[Desktop-packages] [Bug 1501588] Re: Wily's wpasupplicant frequently fails on WPA enterprise networks
In my case it's not frequency fails - it always fails. On 3 separate WAP Enterprise SSIDs. I understand that the WPA Supplicant people say this is a Radius server bug and not a supplicant bug. That may be true, but there is little chance of the offending radius servers on the WPA Enterprise networks I need to use being upgraded until this same bug bites Windows and MacOS. Until then as far as they are concerned it's a Linux bug and not their problem. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to wpa in Ubuntu. https://bugs.launchpad.net/bugs/1501588 Title: Wily's wpasupplicant frequently fails on WPA enterprise networks Status in hostap: Unknown Status in wpa package in Ubuntu: Confirmed Bug description: Ever since I upgraded from vivid to wily on my laptop, I'm running into problems when connecting to my home WPA2 enterprise network. Typically the first connection immediately after the driver is loaded works as expected, however any further reconnection and the occasional roaming between APs cause wpasupplicant to freeze entirely requiring me to kill it and most often also reload my wireless driver to get things working again. ## A failed (hanging) association looks like: Sep 30 23:31:06 castiana NetworkManager[25815]: (wlan0): Activation: (wifi) connection 'stgraber.net-secure' has security, and secrets exist. No new secrets needed. Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'ssid' value 'stgraber.net-secure' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'scan_ssid' value '1' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'key_mgmt' value 'WPA-EAP' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'eap' value 'TLS' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'fragment_size' value '1300' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'ca_cert' value '/home/stgraber/data/certs/stgraber-radius/ca.crt' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'private_key' value '/home/stgraber/data/certs/stgraber-radius/castiana.p12' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'private_key_passwd' value '' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'identity' value 'castiana' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'bgscan' value 'simple:30:-65:300' Sep 30 23:31:06 castiana NetworkManager[25815]: Config: added 'proactive_key_caching' value '1' Sep 30 23:31:06 castiana NetworkManager[25815]: Connection disconnected (reason -3) Sep 30 23:31:06 castiana NetworkManager[25815]: (wlan0): supplicant interface state: associated -> disconnected Sep 30 23:31:06 castiana NetworkManager[25815]: Failed to GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected: disconnect. Sep 30 23:31:06 castiana NetworkManager[25815]: Failed to GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected: disconnect. Sep 30 23:31:06 castiana NetworkManager[25815]: Config: set interface ap_scan to 1 Sep 30 23:31:06 castiana NetworkManager[25815]: (wlan0): supplicant interface state: disconnected -> scanning Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: SME: Trying to authenticate with 24:a4:3c:c8:69:03 (SSID='stgraber.net-secure' freq=2412 MHz) Sep 30 23:31:07 castiana kernel: [102903.079940] wlan0: authenticate with 24:a4:3c:c8:69:03 Sep 30 23:31:07 castiana kernel: [102903.085128] wlan0: send auth to 24:a4:3c:c8:69:03 (try 1/3) Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: Trying to associate with 24:a4:3c:c8:69:03 (SSID='stgraber.net-secure' freq=2412 MHz) Sep 30 23:31:07 castiana NetworkManager[25815]: (wlan0): supplicant interface state: scanning -> authenticating Sep 30 23:31:07 castiana kernel: [102903.086942] wlan0: authenticated Sep 30 23:31:07 castiana kernel: [102903.090103] wlan0: associate with 24:a4:3c:c8:69:03 (try 1/3) Sep 30 23:31:07 castiana NetworkManager[25815]: (wlan0): supplicant interface state: authenticating -> associating Sep 30 23:31:07 castiana kernel: [102903.101962] wlan0: RX AssocResp from 24:a4:3c:c8:69:03 (capab=0x411 status=0 aid=1) Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: Associated with 24:a4:3c:c8:69:03 Sep 30 23:31:07 castiana kernel: [102903.103701] wlan0: associated Sep 30 23:31:07 castiana NetworkManager[25815]: (wlan0): supplicant interface state: associating -> associated Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 Sep 30 23:31:07 castiana wpa_supplicant[25653]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Sep 30 23:31:07 castiana
[Desktop-packages] [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate
This seems to be even worse in 14.04 as removing or changing the system- ca-certs= line no longer works. I can make the office WPA2 connection work as I have access to the root certificate for it's key, but my Uni's Eduroam is now completely unusable as removing the system-ca-certs line no longer works and the institution will not give me the root certificate for the self signed key. (We only support Mac/Windows via the supplied installers was the response I got). I took apart the Mac installer hoping to get the certificate, but as far as I can figure, what they supply for the mac is a script that turns off certificate checking in OSX :-) It's all very well saying connecting with out verifying the certificate is insecure and shouldn't be allowed, but that just isn't a realistic approach. I ether have to connect with out certificate checking, or I can't use the service at all. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1104476 Title: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate Status in NetworkManager: Fix Released Status in Release Notes for Ubuntu: Fix Released Status in “network-manager” package in Ubuntu: Triaged Status in Gentoo Linux: Fix Released Status in “network-manager” package in openSUSE: Confirmed Bug description: === Release Notes Text === When connecting to MPA2/PEAP/MSCHAPv2 wifi networks which do not have a CA Certificate network manager may incorrectly mark the CA certificate as needing verification and fail that verification. See the bug for workarounds. === I can connect to Eduroam in 12.10 and any other previous release, but not in 13.04. I checked, my name and password are correct, all settings are the same as in 12.10. Network properties: security: WPA - WPA2 enterprise authentication: protected EAP (PEAP) CA certificate: none PEAP version: automatic inner autentication: MSCHAPv2 username: (required) password: (required) ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: network-manager 0.9.6.0+git201301021750.e78c3e8-0ubuntu3 ProcVersionSignature: Ubuntu 3.8.0-1.5-generic 3.8.0-rc4 Uname: Linux 3.8.0-1-generic i686 ApportVersion: 2.8-0ubuntu2 Architecture: i386 CasperVersion: 1.330 Date: Thu Jan 24 21:32:25 2013 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IpRoute: default via 192.168.43.1 dev wlan0 proto static 169.254.0.0/16 dev wlan0 scope link metric 1000 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.149 metric 9 LiveMediaBuild: Ubuntu 13.04 Raring Ringtail - Alpha i386 (20130123) MarkForUpload: True NetworkManager.state: [main] NetworkingEnabled=true WirelessEnabled=true WWANEnabled=true WimaxEnabled=true ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=set LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-con: NAME UUID TYPE TIMESTAMPTIMESTAMP-REAL AUTOCONNECT READONLY DBUS-PATH AndroidAP 978da457-563b-4c59-a894-45eb0f74fcb7 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTCyes no /org/freedesktop/NetworkManager/Settings/2 Wired connection 16703fabc-9519-49bd-a4af-45fbfb7d660e 802-3-ethernet1359062570 Thu 24 Jan 2013 09:22:50 PM UTCyes no /org/freedesktop/NetworkManager/Settings/1 eduroam 00f69a95-4a1b-436c-b462-a284f45fbaa1 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTCyes no /org/freedesktop/NetworkManager/Settings/0 nmcli-dev: DEVICE TYPE STATE DBUS-PATH wlan0 802-11-wireless connected /org/freedesktop/NetworkManager/Devices/1 eth0 802-3-ethernetunavailable /org/freedesktop/NetworkManager/Devices/0 nmcli-nm: RUNNING VERSIONSTATE NET-ENABLED WIFI-HARDWARE WIFI WWAN-HARDWARE WWAN running 0.9.7.0connected enabled enabled enabledenabled disabled To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/1104476/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate
In my case I either have to use the connection with out the proper certificate or NOT USE IT AT ALL. The powers that set up our Eduroam refuse to distribute the certificate required. 'We support Windows and Mac only'. The Windows installer uses some package that installs a new EAP module into Windows, and the OSX one appears to be a simple script that turns off certificate verification for the Eduroam SSID. Yes, not using the certificate leaves me open to a man-in-the-middle attack, but institutional policy doesn't leave me any choice here. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1104476 Title: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate Status in NetworkManager: Fix Released Status in Release Notes for Ubuntu: Fix Released Status in “network-manager” package in Ubuntu: Triaged Status in Gentoo Linux: Fix Released Status in “network-manager” package in openSUSE: Confirmed Bug description: === Release Notes Text === When connecting to MPA2/PEAP/MSCHAPv2 wifi networks which do not have a CA Certificate network manager may incorrectly mark the CA certificate as needing verification and fail that verification. See the bug for workarounds. === I can connect to Eduroam in 12.10 and any other previous release, but not in 13.04. I checked, my name and password are correct, all settings are the same as in 12.10. Network properties: security: WPA - WPA2 enterprise authentication: protected EAP (PEAP) CA certificate: none PEAP version: automatic