subject:"nmcli can't astablish connection to radius server with wpa eap tls"

Re: nmcli can't astablish connection to radius server with wpa eap tls

2018-03-07 Thread Beniamino Galvani

On Wed, Mar 07, 2018 at 10:28:18AM +0100, Iris Fiedler wrote:
> Hi,
> 
> I found my errror. My radius server had a wrong configuration and didn't send 
> the accepted response. So the network manager didn't received it and printed 
> an error.

Hi,

good to know!

> Thank you for your help.

You're welcome.

Beniamino
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: nmcli can't astablish connection to radius server with wpa eap tls

2018-03-07 Thread Iris Fiedler

Hi,

I found my errror. My radius server had a wrong configuration and didn't send 
the accepted response. So the network manager didn't received it and printed an 
error.

Thank you for your help.
Iris
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: nmcli can't astablish connection to radius server with wpa eap tls

2018-02-22 Thread Iris Fiedler

Hi,That EAP-TLS isn't supporting passwords maybe the case.I configure my freeradius server without passwords and set in nmcli the password-flag to 4 (no password required).I got the same error as if I had before.nmcli device connect wlan0 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. Error: Connection activation failed: (7) Secrets were required, but not providedAlthough my radius server tells me that it accepts the authentication send from nmcli.Is there something else that I'm missing?IrisAm 21.02.2018 09:24 schrieb Beniamino Galvani :On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote:

Hi,

> freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3)

> Konfigured as wpa-eap tls with identity and password.

EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS?

> radius-tls.log 

> (35)   Invalid user: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)

> (35)   Rejected in post-auth: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)

> (35)   Login incorrect: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)

> 

> As you can see the User-Password attribute is missing. Although the password in nmcli was set.

> 

> This is what nmcli is responding with:

> nmcli device connect wlan0 

> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.

> Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.

> Error: Connection activation failed: (7) Secrets were required, but not provided.

> 

> nmcli -a  device connect wlan0 

> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.

> Identity (802-1x.identity): testUser1

> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.

> Private key password (802-1x.private-key-password): 

> Passwords or encryption keys are required to access the wireless network 'Linksys02355'.

> Identity (802-1x.identity): testUser1

> 

> Even here no user password is asked!!!

> 

> I created a new user without password. Although the radius server accepted the authentication no connection was established!!!

> 

> It confused me so I checkt if a wpa eap ttls-pap would work. 

> After reconfiguration of nmcli and radius server it worked without problems.

> So I think this is only a tls problem.

Yes, EAP-TLS only uses certificates and not passwords.

Beniamino

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: nmcli can't astablish connection to radius server with wpa eap tls

2018-02-21 Thread Beniamino Galvani

On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote:
Hi,

> freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3)
> Konfigured as wpa-eap tls with identity and password.

EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS?

> radius-tls.log 
> (35)   Invalid user: [testUser1/] (from client 
> 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> (35)   Rejected in post-auth: [testUser1/] (from 
> client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> (35)   Login incorrect: [testUser1/] (from client 
> 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
> 
> As you can see the User-Password attribute is missing. Although the password 
> in nmcli was set.
> 
> This is what nmcli is responding with:
> nmcli device connect wlan0 
> Passwords or encryption keys are required to access the wireless network 
> 'Linksys02355'.
> Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli 
> cannot ask without '--ask' option.
> Error: Connection activation failed: (7) Secrets were required, but not 
> provided.
> 
> nmcli -a  device connect wlan0 
> Passwords or encryption keys are required to access the wireless network 
> 'Linksys02355'.
> Identity (802-1x.identity): testUser1
> Passwords or encryption keys are required to access the wireless network 
> 'Linksys02355'.
> Private key password (802-1x.private-key-password): 
> Passwords or encryption keys are required to access the wireless network 
> 'Linksys02355'.
> Identity (802-1x.identity): testUser1
> 
> Even here no user password is asked!!!
> 
> I created a new user without password. Although the radius server accepted 
> the authentication no connection was established!!!
> 
> It confused me so I checkt if a wpa eap ttls-pap would work. 
> After reconfiguration of nmcli and radius server it worked without problems.
> So I think this is only a tls problem.

Yes, EAP-TLS only uses certificates and not passwords.

Beniamino


signature.asc
Description: PGP signature
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

nmcli can't astablish connection to radius server with wpa eap tls

2018-02-19 Thread Iris Fiedler

Debian: 9.3 
network-manager: 1.6.2-3

cat /etc/NetworkManager/system-connections/wlan0
[connection]
id=wlan0x0
uuid=ec4bcd13-d3e1-4707-b844-9b8c3821b7ac
type=wifi
interface-name=wlan0
permissions=

[wifi]
mac-address=80:1F:02:F2:2B:53
mac-address-blacklist=
mode=infrastructure
ssid=Linksys02355

[wifi-security]
auth-alg=open
key-mgmt=wpa-eap

[802-1x]
ca-cert=/var/opt/telemotive/etc/cert/ca.pem
client-cert=/var/opt/telemotive/etc/cert/client.p12
eap=tls;
identity=testUser1
password=testUser11
private-key=/var/opt/telemotive/etc/cert/client.p12
private-key-password=testCert1

[ipv4]
dns-search=
method=auto
never-default=true

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
never-default=true


freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3)
Konfigured as wpa-eap tls with identity and password.

radius-tls.log 
(35)   Invalid user: [testUser1/] (from client 
192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
(35)   Rejected in post-auth: [testUser1/] (from 
client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)
(35)   Login incorrect: [testUser1/] (from client 
192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel)

As you can see the User-Password attribute is missing. Although the password in 
nmcli was set.

This is what nmcli is responding with:
nmcli device connect wlan0 
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli 
cannot ask without '--ask' option.
Error: Connection activation failed: (7) Secrets were required, but not 
provided.

nmcli -a  device connect wlan0 
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Identity (802-1x.identity): testUser1
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Private key password (802-1x.private-key-password): 
Passwords or encryption keys are required to access the wireless network 
'Linksys02355'.
Identity (802-1x.identity): testUser1

Even here no user password is asked!!!

I created a new user without password. Although the radius server accepted the 
authentication no connection was established!!!

It confused me so I checkt if a wpa eap ttls-pap would work. 
After reconfiguration of nmcli and radius server it worked without problems.
So I think this is only a tls problem.
___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: nmcli can't astablish connection to radius server with wpa eap tls

Re: nmcli can't astablish connection to radius server with wpa eap tls

Re: nmcli can't astablish connection to radius server with wpa eap tls

Re: nmcli can't astablish connection to radius server with wpa eap tls

nmcli can't astablish connection to radius server with wpa eap tls

5 matches

Site Navigation

Mail list logo

Footer information