https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c Ismail Donmez changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-gnome@forge.provo. |bili@suse.com |novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c1 Li Bin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |idonmez@suse.com --- Comment #1 from Li Bin 2013-01-17 05:43:29 UTC --- Ismail, So could you attach your /var/log/wpa_supplicant.log and /var/log/NetworkManager when you met this issue? Thanks! :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c3 Ismail Donmez changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Status|ASSIGNED |NEEDINFO InfoProvider| |glin@suse.com --- Comment #3 from Ismail Donmez 2013-01-21 12:35:22 UTC --- Ok the problem is in gnome-control-center package. The patch gnome-control-center-probe-radius-server-cert.patch added by Gary Lin has two functions nma_wireless_dialog_need_cert_probe nma_wireless_dialog_probe_cert but these are not defined anywhere, hence causing an undefined symbol error while connecting to WPA Enterprise networks. Gary: Please fix the patch to add those two function definitions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c4 --- Comment #4 from Ismail Donmez 2013-01-29 10:52:34 UTC --- Dropping this patch until its fixed, SR#150275 sent to GNOME:Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c6 Gary Ching-Pang Lin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|glin@suse.com | --- Comment #6 from Gary Ching-Pang Lin 2013-02-08 03:34:48 UTC --- One of my NetworkManager-gnome is missing. I am fixing it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c9 --- Comment #9 from Bernhard Wiedemann 2013-04-03 10:00:42 CEST --- This is an autogenerated message for OBS integration: This bug (798793) was mentioned in https://build.opensuse.org/request/show/162340 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c11 --- Comment #11 from Gary Ching-Pang Lin 2013-04-09 02:00:01 UTC --- Could you try this after stopping NetworkManager and wpa_supplicant? edit wpa_supplicant.conf (replace SSID with your AP's SSID): network={ ssid="SSID" key_mgmt=WPA-EAP identity=" " eap=TTLS PEAP TLS ca_cert="probe://" } # wpa_supplicant -c wpa_supplicant.conf -Dnl80211 -iwlan0 I guess wpa_supplicant tried to probe the radius server but failed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c13 Gary Ching-Pang Lin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |mike.catanzaro@gmail.com --- Comment #13 from Gary Ching-Pang Lin 2013-04-11 04:15:52 UTC --- Does it help if you add the username and password? network={ ssid="SSID" key_mgmt=WPA-EAP identity="your username" password="your password" eap=TTLS PEAP TLS ca_cert="probe://" } Note: The reason codes are defined in IEEE 802.11-2007 Table 7.22 if you are interested. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c15 Michael Catanzaro changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|mike.catanzaro@gmail.com | --- Comment #15 from Michael Catanzaro 2013-04-12 13:28:43 UTC --- Yeah that gets a lot farther; the certificate validation is indeed failing. I need to look into why; I can't view a lot of school websites in Epiphany or Rekonq because that InCommon certificate isn't trusted (but it is by Firefox on openSUSE, and it is by both Epiphany and Rekonq on Fedora.) - I don't know enough about where these certificates are stored to know why it works in Firefox but not the other browsers or apparently wpa_supplicant. But the school instructs us to not validate the certificate at all when connecting via WPA Enterprise -- I know that means there is zero security and I use their Wi-Fi accordingly -- so I would expect an option to not validate, or ignore the error if it fails, like there is when manually selecting a certificate to use. michael@linux-87mu:/var/log> sudo /usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -Dnl80211 -iwlan0 wlan0: SME: Trying to authenticate with 00:1b:8f:8b:eb:d0 (SSID='MST-WPA' freq=2462 MHz) wlan0: Trying to associate with 00:1b:8f:8b:eb:d0 (SSID='MST-WPA' freq=2462 MHz) wlan0: Associated with 00:1b:8f:8b:eb:d0 wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA' hash=623727ec472644a6bb70d240565c24223fdb0f2f5ac698027e3012489c70e817 wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA' hash=623727ec472644a6bb70d240565c24223fdb0f2f5ac698027e3012489c70e817 wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/postalCode=65401/ST=Missouri/L=Rolla/street=104CS Building/street=Information Technology/O=University of Missouri/OU=MST/CN=radius-p02.srv.mst.edu' hash=5f5287300d118543df9128a3fdf750e4e29f17a16e36324b69e6631f7a904512 wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/postalCode=65401/ST=Missouri/L=Rolla/street=104CS Building/street=Information Technology/O=University of Missouri/OU=MST/CN=radius-p02.srv.mst.edu' err='Server certificate chain probe' SSL: SSL3 alert: write (local SSL3 detected an error):fatal:bad certificate OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed wlan0: Authentication with 00:1b:8f:8b:eb:d0 timed out. wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3 wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3 wlan0: SME: Trying to authenticate with 00:1d:71:e1:ba:c0 (SSID='MST-WPA' freq=2437 MHz) wlan0: Trying to associate with 00:1d:71:e1:ba:c0 (SSID='MST-WPA' freq=2437 MHz) wlan0: Associated with 00:1d:71:e1:ba:c0 wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected wlan0: CTRL-EVENT-DISCONNECTED bssid=00:1d:71:e1:ba:c0 reason=4 wlan0: SME: Trying to authenticate with 00:1d:71:e1:c7:60 (SSID='MST-WPA' freq=2437 MHz) wlan0: Trying to associate with 00:1d:71:e1:c7:60 (SSID='MST-WPA' freq=2437 MHz) wlan0: CTRL-EVENT-ASSOC-REJECT bssid=00:1d:71:e1:c7:60 status_code=17 wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c17 Gary Ching-Pang Lin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |mike.catanzaro@gmail.com --- Comment #17 from Gary Ching-Pang Lin 2013-04-25 04:16:33 UTC --- Michael, Could you try the rpms in my branch[*]? I add the fix to NetworkManager and NetworkManager-gnome and would like to know if it works for you. [*] http://download.opensuse.org/repositories/home:/gary_lin:/NetworkManager-cer... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c19 --- Comment #19 from Gary Ching-Pang Lin 2013-04-25 06:52:56 UTC --- The message from gnome-control-center might help. Open a terminal, execute gnome-control-center -> network, try to connect to the AP, and observe if any message shows on the terminal after clicking "Connect". BTW, I forgot to mention that all the packages in the repo have to be installed, except the devel or debug packages (lang packages can be ignored), and it would better to reboot the system after installing the test packages. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c21 --- Comment #21 from Gary Ching-Pang Lin 2013-04-26 02:56:32 UTC --- (In reply to comment #20)

