[Bug 255443] New: KnetworkManager won't connect with PEAP dynamic WEP keys
https://bugzilla.novell.com/show_bug.cgi?id=255443 Summary: KnetworkManager won't connect with PEAP dynamic WEP keys Product: openSUSE 10.2 Version: Final Platform: i686 OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Mobile Devices AssignedTo: behlert@novell.com ReportedBy: strivens@bcm.edu QAContact: qa@suse.de Connecting to a specific, internal, WPA-Enterprise, PEAP authenticated network requires only user name and password as the system is configured to use dynamic WEP keys (with no root or personal certificates). There seems to be no option in the GUI to support dynamic WEP keys. Behavior, mid-way through establishing the connection KNetworkManager requests a WEP and won't connect without it (i.e. connect button greyed out) HP NX7010 laptop, OpenSuse 10.2, KDE 3.5.6 (release 41.3) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 behlert@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |behlert@novell.com AssignedTo|behlert@novell.com |jg@novell.com Priority|P5 - None |P4 - Low -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 jg@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tambet@novell.com, thoenig@novell.com ------- Comment #1 from jg@novell.com 2007-03-20 06:37 MST ------- Could you attach /var/log/NetworkManager? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 jg@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |strivens@bcm.edu -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 strivens@bcm.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|strivens@bcm.edu | ------- Comment #2 from strivens@bcm.edu 2007-03-20 13:20 MST ------- Created an attachment (id=125570) --> (https://bugzilla.novell.com/attachment.cgi?id=125570&action=view) /var/log/NetworkManager NetworkManager after clean reboot, records access to LAN via wired interface (eth0) and then access to wireless PEAP encrypted LAN (eth1) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 ------- Comment #3 from strivens@bcm.edu 2007-03-20 13:22 MST ------- see also KDE bug : http://bugs.kde.org/show_bug.cgi?id=138504 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 jg@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |strivens@bcm.edu ------- Comment #4 from jg@novell.com 2007-03-21 09:36 MST ------- The log shows that a WEP connection was configured, not a WPA one. How did you trigger the connection attempt? And are you sure the AP is using WPA-Enterprise? Isn't it rather IEEE 802.1X authentication? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 strivens@bcm.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW Info Provider|strivens@bcm.edu | ------- Comment #5 from strivens@bcm.edu 2007-03-21 11:06 MST ------- I don't know the difference between 802.1X and WPA-enterprise, I chose the latter naively thinking that as it offered the PEAP authentication that was the correct option. However when comparing it to the Intel driver for my WLAN card in Windows (this laptop is dual boot) I see that the authentication is 'open' and the option for use 802.1x extensions is checked allowing me to use the currently used LEAP authentication and also the options for PEAP. So I am now not sure what to use - am I simply attempting to use the wrong application? Knetworkmanager seems to be the obvious choice but it doesn't support the correct options. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 jg@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jg@novell.com |thoenig@novell.com ------- Comment #6 from jg@novell.com 2007-03-22 04:21 MST ------- The main difference is that you can do 802.1X authentication over interfaces that do not have driver support for WPA (can be even wired devices). PEAP can be used over 802.1X as well as over WPA. wpa_supplicant also supports the use of dynamic WEP keys with 802.1X, which is similar to what TKIP (used with WPA) does, but you don't need special driver support for it (means, drivers which only support WEP can be deployed). Authentication 'open' is fine, in 802.11 is only "open system" and "WEP shared key authentication" defined. As 802.1X auth as well as WPA are not using a WEP key for authentication, they are open systems in terms of 802.11 specification. So, from what you wrote I guess you are in fact using 802.1X auth with dynamic WEP keys. This is AFAIK not supported by knetworkmanager, but only by nm-applet (the Gnome counterpart). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 ------- Comment #7 from strivens@bcm.edu 2007-03-22 08:37 MST -------
So, from what you wrote I guess you are in fact using 802.1X auth with dynamic WEP keys.
This is what we're using... Did some testing and cam out blank: - nm-applet : no support for PEAP for open authentication only LEAP (wish I'd known as it took me hours to hand craft a Xsupplicant script) - kwlan : looks most promising but throws out errors about not being able to connect with wpa_supplicant - wpa_gui : conects again via LEAP but won't touch PEAP I don't think what we are using here is that exotic!! It kind of frustrating for me to have to shop through half a dozen applets and craft shell scripts in order for it to work - I suspect this is the sort of ammunition others would use for showing how difficult Linux is to use!! This said I will try installing a new version KWLAN and see where I get with that -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 ------- Comment #8 from strivens@bcm.edu 2007-03-22 13:44 MST ------- More testing KWLAN said it couldn't start or contact WPA_supplicant (despite that fact it was running for each of the interfaces) and so you could adjust the encryption values for individual connections. nm-applet sort of worked but was pretty flaky - one moment it would allow me to connect and the next it demanded a WEP key... It also seemed to shutdown periodically, after which it refused to connect at all. There seemed to be a lot of messages of the type 'nmi_save_network_info(): Error saving secret for wireless network 'xxx-xxx-xxxxx' in keyring: 2' this may of added to the instability (not be able to store the dynamic WEP keys?) although allegedly you can run this applet from KDE rather than Gnome. Probably the best thing to do at some point is to run NetworkManager in non daemon mode and see if that yields anything useful. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 thoenig@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|thoenig@novell.com |hschaa@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 hschaa@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443 ------- Comment #9 from strivens@bcm.edu 2007-05-04 10:22 MST ------- OK the Gnome nm-applet will connect to the PEAP nectwork with dynamic WEP keys (NetworkManager Applet 0.6.4), but only when connecting as a new network using 'create new wireless network'. However when you try to reconnect to that, now known, network it asks for a WEP key which you don't know of course. so the work around at present to connect is to choose the 'create new wireless network' option each and every time you wish to connect to the WAN with dynamic WEP and PEAP. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=255443
User hschaa@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=255443#c11
Helmut Schaa
participants (1)
-
bugzilla_noreply@novell.com