http://bugzilla.suse.com/show_bug.cgi?id=987897 Bug ID: 987897 Summary: nm_applet can't configure TTLS+MSCHAPv2 authentication Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME Assignee: bnc-team-gnome@forge.provo.novell.com Reporter: martin.wilck@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I can't connect to the "Novell" WLAN in the Nürnberg office with nm_applet using the settings "Authentication: Tunneled TLS" and "Inner Authentication: MSCHAPV2". I analyzed this using manual configuration and found the following behaviour of the Wifi access point: eap=TTLS, phase2="autheap=MSCHAPV2": NO eap=TTLS, phase2="auth=MSCHAPV2": YES eap=PEAP, phase2="auth=MSCHAPV2": YES In other words "the autheap" phase2 protocol was causing the trouble. Thus one workaround is to use PEAP. If using TTLS, the following workaround is possible using nmcli: nmcli con modify Novell 802-1x.phase2-auth mschapv2 nmcli con modify Novell 802-1x.phase2-autheap "" systemctl restart NetworkManager # (not sure why this is necessary) Now the connection can be started. This configuration can't be applied using nm_applet. The user can ony select TTLS + MSCHAPV2 in the applet, and if he does so, the applet will set "phase2-autheap", not "phase2-auth". In general, nm_applet always sets "phase2-autheap" if possible: /* If the outer EAP method (TLS, TTLS, PEAP, etc) allows inner/phase2 * EAP methods (which only TTLS allows) *and* the inner/phase2 method * supports being an inner EAP method, then set PHASE2_AUTHEAP. */ See https://github.com/GNOME/network-manager-applet/commit/2294732eb608fad0ad65e... This behavior of nm_applet seems to be wrong, as wpa_supplicant, NetworkManager itself, and nmcli all support "auth=MSCHAPV2" as inner method for TTLS. -- You are receiving this mail because: You are on the CC list for the bug.