Hello Mr. Trudel,
there is no client certificate. Mschapv2 requires the user to enter login credentials (username:pw). The server, however has a certificate, it's the default configuration coming with the latest (2.1.9) FreeRADIUS. Thanks, Jan Mathieu Trudel <[email protected]> hat am 17. September 2010 um 15:13 geschrieben: > How is the certificate you use made? Does in include the key inline, or > do you have two separate files? > > ** Also affects: network-manager (Ubuntu) > Importance: Undecided > Status: New > > ** Changed in: network-manager (Ubuntu) > Status: New => Incomplete > > -- > wpasupplicant peap mschapv2 dot1x re-authenticate fails > https://bugs.launchpad.net/bugs/610084 > You received this bug notification because you are a direct subscriber > of the bug. > > Status in “network-manager” package in Ubuntu: Incomplete > Status in “wpasupplicant” package in Ubuntu: New > > Bug description: > Binary package hint: wpasupplicant > > Package: wpasupplicant 0.6.9-3ubuntu3 on Ubuntu 10.04 LTS > > Intended functionality: accessing 802.1x secured wired network via > wpasupplicant by peap and mschapv2 and successful periodic reauthentication > w/a user interaction. > > What happens: user enters credentials (login/pw) and gets authenticated and > his > computer is put in the correct vlan. The switch (cisco 3560g) is configured to > re-authenticate > all 802.1x users every n seconds to propagate new vlan assignments w/a > restarting the port. > > The initial connection works and the user can access the network. > Here the part of the syslog during this initial phase (NetworkManager stuff > just FYI): > > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) starting > connection '192.168.1.101 w 802.1x' > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 3 -> > 4 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) started... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) complete. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) starting... > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 4 -> > 5 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0/wired): > connection '192.168.1.101 w 802.1x' has security, but secrets are required. > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 5 -> > 6 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) complete. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) started... > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 6 -> > 4 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) scheduled... > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 1 of 5 > (Device Prepare) complete. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) starting... > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): device state change: 4 -> > 5 (reason 0) > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0/wired): > connection '192.168.1.101 w 802.1x' requires no security. No secrets needed. > Jul 26 15:15:28 raw NetworkManager: <info> Activation (eth0) Stage 2 of 5 > (Device Configure) complete. > Jul 26 15:15:28 raw NetworkManager: <info> (eth0): supplicant interface > state: starting -> ready > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'password' value > '<omitted>' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'key_mgmt' value > 'IEEE8021X' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'eapol_flags' value > '0' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'eap' value 'PEAP' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'fragment_size' > value '1300' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'phase2' value > 'auth=MSCHAPV2' > Jul 26 15:15:28 raw NetworkManager: <info> Config: added 'identity' value > 'jan' > Jul 26 15:15:28 raw NetworkManager: <info> Config: set interface ap_scan to 1 > Jul 26 15:15:28 raw wpa_supplicant[1258]: Associated with 01:80:c2:00:00:03 > Jul 26 15:15:28 raw NetworkManager: <info> (eth0) supplicant connection > state: disconnected -> associated > Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP > authentication started > Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 > method 25 (PEAP) selected > Jul 26 15:15:29 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake - > Failed to read possible Application Data > error:00000000:lib(0):func(0):reason(0) > Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-MSCHAPV2: Authentication > succeeded > Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - > EAP-TLV/Phase2 Completed > Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-SUCCESS EAP > authentication completed successfully > Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-CONNECTED - Connection to > 01:80:c2:00:00:03 completed (auth) [id=0 id_str=] > Jul 26 15:15:33 raw NetworkManager: <info> (eth0) supplicant connection > state: associated -> completed > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0/wired) Stage 2 of > 5 (Device Configure) successful. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP > Configure Start) scheduled. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP > Configure Start) started... > Jul 26 15:15:33 raw NetworkManager: <info> (eth0): device state change: 5 -> > 7 (reason 0) > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP4 Configure Get) scheduled... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP6 Configure Get) scheduled... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 3 of 5 (IP > Configure Start) complete. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP4 Configure Get) started... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP4 Configure Get) complete. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP6 Configure Get) started... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 (IP > Configure Commit) scheduled... > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 4 of 5 > (IP6 Configure Get) complete. > Jul 26 15:15:33 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 (IP > Configure Commit) started... > Jul 26 15:15:33 raw avahi-daemon[1059]: Joining mDNS multicast group on > interface eth0.IPv4 with address 192.168.1.101. > Jul 26 15:15:33 raw avahi-daemon[1059]: New relevant interface eth0.IPv4 for > mDNS. > Jul 26 15:15:33 raw avahi-daemon[1059]: Registering new address record for > 192.168.1.101 on eth0.IPv4. > Jul 26 15:15:34 raw NetworkManager: <info> (eth0): device state change: 7 -> > 8 (reason 0) > Jul 26 15:15:34 raw NetworkManager: <info> Activation (eth0) successful, > device activated. > Jul 26 15:15:34 raw NetworkManager: <info> Activation (eth0) Stage 5 of 5 (IP > Configure Commit) complete. > Jul 26 15:15:34 raw ntpdate[12890]: can't find host ntp.ubuntu.com > Jul 26 15:15:34 raw ntpdate[12890]: no servers can be used, exiting > > Now after ten seconds the switch requests re-authentification: > > Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP > authentication started > Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 > method 25 (PEAP) selected > Jul 26 15:15:43 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake - > Failed to read possible Application Data > error:00000000:lib(0):func(0):reason(0) > Jul 26 15:15:43 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - > EAP-TLV/Phase2 Completed > > To me this looks exactly the same as before but the radius server logs: "Auth: > Login incorrect: [jan/<via Auth-Type=EAP>]..." > > On top of that the NetworkManager also does not realize that the connection is > broken. > > This setup works with M$ Windows XP sp3. What also works is TTLS+MSCHAPv1 on > the linux machine, however TTLS+MSCHAPv2 fails just as PEAP+MSCHAPv2 does > here. > > To unsubscribe from this bug, go to: > https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/610084/+subscribe -- wpasupplicant peap mschapv2 dot1x re-authenticate fails https://bugs.launchpad.net/bugs/610084 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
