PARTIAL SOLUTION:
Apparently I was wrong. The failure to reliably authenticate issue was
in fact a driver problem. I am now able to connect to PEAP and EAP-TTLS
networks reliably using the 2.6.24-22-386 kernel. Now I can connect
every time rather than every sixth time.
However, the EAP-TLS issue hasn't gone away. I've tested using Hardy's
wpasupplicant, network-manager, network-manager-gnome, and Hardy's
network-manager libraries. In every case, each connection attempt led to
a successful authentication on the RADIUS server, but Ubuntu failed to
connect with the same timeout message. Upgrading to the latest version
of wpasupplicant and network-manager packages hasn't helped.
Status: EAP-TLS never works. PEAP and EAP-TTLS work consistently.
Fix: Use 2.6.24 kernel from Hardy packages
So any idea what could cause EAP-TLS networks to fail when the RADIUS
server authenticates the user properly and does so promptly? What other
packages could be involved?
** Summary changed:
- Ubuntu fails to reliably associate with WPA2-Enterprise networks using either
the WG511T (AR5212) or Intel 4965AGN wireless chipsets.
+ Ubuntu fails to reliably associate with WPA2-Enterprise networks using either
the WG511T (AR5212) or Intel 4965AGN wireless chipsets with 2.6.27 kernel.
** Description changed:
Binary package hint: network-manager
1) Ubuntu 8.10 (Intrepid)
2) network-manager (0.7~~svn20081018t105859-0ubuntu1)
3) I expected to be able to use a WPA2-Enterprise network reliably and
connect within a reasonable period of time (e.g. 30 seconds).
4) It takes 5 to 6 attempts to connect using EAP-TTLS or PEAP and EAP-TLS
doesn't work at all, despite showing a successful authentication message in my
FreeRADIUS logs. In each case, it takes 4 or 5 connection attempts before my
FreeRADIUS logs show any activity. In Ubuntu 8.04, I can reliably connect on
the first try. My server logs show a successful authentication within 2-3
seconds of clicking the connect button in Ubuntu 8.04.
I have tested using my own WPA2-Enterprise wireless network using EAP-
TLS, PEAPv0/MSCHAPv2 and EAP-TTLS/MSCHAPv2 in both Ubuntu 8.04 and 8.10.
I am able to reliably and quickly connect using Ubuntu 8.04 but no setup
works reliably in Ubuntu 8.10. Under Ubuntu 8.04, within 2-3 seconds of
clicking on my network, my FreeRADIUS server logs show a successful
connection using any of the above mentioned EAP types. However, in
Ubuntu 8.10 (with the latest network-manager package), I see absolutely
no ATTEMPT to connect to my RADIUS server . Even when running the server
in debugging mode, in 5 out of 6 connection attempts, the server shows
no activity at all. With PEAP and EAP-TLS, when the server shows a
successful authentication, Ubuntu connects properly. However, even when
the server shows a successful authentication attempt with EAP-TLS,
Ubuntu still fails to connect.
WPA2-PSK, WEP, and open networks work fine in Ubuntu 8.10. In addition,
I have tested my network on Windows XP SP3 with Juniper's Odyssey Access
Client, Intel's PROSet client, and XP's included supplicant. PEAP and
EAP-TLS work in all three (XP's supplicant doesn't support EAP-TTLS).
- If this is indeed a driver issue as suggested, why is it affecting two
- different wireless chipsets, manufactured by different companies, which
- use different drivers, in precisely the same way? Both chipsets work
- with EAP-TLS, PEAP, and EAP-TTLS in 8.04. Neither work at all with EAP-
- TLS, and both work intermittently with PEAP and EAP-TTLS. I am able to
- reproduce this issue consistently on either a fresh install of 8.10
- (with or without updates) or with the Live CD (with or without updates)
- on both an old Dell Inspiron 8200 laptop with a 1.2 ghz CPU and 1 GB of
- RAM with the WG511T and on the 1 year-old HP dv9500t 2 Ghz Core 2 Duo, 2
- GB RAM laptop with the Intel 4945AGN chip. Completely different
- hardware, different wireless chipsets, both exhibiting the same behavior
- off a freshly updated install of Ubuntu 8.10.
+ PARTIAL SOLUTION: PEAP and EAP-TTLS work reliably while using the 2.6.24
+ kernel. EAP-TLS still doesn't work despite showing a successful
+ authentication on the RADIUS server.
Attempted connection to WPA2-Enterprise network using EAP-TLS
authentication in Ubuntu 8.10:
Dec 12 23:02:49 jason-laptop NetworkManager: info (ath0): device state
change: 5 - 6
Dec 12 23:02:49 jason-laptop NetworkManager: info Activation
(ath0/wireless): asking for new secrets
Dec 12 23:02:49 jason-laptop NetworkManager: info (ath0): supplicant
connection state change: 4 - 0
Dec 12 23:02:52 jason-laptop NetworkManager: WARN get_secrets_cb():
Couldn't get connection secrets: applet-device-wifi.c.1512
(get_secrets_dialog_response_cb): canceled.
Dec 12 23:02:52 jason-laptop NetworkManager: info (ath0): device state
change: 6 - 9
Dec 12 23:02:52 jason-laptop NetworkManager: info Activation (ath0) failed