OpenWrt Forum Archive

Topic: Rasberry Pi 3 B: broadcom: brcmf_configure_wpaie: Invalid key mgmt inf

The content of this topic has been archived on 20 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
arti107
22 Mar 2018, 01:20

Hi! I'm trying to set up the Radius 802.1x together with 802.11r on Raspberry pi 3 b

and I got this error message,  when my option encryption settings are anything from below

wpa2+tkip+ccmp
wpa2+tkip+aes

Please advise how to tackle this issue. Is there a way to fix the brcmfmac driver? There could be a naming convention problem?


Wed Mar 21 21:46:35 2018 daemon.warn hostapd: wlan0: Could not connect to kernel driver
Wed Mar 21 21:46:35 2018 daemon.err hostapd: Using interface wlan0 with hwaddr b8:27:eb:aa:aa:aa and ssid "roaming"
Wed Mar 21 21:46:35 2018 daemon.info hostapd: wlan0: RADIUS Authentication server 192.168.200.1:1812
Wed Mar 21 21:46:35 2018 kern.err kernel: [   14.538059] brcmfmac: brcmf_configure_wpaie: Invalid key mgmt info
Wed Mar 21 21:46:35 2018 kern.info kernel: [   14.712784] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Wed Mar 21 21:46:35 2018 kern.info kernel: [   14.721697] br-lan: port 2(wlan0) entered forwarding state
Wed Mar 21 21:46:35 2018 kern.info kernel: [   14.729539] br-lan: port 2(wlan0) entered forwarding state
Wed Mar 21 21:46:35 2018 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->ENABLED
Wed Mar 21 21:46:35 2018 daemon.notice hostapd: wlan0: AP-ENABLED

(Last edited by arti107 on 22 Mar 2018, 01:20)

Post #2
arti107
22 Mar 2018, 02:26

fully cycle of Radius

Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: IEEE 802.11: binding station to interface 'wlan0'
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: IEEE 802.1X: old identity 'user1' updated with User-Name from Access-Accept 'user1'
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: IEEE 802.1X: decapsulated EAP packet (code=3 id=43 len=4) from RADIUS server: EAP Success
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: IEEE 802.1X: Sending EAP Packet (identifier 43)
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: WPA: sending 1/4 msg of 4-Way Handshake
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: WPA: received EAPOL-Key frame (2/4 Pairwise)
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb: WPA: sending 3/4 msg of 4-Way Handshake
Thu Mar 22 01:24:17 2018 daemon.info hostapd: wlan0: STA b0:70:2d:cb: IEEE 802.11: disassociated
Thu Mar 22 01:24:17 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: WPA: event 2 notification
Thu Mar 22 01:24:17 2018 daemon.info hostapd: wlan0: STA b0:70:2d:cb IEEE 802.11: disassociated
Thu Mar 22 01:24:21 2018 daemon.info hostapd: wlan0: STA b0:70:2d:cb IEEE 802.11: associated
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d WPA: event 1 notification
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d IEEE 802.1X: start authentication
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d WPA: start authentication
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d IEEE 802.1X: unauthorizing port
Thu Mar 22 01:24:21 2018 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED b0:70:2d
Thu Mar 22 01:24:21 2018 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: Sending EAP Packet (identifier 148)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: received EAP packet (code=2 id=148 len=10) from STA: EAP Response-Identity (1)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:IEEE 802.1X: STA identity 'user1'
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 64 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: decapsulated EAP packet (code=1 id=149 len=6) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: Sending EAP Packet (identifier 149)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: received EAP packet (code=2 id=149 len=161) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 1068 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: decapsulated EAP packet (code=1 id=150 len=1004) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: Sending EAP Packet (identifier 150)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: received EAP packet (code=2 id=150 len=6) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 205 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70: IEEE 802.1X: decapsulated EAP packet (code=1 id=151 len=147) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:IEEE 802.1X: Sending EAP Packet (identifier 151)Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2 IEEE 802.1X: received EAP packet (code=2 id=151 len=136) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 115 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb IEEE 802.1X: decapsulated EAP packet (code=1 id=152 len=57) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb IEEE 802.1X: Sending EAP Packet (identifier 152)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:cb IEEE 802.1X: received EAP packet (code=2 id=152 len=6) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 98 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.01 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d:IEEE 802.1X: decapsulated EAP packet (code=1 id=153 len=40) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: Sending EAP Packet (identifier 153)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: received EAP packet (code=2 id=153 len=41) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 132 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: decapsulated EAP packet (code=1 id=154 len=74) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: Sending EAP Packet (identifier 154)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: received EAP packet (code=2 id=154 len=95) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 140 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: decapsulated EAP packet (code=1 id=155 len=82) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: Sending EAP Packet (identifier 155)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: received EAP packet (code=2 id=155 len=37) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 104 bytes from RADIUS server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received RADIUS message
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: RADIUS: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: decapsulated EAP packet (code=1 id=156 len=46) from RADIUS server: EAP-Request-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: Sending EAP Packet (identifier 156)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: STA b0:70:2d: IEEE 802.1X: received EAP packet (code=2 id=156 len=46) from STA: EAP Response-PEAP (25)
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Sending RADIUS message to authentication server
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Next RADIUS client retransmit in 3 seconds
Thu Mar 22 01:24:21 2018 daemon.debug hostapd: wlan0: RADIUS Received 167 bytes from RADIUS server

(Last edited by arti107 on 22 Mar 2018, 02:33)

Post #3
arti107
22 Mar 2018, 02:38

output from Radius -X

964) eap_peap: Session established.  Decoding tunneled attributes
(964) eap_peap: PEAP state send tlv success
(964) eap_peap: Received EAP-TLV response
(964) eap_peap: Success
(964) eap: Sending EAP Success (code 3) ID 7 length 4
(964) eap: Freeing handler
(964)     [eap] = ok
(964)   } # authenticate = ok
(964) # Executing section post-auth from file /etc/freeradius/3.0/sites-enabled/default
(964)   post-auth {
(964)     update {
(964)       No attributes updated
(964)     } # update = noop
(964)   } # post-auth = noop
(964) Login OK: [user1/<via Auth-Type = eap>] (from client b827eb91fb17 port 0 cli B0-70-2D-mm-aa-cc)
(964) Sent Access-Accept Id 98 from 192.168.200.1:1812 to 192.168.200.100:56390 length 0
(964)   MS-MPPE-Recv-Key = 0x896e3897a6bf8cd7ba9c92d4331972b36564fe8a67de9174ea2e4c1d71ca5056
(964)   MS-MPPE-Send-Key = 0x74a867b7bb07f1fae08ffb260e90f535fbb32158a056c59a9ba456c56dc9340b
(964)   EAP-Message = 0x03070004
(964)   Message-Authenticator = 0x00000000000000000000000000000000
(964)   User-Name = "user1"
(964) Finished request
Waking up in 4.8 seconds.
(956) Cleaning up request packet ID 90 with timestamp +20377
(957) Cleaning up request packet ID 91 with timestamp +20377
(958) Cleaning up request packet ID 92 with timestamp +20377
(959) Cleaning up request packet ID 93 with timestamp +20377
(960) Cleaning up request packet ID 94 with timestamp +20377
(961) Cleaning up request packet ID 95 with timestamp +20377
(962) Cleaning up request packet ID 96 with timestamp +20377
(963) Cleaning up request packet ID 97 with timestamp +20377
(964) Cleaning up request packet ID 98 with timestamp +20377
Ready to process requests

Post #4
arti107
27 Mar 2018, 20:14

So radius wpa2 and wpa roaming works fine unless encryption setting is in "mixed" mode.

I cant get the WPA2-PSK FT to work ... hard to understand why. I start to think that Raspberry Pi3 just don't support this. It must be some software problem as WPA2 works just fine in other variants f.e as stand alone AP or in mentioned WPA2-EAP .

