1=''
WIRELESS_KEY_2=''
WIRELESS_KEY_3=''
WIRELESS_KEY_LENGTH='128'
WIRELESS_MODE='Managed'
WIRELESS_NICK=''
WIRELESS_NWID=''
WIRELESS_POWER='yes'
_nm_name='static-0'
WIRELESS_FREQUENCY=''

Config from my benq awl 100 using prism2 wlan-ng on Suse 8.2:

#=======USER MIB SETTINGS=============================
# You can add the assignments for various MIB items
# of your choosing to this variable, separated by
# whitespace. The wlan-ng script will then set each one.
# Just uncomment the variable and set the assignments
# the way you want them.

#USER_MIBS="p2CnfRoamingMode=1 p2CnfShortPreamble=mixed"

#=======WEP===========================================
# [Dis/En]able WEP. Settings only matter if PrivacyInvoked is true
lnxreq_hostWEPEncrypt=true # true|false
lnxreq_hostWEPDecrypt=true # true|false
dot11PrivacyInvoked=true # true|false
dot11WEPDefaultKeyID=0 # 0|1|2|3
dot11ExcludeUnencrypted=true # true|false, in AP this means WEP is
required.

# If PRIV_GENSTR is not empty, use PRIV_GENTSTR to generate
# keys (just a convenience)
PRIV_GENERATOR=/sbin/nwepgen # nwepgen, Neesus compatible
PRIV_KEY128=false # keylength to generate
PRIV_GENSTR=""

# or set them explicitly. Set genstr or keys, not both.
dot11WEPDefaultKey0=xx:yy:xx:yy:etc... # format: xx:xx:xx:xx:xx or
dot11WEPDefaultKey1= #
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
dot11WEPDefaultKey2= # e.g. 01:20:03:40:05 or
dot11WEPDefaultKey3= #
01:02:03:04:05:06:07:08:09:0a:0b:0c:0d
#=======SELECT STATION MODE===================
IS_ADHOC=n # y|n, y - adhoc, n - infrastructure

#======= INFRASTRUCTURE STATION ===================
# What kind of authentication?
####AuthType="opensystem" # opensystem | sharedkey
(requires WEP)
AuthType="sharedkey" # opensystem | sharedkey (requires WEP)

#======= ADHOC STATION ============================
BCNINT=100 # Beacon interval (in Kus)
CHANNEL=7 # DS channel for BSS (1-14, depends
# on regulatory domain)
BASICRATES="2 4" # Rates for mgmt&ctl frames (in 500Kb/s)
OPRATES="2 4 11 22" # Supported rates in BSS (in 500Kb/s)


Alex wrote:
> Alex wrote:
>
>> Hi all,
>>
>> I've spent the last 2 days trying to connect to our wireless network
>> at work, and I think I've finally found the issue... we used shared
>> key on our access points, but all I've read says Linux has issues with
>> shared key and generally won't work.
>>
>> <SNIP>
>
>
> Though there were many replies, no one has answered my question... do
> any drivers for the Orinoco Gold card support Shared Key
> Authentication??? Or I should say, has anyone gotten any drivers to
> work with an access point configured for shared key authentication? And
> if so, can you post your wireless config file (minus the secure stuff of
> course)?
>
> I'm grasping at straws here, and after several days of trying to get it
> going, it's a no go. Under windows it's a matter of one check box, but
> it's not turning out to be as simple under Linux. Connecting to open
> networks works like a charm, even Kismet works great, but connecting to
> my corporate network that uses shared keys doesn't work.
>
> I'd post my wireless config file, but I've fudged with it so much that
> wouldn't do much good anyway. I'd really like to hear from anyone
> who's gotten this working.
>
> Thanks and take care,
>
> Alex.
>

 

[gerry]

Archived from groups: (More info?)

[original post is likely clipped to save bandwidth]
On Tue, 25 May 2004 09:51:16 -0700, Keith Clark
<clarkphotography@hotmail.com> wrote:

>
>
>gerry wrote:
>
>> Be a bit careful when buying bridges. Many will only connects to matched
>> access points ort another identical bridge.
>>
>> I found D-Link bridges horrible in this respect, Netgear are AP agnostic
>> (at least mine)
>>
>> Check compatibility!
>>
>
>Good point.
>
>Can you post a good compatibility report link?
>
>Specifically I'd like to know if others are having issues with Motorola
>wireless bridges.

So far I've used my Netgear WTE101? (G) with D-Link AP's, DLink cable
routers, and Linksys cable routers. I have had zero problems connecting
several devices to the bridge (using a switch) at the same time.It may not
be a true generic bridge in that you must configure it (no PnP) to route
traffic through the LAN's gateway router. That does not mean it won't get
there via a different access point.

For example, my D-Link DWL-2000AP clearly states it will only bridge to
another DWL-2000AP, not even a D-Link cable modem!

It may not meet the strict definition of an agnostic bridge, but it's
documentation has no restrictions as to other brand/model APs and so far,
I have no HW (from 3 vendors it won't bridge to.

Note, it is not used for bridge to bridge wireless, it is designed for
bridge (itself) to AP.

gerry

--

Personal home page - http://gogood.com

gerry misspelled in my email address to confuse robots

 

[gerry]

Archived from groups: (More info?)

[original post is likely clipped to save bandwidth]
On Tue, 25 May 2004 13:23:29 GMT, "Ron Bandes" <RunderscoreBandes
@yah00.com> wrote:

>There is not yet any such thing as AP agnostic bridges. Bridging, as well
>as repeating, depend upon a feature called Wireless Distribution System
>(roaming depends on Distribution System, which may be wireless or wired).
>There isn't a ratified standard for a Distribution System, wireless or
>otherwise, yet. IEEE 802.11F is now available in draft format. For lack of
>a standard, each vendor had to solve the DS problem for themselves. Some
>vendors may have collaborated on this, thus providing interoperability.
>

You may sell be correct. If so, Netgear clearly made sure they will bridge
to Linksys, D-Link and Netgear APs and wireless cable routers (B & G).

It could also be they are not meeting the full formal standard (draft)
which may have some performance hit or less configuration than needed by
the Netgear.

I have limited equipment to test it with, so far 3 brands and 6 models
total, it has bridged multiple devices just fine to. Unlike D-Link,
Netgear has no restrictions on what APs it will bridge to on it's
documentation or support database. However it is Bridge to AP, not Bridge
to Bridge as the my D-Links are.

One does have to program the LAN's Gateway's IP address in setup (ex, my
cable router). Otherwise it can't always find other devices not on it's
wired LAN segment. On the other hand, two D-Link 2000AP in bridge mode
don't seem to need to know the gateway. But they will only bridge to
another identical model.

One reservation, when initializing (first power up or has been powered
down) I sometimes need to ping one link at a time, nearest to most
distant. Perhaps this is for the central router to learn how to reach
things. My setup is simplistic enough that it initializes fine. This only
occurred with an intentionally bizarre HW chain and mix of equipment I set
up for test.

I suspect Netgear has a partial implementation of what formal agnostic
bridges will end up being. Yet, it seems to be very functional.

gerry

--

Personal home page - http://gogood.com

gerry misspelled in my email address to confuse robots

 

[Guest]

Archived from groups: (More info?)

On 24 May 2004 10:09:07 -0700, Alex <alex@totallynerd.com> wrote:
> Hi all,
>
> I've spent the last 2 days trying to connect to our wireless network
> at work, and I think I've finally found the issue... we used shared
> key on our access points, but all I've read says Linux has issues with
> shared key and generally won't work.
>
> My system is below:
> Dell Inspiron 3800 (600 Mhz)
> SuSE 9.1 Pro
> Proxim Orinoco Gold A/B Combo, Model# 8460-05
>
> When I first installed SuSE and plugged this card in (just bought card
> 4 days ago), it works great on my home network.. but it's open with no
> WEP. To get it working at work however, neither the stock SuSE
> drivers nor downloaded Linuxant drivers have worked. I considered
> trying madwifi, but the FAQ's said madwifi doesn't support shared key
> either. When reviewing /var/log/messages I have the following error:
> authentication failed (reason 13)
> ... and after more research I found this was due to shared key on the
> access point.
>
> So... what next? The access point shows-up with typing 'iwlist scan'
> and when I type iwconfig it appears to have all information correct
> (correct SSID and key). Is there no way to connect to a network using
> shared key? If so, can someone point me in the correct direction?
> And as Shared Key so popular, why don't the popular Linux wireless
> drivers support it yet?

When you say "shared key" are you using an actual hex key, or attempting
to use an ascii string (password or pass phrase). Some brands/software
may have different methods of generating hex keys from
password/passphrase. For example Linux /sbin/nwepgen generates the same
64(40) bit hex key from a string as Linksys WAP11, but they differ when
generating 128(104) bit keys, so actual hex keys would be needed in that
case.

They also may differ in numbering for the 4 keys (1-4 vs 0-3). So key 2
on my WAP11 & WET11 would be key 1 in wlan-ng of my laptop. And WET11
only generated the first hex key from password/pass phrase, so even if
using 64-bit WEP, the other 3 hex keys would need to be manually filled
in.

But it is best to use random hex keys anyway. Harder to guess.

--
David Efflandt - All spam ignored http://www.de-srv.com/