Nope :(
Thomas Hood <[email protected]> hat am 3. Juli 2012 um 22:56 geschrieben: > @Jan: Has any progress been made on this in Ubuntu 12.04? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/610084 > > Title: > wpasupplicant peap mschapv2 dot1x re-authenticate fails > > Status in “network-manager” package in Ubuntu: > New > Status in “wpasupplicant” package in Ubuntu: > New > > Bug description: > Binary package hint: wpasupplicant > > Package: wpasupplicant 0.6.9-3ubuntu3 on Ubuntu 10.04 LTS > > Intended functionality: accessing 802.1x secured wired network via > wpasupplicant by peap and mschapv2 and successful periodic reauthentication > w/a user interaction. > > What happens: user enters credentials (login/pw) and gets authenticated and > his > computer is put in the correct vlan. The switch (cisco 3560g) is configured > to re-authenticate > all 802.1x users every n seconds to propagate new vlan assignments w/a > restarting the port. > > The initial connection works and the user can access the network. > Here the part of the syslog during this initial phase (NetworkManager stuff > just FYI): > > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) starting > connection '192.168.1.101 w 802.1x' > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 3 > -> 4 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) started... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) complete. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) starting... > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 4 > -> 5 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0/wired): > connection '192.168.1.101 w 802.1x' has security, but secrets are required. > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 5 > -> 6 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) complete. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) started... > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 6 > -> 4 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) complete. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) starting... > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 4 > -> 5 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0/wired): > connection '192.168.1.101 w 802.1x' requires no security. No secrets needed. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) complete. > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): supplicant interface > state: starting -> ready > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'password' value > '<omitted>' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'key_mgmt' value > 'IEEE8021X' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'eapol_flags' > value '0' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'eap' value 'PEAP' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'fragment_size' > value '1300' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'phase2' value > 'auth=MSCHAPV2' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'identity' value > 'jan' > Jul 26 15:15:28 raw NetworkManager: <info> Config: set interface ap_scan to > 1 > Jul 26 15:15:28 raw wpa_supplicant[1258]: Associated with 01:80:c2:00:00:03 > Jul 26 15:15:28 raw NetworkManager: <info> (eth0) supplicant connection > state: disconnected -> associated > Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP > authentication started > Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 > method 25 (PEAP) selected > Jul 26 15:15:29 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake > - Failed to read possible Application Data > error:00000000:lib(0):func(0):reason(0) > Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-MSCHAPV2: Authentication > succeeded > Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - > EAP-TLV/Phase2 Completed > Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-SUCCESS EAP > authentication completed successfully > Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-CONNECTED - Connection > to 01:80:c2:00:00:03 completed (auth) [id=0 id_str=] > Jul 26 15:15:33 raw NetworkManager: <info> (eth0) supplicant connection > state: associated -> completed > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0/wired) Stage 2 > of 5 (Device Configure) successful. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 > (IP Configure Start) scheduled. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 > (IP Configure Start) started... > Jul 26 15:15:33 raw NetworkManager: <info> (eth0): device state change: 5 > -> 7 (reason 0) > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP4 Configure Get) scheduled... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP6 Configure Get) scheduled... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 > (IP Configure Start) complete. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP4 Configure Get) started... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP4 Configure Get) complete. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP6 Configure Get) started... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 > (IP Configure Commit) scheduled... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP6 Configure Get) complete. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 > (IP Configure Commit) started... > Jul 26 15:15:33 raw avahi-daemon[1059]: Joining mDNS multicast group on > interface eth0.IPv4 with address 192.168.1.101. > Jul 26 15:15:33 raw avahi-daemon[1059]: New relevant interface eth0.IPv4 for > mDNS. > Jul 26 15:15:33 raw avahi-daemon[1059]: Registering new address record for > 192.168.1.101 on eth0.IPv4. > Jul 26 15:15:34 raw NetworkManager: <info> (eth0): device state change: 7 > -> 8 (reason 0) > Jul 26 15:15:34 raw NetworkManager: <info> Activation (eth0) successful, > device activated. > Jul 26 15:15:34 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 > (IP Configure Commit) complete. > Jul 26 15:15:34 raw ntpdate[12890]: can't find host ntp.ubuntu.com > Jul 26 15:15:34 raw ntpdate[12890]: no servers can be used, exiting > > Now after ten seconds the switch requests re-authentification: > > Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP > authentication started > Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 > method 25 (PEAP) selected > Jul 26 15:15:43 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake > - Failed to read possible Application Data > error:00000000:lib(0):func(0):reason(0) > Jul 26 15:15:43 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - > EAP-TLV/Phase2 Completed > > To me this looks exactly the same as before but the radius server > logs: "Auth: Login incorrect: [jan/<via Auth-Type=EAP>]..." > > On top of that the NetworkManager also does not realize that the > connection is broken. > > This setup works with M$ Windows XP sp3. What also works is > TTLS+MSCHAPv1 on the linux machine, however TTLS+MSCHAPv2 fails just > as PEAP+MSCHAPv2 does here. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/610084/+subscriptions -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/610084 Title: wpasupplicant peap mschapv2 dot1x re-authenticate fails Status in “network-manager” package in Ubuntu: New Status in “wpasupplicant” package in Ubuntu: New Bug description: Binary package hint: wpasupplicant Package: wpasupplicant 0.6.9-3ubuntu3 on Ubuntu 10.04 LTS Intended functionality: accessing 802.1x secured wired network via wpasupplicant by peap and mschapv2 and successful periodic reauthentication w/a user interaction. What happens: user enters credentials (login/pw) and gets authenticated and his computer is put in the correct vlan. The switch (cisco 3560g) is configured to re-authenticate all 802.1x users every n seconds to propagate new vlan assignments w/a restarting the port. The initial connection works and the user can access the network. Here the part of the syslog during this initial phase (NetworkManager stuff just FYI): Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) starting connection '192.168.1.101 w 802.1x' Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 3 -> 4 (reason 0) Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled... Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) started... Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) scheduled... Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) complete. Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) starting... Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 4 -> 5 (reason 0) Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0/wired): connection '192.168.1.101 w 802.1x' has security, but secrets are required. Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 5 -> 6 (reason 0) Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) complete. Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled... Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) started... Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 6 -> 4 (reason 0) Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) scheduled... Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) complete. Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) starting... Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 4 -> 5 (reason 0) Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0/wired): connection '192.168.1.101 w 802.1x' requires no security. No secrets needed. Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 (Device Configure) complete. Jul 26 15:15:28 raw NetworkManager: <info> (eth0): supplicant interface state: starting -> ready Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'password' value '<omitted>' Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'key_mgmt' value 'IEEE8021X' Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'eapol_flags' value '0' Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'eap' value 'PEAP' Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'fragment_size' value '1300' Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'phase2' value 'auth=MSCHAPV2' Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'identity' value 'jan' Jul 26 15:15:28 raw NetworkManager: <info> Config: set interface ap_scan to 1 Jul 26 15:15:28 raw wpa_supplicant[1258]: Associated with 01:80:c2:00:00:03 Jul 26 15:15:28 raw NetworkManager: <info> (eth0) supplicant connection state: disconnected -> associated Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP authentication started Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Jul 26 15:15:29 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-MSCHAPV2: Authentication succeeded Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed (auth) [id=0 id_str=] Jul 26 15:15:33 raw NetworkManager: <info> (eth0) supplicant connection state: associated -> completed Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0/wired) Stage 2 of 5 (Device Configure) successful. Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) scheduled. Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) started... Jul 26 15:15:33 raw NetworkManager: <info> (eth0): device state change: 5 -> 7 (reason 0) Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP4 Configure Get) scheduled... Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP6 Configure Get) scheduled... Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP Configure Start) complete. Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP4 Configure Get) started... Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP4 Configure Get) complete. Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP6 Configure Get) started... Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) scheduled... Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 (IP6 Configure Get) complete. Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) started... Jul 26 15:15:33 raw avahi-daemon[1059]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.101. Jul 26 15:15:33 raw avahi-daemon[1059]: New relevant interface eth0.IPv4 for mDNS. Jul 26 15:15:33 raw avahi-daemon[1059]: Registering new address record for 192.168.1.101 on eth0.IPv4. Jul 26 15:15:34 raw NetworkManager: <info> (eth0): device state change: 7 -> 8 (reason 0) Jul 26 15:15:34 raw NetworkManager: <info> Activation (eth0) successful, device activated. Jul 26 15:15:34 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) complete. Jul 26 15:15:34 raw ntpdate[12890]: can't find host ntp.ubuntu.com Jul 26 15:15:34 raw ntpdate[12890]: no servers can be used, exiting Now after ten seconds the switch requests re-authentification: Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP authentication started Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Jul 26 15:15:43 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) Jul 26 15:15:43 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed To me this looks exactly the same as before but the radius server logs: "Auth: Login incorrect: [jan/<via Auth-Type=EAP>]..." On top of that the NetworkManager also does not realize that the connection is broken. This setup works with M$ Windows XP sp3. What also works is TTLS+MSCHAPv1 on the linux machine, however TTLS+MSCHAPv2 fails just as PEAP+MSCHAPv2 does here. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/610084/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