Any ideas PLEASE let me know. Here is my config, Im using build in wifi.

config wifi-device 'radio0'                                                           
        option type 'mac80211'                                                         
        option phy 'phy0'                                                             
        option channel '1'                                                             
        option hwmode '11g'                                                           
        option htmode 'HT20'                                                           
        option country 'EN'                                                           
        option country_ie '1'                                                         
        option txpower '10'                                                           
        option required_mode 'g'                                                       
        option log_level '0'                                                           
                                                                                       
config wifi-iface 'default_radio0'                                                     
        option device 'radio0'                                                         
        option network 'lan'                                                           
        option mode 'ap'                                                               
        option ssid 'roaming'                                                         
        option wmm '1'                                                                 
        option nasid 'b827eb777a55'                                                   
        option encryption 'psk-mixed+ccmp'                                             
        option key 'Pass1234'                                                         
        option ft_psk_generate_local '1'                                               
        option ieee80211r '1'                                                         
        option mobility_domain 'e612'                                                 
        option short_gi_20 '1'                                                         
        option short_gi_40 '0'                                                         
        option dsss_cck40 '1'

This happens when using encryption in non "mixed" mode for psk2.


Tue Mar 27 18:13:12 2018 daemon.info dnsmasq[620]: reading /tmp/resolv.conf.auto
Tue Mar 27 18:13:12 2018 daemon.info dnsmasq[620]: using local addresses only for domain lan
Tue Mar 27 18:13:12 2018 daemon.info dnsmasq[620]: using nameserver 192.168.200.2#53
Tue Mar 27 18:13:12 2018 daemon.info dnsmasq[620]: using nameserver 192.168.200.2#53
Tue Mar 27 18:13:12 2018 daemon.info dnsmasq[620]: read /etc/hosts - 4 addresses
Tue Mar 27 18:13:12 2018 daemon.info dnsmasq[620]: read /tmp/hosts/dhcp.cfg02411c - 1 addresses
Tue Mar 27 18:13:14 2018 daemon.warn hostapd: wlan0: Could not connect to kernel driver
Tue Mar 27 18:13:14 2018 daemon.err hostapd: Using interface wlan0 with hwaddr b8:27:eb:77:7a:55 and ssid "roaming"
Tue Mar 27 18:13:14 2018 kern.err kernel: [   13.828032] brcmfmac: brcmf_configure_wpaie: Invalid key mgmt info
Tue Mar 27 18:13:14 2018 kern.info kernel: [   14.011830] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Tue Mar 27 18:13:14 2018 kern.info kernel: [   14.020812] br-lan: port 2(wlan0) entered forwarding state
Tue Mar 27 18:13:14 2018 kern.info kernel: [   14.028746] br-lan: port 2(wlan0) entered forwarding state
Tue Mar 27 18:13:14 2018 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->ENABLED
Tue Mar 27 18:13:14 2018 daemon.notice hostapd: wlan0: AP-ENABLED
Tue Mar 27 18:13:14 2018 daemon.notice netifd: Network device 'wlan0' link is up
Tue Mar 27 18:13:14 2018 daemon.notice netifd: lan (515): udhcpc: performing DHCP renew
Tue Mar 27 18:13:15 2018 daemon.notice netifd: lan (515): udhcpc: sending renew
Tue Mar 27 18:13:15 2018 daemon.notice netifd: lan (515): udhcpc: lease of 192.168.200.100 obtained, lease time 604800
Tue Mar 27 18:13:16 2018 kern.info kernel: [   16.026859] br-lan: port 2(wlan0) entered forwarding state

Post #5
arti107
28 Mar 2018, 00:02

Fortunately, I managed to solve my project by using external card AWSU036 N H. The config was correct, I used exactly same options for alfa card, and it works perfect.

Sadly, I think that openwrt must have some glitch in its software, in that mgmt_key_info handler function.
I will confirm this soon. Going to attempt usual hostapd +wpa_S on jessie. However,

Raspberry pi is capable to roam, It works perfectly fine with mixed and EAP encryption. I just dont want to believe that hardware is not working bcos of psk2 encryption.  This can be closed.

(Last edited by arti107 on 29 Mar 2018, 23:43)

The discussion might have continued from here.