Gary, I'm sorry, I thought that's exactly what I had done, but perhaps I missed something. At any rate, after playing with my packages a bit more, it's working perfectly: I got the dialog for accepting the server hash, which I'd never seen before, and was able to connect fine. And on the Wireless Security tab, I see the server hash in the Subject line. Thanks a bunch for the fix - I'd love to see it in an update for 12.2 and 12.3.

Good! I'll push the fix.

A quick question about how this works - does checking the server hash guarantee security so long as the very first time I connect to the network, I happen to be connecting to the correct server (and therefore am getting the correct hash)? i.e. nobody can intercept my communications unless they are doing so when I am adding the network for the first time? The server hash is the fingerprint of the radius server, and we can use it verify the server to avoid connecting to a fake radius server. Since the communication will be encrypted by the key exchanged between the client and the server, your communication shall be safe if the radius server is genuine.

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c23 Will Stephenson changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |wstephenson@suse.com Resolution|FIXED | --- Comment #23 from Will Stephenson 2013-05-10 14:06:04 UTC --- @Gary the code calling nma_wireless_dialog_probe_cert is AFAICS only in gnome-control-center panels/network-dialogs.c, not in NM-gnome itself, so is this bug still valid for any use of nm-applet outside gnome-shell (eg XFCE, LXDE?)? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=798793 https://bugzilla.novell.com/show_bug.cgi?id=798793#c24 Gary Ching-Pang Lin changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED InfoProvider|glin@suse.com | --- Comment #24 from Gary Ching-Pang Lin 2013-05-10 14:17:13 UTC --- I believe it affected gnome-control-center. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.