Hi Jirka, thanks for your reply! On 10/05/10 14:52, Jirka Klimes wrote: > On Thursday 06 of May 2010 14:23:52 Bjorge Solli wrote: >> Info: www.eduroam.org, www.eduroam.no >> Setup: we have two Win2k3 servers as authenticators for our two domains >> (students and staff) and one had this patch and the other didn't: >> http://support.microsoft.com/kb/948963 >> The domain with the patch failed to authenticate and removing the patch >> solved the problem. >> The patch adds " TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA and the >> TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA AES". >> This patch is backported from Win Server 2008.. >> > > Thanks for the info. It's good to know that it works without the hotfix on > Windows. > In that case, RC4-based cipher is probably used. Nevertheless, it is ironic > that with the hotfix the negotiation is not successful, because it's meant to > improve cooperation with OpenSSL. > >> Our problem is solved for now, but maybe someone should try to solve the >> underlying problem? I have attached the wpa_supplicant log of a failing >> connection. >> > > I don't know what the actual problem is, but TLS/SSL handshake was not > successful. > If you have a chance to capture packets with Wireshark (or something) in not- > working case, it would help to identify issues in SSL handshake. > We did have that, but it was unfortunately deleted. We don't want to break the system just to produce it again..
> BTW, what distributions do you use? Fedora 12, tested on both 32-bit and 64-bit. Updated to latest in yum repos. > What are the versions of NM, wpa_supplicant and OpenSSL? Searching a bit on > the problem, there could be a bug in older versions of wpa_supplicant. > # rpm -qa | egrep -i '(wpa|networkmanager|openssl)' openssl-1.0.0-0.13.beta4.fc12.i686 NetworkManager-glib-0.8.0-6.git20100408.fc12.x86_64 pyOpenSSL-0.9-1.fc12.x86_64 NetworkManager-openconnect-0.7.996-4.git20090921.fc12.x86_64 NetworkManager-pptp-0.7.997-3.git20100120.fc12.x86_64 openssl-1.0.0-0.13.beta4.fc12.x86_64 NetworkManager-gnome-0.8.0-6.git20100408.fc12.x86_64 wpa_supplicant-0.6.8-8.fc12.x86_64 NetworkManager-vpnc-0.7.996-4.git20090921.fc12.x86_64 NetworkManager-0.8.0-6.git20100408.fc12.x86_64 NetworkManager-openvpn-0.7.996-4.git20090923.fc12.x86_64 >> Please cc to me on replies as I don't read the list every day. >> >> On 27/04/10 13:30, Jirka Klimes wrote: >>> You can follow instructions in section "Debugging WiFi Connections" on >>> http://live.gnome.org/NetworkManager/Debugging >> >> Thanks! >> - Bjørge -- Regards/Mvh, Bjørge Solli Staff engineer/Overingeniør at Uni. Bergen, IT, Infrastruktur, Unix Nygårdsgaten 5. Pb.7800, N-5020 Bergen, Norway. www.uib.no/it (+47) Tlf: (555)82774 Mob: 91614343 Fax: (555)48299 _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