inner autentication: MSCHAPv2 username: (required) password: (required) ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: network-manager 0.9.6.0+git201301021750.e78c3e8-0ubuntu3 ProcVersionSignature: Ubuntu 3.8.0-1.5-generic 3.8.0-rc4 Uname: Linux 3.8.0-1-generic i686 ApportVersion: 2.8-0ubuntu2 Architecture: i386 CasperVersion: 1.330 Date: Thu Jan 24 21:32:25 2013 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IpRoute: default via 192.168.43.1 dev wlan0 proto static 169.254.0.0/16 dev wlan0 scope link metric 1000 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.149 metric 9 LiveMediaBuild: Ubuntu 13.04 Raring Ringtail - Alpha i386 (20130123) MarkForUpload: True NetworkManager.state: [main] NetworkingEnabled=true WirelessEnabled=true WWANEnabled=true WimaxEnabled=true ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=set LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-con: NAME UUID TYPE TIMESTAMPTIMESTAMP-REAL AUTOCONNECT READONLY DBUS-PATH AndroidAP 978da457-563b-4c59-a894-45eb0f74fcb7 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTCyes no /org/freedesktop/NetworkManager/Settings/2 Wired connection 16703fabc-9519-49bd-a4af-45fbfb7d660e 802-3-ethernet1359062570 Thu 24 Jan 2013 09:22:50 PM UTCyes no /org/freedesktop/NetworkManager/Settings/1 eduroam 00f69a95-4a1b-436c-b462-a284f45fbaa1 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTCyes no /org/freedesktop/NetworkManager/Settings/0 nmcli-dev: DEVICE TYPE STATE DBUS-PATH wlan0 802-11-wireless connected /org/freedesktop/NetworkManager/Devices/1 eth0 802-3-ethernetunavailable /org/freedesktop/NetworkManager/Devices/0 nmcli-nm: RUNNING VERSIONSTATE NET-ENABLED WIFI-HARDWARE WIFI WWAN-HARDWARE WWAN running 0.9.7.0connected enabled enabled enabledenabled disabled To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/1104476/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate
I just want to add for those trying 'random' certificates - if your school can't/won't supply you the proper certificate there is little point trying random other certificates - they WON'T WORK. That's the whole point of certificates in the first place, to verify the authenticity of the session. If it worked with random other certificates, there wouldn't be a whole lot of point would there. Removing the system-ca-certs line and restarting network-manager worked for me, pending finding out how to get my schools certificate. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1104476 Title: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate Status in NetworkManager: New Status in Release Notes for Ubuntu: New Status in “network-manager” package in Ubuntu: Triaged Bug description: I can connect to Eduroam in 12.10 and any other previous release, but not in 13.04. I checked, my name and password are correct, all settings are the same as in 12.10. Network properties: security: WPA - WPA2 enterprise authentication: protected EAP (PEAP) CA certificate: none PEAP version: automatic inner autentication: MSCHAPv2 username: (required) password: (required) ProblemType: Bug DistroRelease: Ubuntu 13.04 Package: network-manager 0.9.6.0+git201301021750.e78c3e8-0ubuntu3 ProcVersionSignature: Ubuntu 3.8.0-1.5-generic 3.8.0-rc4 Uname: Linux 3.8.0-1-generic i686 ApportVersion: 2.8-0ubuntu2 Architecture: i386 CasperVersion: 1.330 Date: Thu Jan 24 21:32:25 2013 IfupdownConfig: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback IpRoute: default via 192.168.43.1 dev wlan0 proto static 169.254.0.0/16 dev wlan0 scope link metric 1000 192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.149 metric 9 LiveMediaBuild: Ubuntu 13.04 Raring Ringtail - Alpha i386 (20130123) MarkForUpload: True NetworkManager.state: [main] NetworkingEnabled=true WirelessEnabled=true WWANEnabled=true WimaxEnabled=true ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR=set LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-con: NAME UUID TYPE TIMESTAMPTIMESTAMP-REAL AUTOCONNECT READONLY DBUS-PATH AndroidAP 978da457-563b-4c59-a894-45eb0f74fcb7 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTCyes no /org/freedesktop/NetworkManager/Settings/2 Wired connection 16703fabc-9519-49bd-a4af-45fbfb7d660e 802-3-ethernet1359062570 Thu 24 Jan 2013 09:22:50 PM UTCyes no /org/freedesktop/NetworkManager/Settings/1 eduroam 00f69a95-4a1b-436c-b462-a284f45fbaa1 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTCyes no /org/freedesktop/NetworkManager/Settings/0 nmcli-dev: DEVICE TYPE STATE DBUS-PATH wlan0 802-11-wireless connected /org/freedesktop/NetworkManager/Devices/1 eth0 802-3-ethernetunavailable /org/freedesktop/NetworkManager/Devices/0 nmcli-nm: RUNNING VERSIONSTATE NET-ENABLED WIFI-HARDWARE WIFI WWAN-HARDWARE WWAN running 0.9.7.0connected enabled enabled enabledenabled disabled To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/1104476/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp