trying to formulate a wpa_supplicant.conf that can be used to connect to a variety of different networks especially wpa2 and wpa3 Networks, I want to use the following property: "sae_password: SAE password This parameter can be used to set a password for SAE. By default, the passphrase from the psk parameter is used if this separate parameter is not used" to not write the Password twice into the file - under psk and sae_password. But the connection to a wpa3 network only works if the sae_password is added.
tried a wpa_supplicant.conf with the following content:
"
country=us
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
update_config=1
network=
{ ssid="WiFi6_Asus-Mesh" #psk="xxxxxx" psk=41c968ef5fec62485ea123e992128b1123aba773953cc6c01074392679718f6a key_mgmt=SAE WPA-PSK WPA-PSK-SHA256 pairwise=CCMP group=CCMP proto=RSN ieee80211w=1 sae_password="xxxxxx" }"
and connection to a wpa3 AP worked fine. Discarding the the sae_password="xxxxxx" however did lead to: entered:
wpa_supplicant -iwlan0 -Dnl80211 -cwpa_supplicant.conf
got:
Successfully initialized wpa_supplicant
wlan0: Trying to associate with fc:34:97:23:a2:68 (SSID='WiFi6_Asus-Mesh' freq=2437 MHz)
wlan0: CTRL-EVENT-ASSOC-REJECT bssid=fc:34:97:23:a2:68 status_code=1
wlan0: Trying to associate with fc:34:97:23:a2:68 (SSID='WiFi6_Asus-Mesh' freq=2437 MHz)
wlan0: Authentication with fc:34:97:23:a2:68 timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=fc:34:97:23:a2:68 reason=3 locally_generated=1
etc.
adding sae_pk=0 to the conf file did not help.
Because of the documentation cited above i did expect, that the psk would be taken when the sae_password is discarded. But in my case this did not work out. why? did i misunderstand the documentation?
misunderstanding of the documentation on my side: The functionality of "By default, the passphrase from the psk parameter is used if this (
sae_password
) separate parameter is not used" works indeed - if the psk is given correctly. In the above configuration I gave the hashed psk and only gave the cleartext like#psk="xxxxxx"
which causes wpa_supplicant to not use the cleartext which apparently is required instead of the hashed one for wpa3 to work. In detail - here is the configuration that works: