[opensuse-factory] Cannot connect to wifi (WPA enterprise, TTLS, PAP)
Hi all! ever since the Tumbleweed 20150503 update that I'm unable to connect to my University wireless network. It keeps prompting me for the password. Different combinations: TTLS/PAP, TTLS/MSCHAP, PEAP/MSCHAP also do not work (worked before). The 20150503 announcement mentions the following: ==== wpa_supplicant ==== Subpackages: wpa_supplicant-gui - 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch Fix CVE-2015-1863, memcpy overflow. - wpa_supplicant-alloc_size.patch: annotate two wrappers with attribute alloc_size, which may help warning us of bugs such as the above. I have update also to the 20150505 release but the problem remains. The announcement does not mention anything related to wpa. At the same time the IT department did replace some network equipment but my android phone, Windows install and Fedora livecd that I had laying around still connect to the network as usual. Tried connecting through wicked, configured through yast, but it does not connect as well. dmesg output shows: [ 1283.284035] cfg80211: Calling CRDA to update world regulatory domain [ 1289.261529] wlp3s0: authenticate with 00:1d:45:d3:1a:70 [ 1289.263255] wlp3s0: send auth to 00:1d:45:d3:1a:70 (try 1/3) [ 1289.265465] wlp3s0: authenticated [ 1289.267450] wlp3s0: associate with 00:1d:45:d3:1a:70 (try 1/3) [ 1289.271183] wlp3s0: RX AssocResp from 00:1d:45:d3:1a:70 (capab=0x431 status=0 aid=58) [ 1289.273398] wlp3s0: associated [ 1289.273540] cfg80211: Calling CRDA to update world regulatory domain [ 1289.306986] wlp3s0: Limiting TX power to 17 dBm as advertised by 00:1d:45:d3:1a:70 [ 1314.274841] wlp3s0: deauthenticating from 00:1d:45:d3:1a:70 by local choice (Reason: 3=DEAUTH_LEAVING) spa_supplicant.log shows: wlp3s0: SME: Trying to authenticate with 00:1d:45:d3:1a:70 (SSID='eduroam' freq=2462 MHz) wlp3s0: Trying to associate with 00:1d:45:d3:1a:70 (SSID='eduroam' freq=2462 MHz) wlp3s0: Associated with 00:1d:45:d3:1a:70 wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root' hash=687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2 wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root' hash=687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2 wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware' hash=cd1ee37f0f4ac1aa3f6759f3cad998d1c581f7c1e039ba891c8244ef9e3ad9ce wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=NL/O=TERENA/CN=TERENA SSL CA' hash=5c428b013b2e3f0d30abb5bebd92d066dc06dc223329eb0fc735609946cf8e1c wlp3s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=PT/postalCode=4704-553 Braga/ST=Braga/L=Braga/street=Largo do Pa\xC3\xA7o/O=Universidade do Minho/OU=SCOM/CN=eduroam.uminho.pt' hash=f5284cf9b66a2fd98ece64d06a394e433d978a53be7b51fc4f7e469a331bc055 wlp3s0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:eduroam.uminho.pt wlp3s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully nl80211: Unexpected encryption algorithm 5 wlp3s0: CTRL-EVENT-DISCONNECTED bssid=00:1d:45:d3:1a:70 reason=3 locally_generated=1 This discussion seems to be about the same problem: http://lists.shmoo.com/pipermail/hostap/2015-April/032685.html And this probably as well: https://bugs.gentoo.org/show_bug.cgi?id=548064 Going back to openSUSE 13.2 wpa_supplicant 2.2 package makes it work again. So, what to do now? thanks, Carlos Bessa -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
to., 07.05.2015 kl. 13.10 +0100, skrev Carlos Bessa:
Hi all! ever since the Tumbleweed 20150503 update that I'm unable to connect to my University wireless network. It keeps prompting me for the password. Different combinations: TTLS/PAP, TTLS/MSCHAP, PEAP/MSCHAP also do not work (worked before).
snip
Tried connecting through wicked, configured through yast, but it does not connect as well.
snip
Going back to openSUSE 13.2 wpa_supplicant 2.2 package makes it work again. So, what to do now?
thanks, Carlos Bessa
Could you try with the package from devel-repo? It's already checked in to Factory, but not yet released into Tumbleweed repos. (I added some patches from upstream that solved my connection issues, might help you out too) https://build.opensuse.org/package/show/hardware/wpa_supplicant //Bjørn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I installed that package but it didn't solve it unfortunately. I've read more carefully the gentoo bugzilla entry and it's suggested to build wpa_supplicant with the internal crypto implementation (USE="-ssl"). Are you able to generate a new package using that option so that I can test it? thanks, Carlos On Thursday, May 07, 2015 02:25:02 PM Bjørn Lie wrote:
to., 07.05.2015 kl. 13.10 +0100, skrev Carlos Bessa:
Hi all! ever since the Tumbleweed 20150503 update that I'm unable to connect to my University wireless network. It keeps prompting me for the password. Different combinations: TTLS/PAP, TTLS/MSCHAP, PEAP/MSCHAP also do not work (worked before).
snip
Tried connecting through wicked, configured through yast, but it does not connect as well.
snip
Going back to openSUSE 13.2 wpa_supplicant 2.2 package makes it work again. So, what to do now?
thanks, Carlos Bessa
Could you try with the package from devel-repo? It's already checked in to Factory, but not yet released into Tumbleweed repos. (I added some patches from upstream that solved my connection issues, might help you out too)
https://build.opensuse.org/package/show/hardware/wpa_supplicant
//Bjørn
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, May 08, 2015 at 02:19:16PM +0100, Carlos Bessa wrote:
I installed that package but it didn't solve it unfortunately. I've read more carefully the gentoo bugzilla entry and it's suggested to build wpa_supplicant with the internal crypto implementation (USE="-ssl"). Are you able to generate a new package using that option so that I can test it?
I doubt that this is the problem. On my factory laptop WPA/EAP works (over NetworkManager). Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 09.05.2015 um 12:47 schrieb Marcus Meissner:
On Fri, May 08, 2015 at 02:19:16PM +0100, Carlos Bessa wrote:
I installed that package but it didn't solve it unfortunately. I've read more carefully the gentoo bugzilla entry and it's suggested to build wpa_supplicant with the internal crypto implementation (USE="-ssl"). Are you able to generate a new package using that option so that I can test it?
I doubt that this is the problem.
On my factory laptop WPA/EAP works (over NetworkManager).
Since today, I'm able to reproduce the issue on my factory laptop. The last relevant changes in Factory (IMO) were quite some time ago, so I guess that some change in the configuration of the Network has occured. (New certificates? Whatever. Crypto sucks! :-) Yesterday everything worked fine (machine had booted May 26 08:20:27), today it fails. Reboot this morning did not help. This is the log of a successful connection with 13.2 wpa_supplicant-2.2: air: CTRL-EVENT-SCAN-STARTED air: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX (SSID='XXXXXXXXXXXX' freq=5300 MHz) air: Trying to associate with XX:XX:XX:XX:XX:XX (SSID='XXXXXXXXXXXX' freq=5300 MHz) air: Associated with XX:XX:XX:XX:XX:XX air: CTRL-EVENT-EAP-STARTED EAP authentication started air: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 air: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected air: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/XXXXXXXXXX' air: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/O=XXXXXX/OU=XXXXXXX/CN=emea-XXXXXXXXXXXXXXXXXXX' EAP-MSCHAPV2: Authentication succeeded EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed air: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully air: WPA: Key negotiation completed with XX:XX:XX:XX:XX:XX [PTK=CCMP GTK=CCMP] air: CTRL-EVENT-CONNECTED - Connection to XX:XX:XX:XX:XX:XX completed [id=0 id_str=] air: CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-56 noise=9999 txrate=13500 This is the log of an unsuccessful connection with factory wpa_supplicant-2.4-4.1.x86_64 air: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX (SSID='XXXXXXXXXXXX' freq=5300 MHz) air: Trying to associate with XX:XX:XX:XX:XX:XX (SSID='XXXXXXXXXXXX' freq=5300 MHz) air: Associated with XX:XX:XX:XX:XX:XX air: CTRL-EVENT-EAP-STARTED EAP authentication started air: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 air: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed air: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully nl80211: Unexpected encryption algorithm 5 air: CTRL-EVENT-DISCONNECTED bssid=XX:XX:XX:XX:XX:XX reason=3 locally_generated=1 air: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX (SSID='XXXXXXXXXXXX' freq=2462 MHz) air: Trying to associate with XX:XX:XX:XX:XX:XX (SSID='XXXXXXXXXXXX' freq=2462 MHz) air: Associated with XX:XX:XX:XX:XX:XX air: CTRL-EVENT-EAP-STARTED EAP authentication started air: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 air: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected air: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/CN=XXXXXXX' hash=322348d894109ae76d35aeea09ae9e35eb7ef1b82aeb5af2f76217ff26dbac89 air: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/CN=XXXXXXX' hash=322348d894109ae76d35aeea09ae9e35eb7ef1b82aeb5af2f76217ff26dbac89 air: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=DE/O=XXXXXX/OU=XXXXXXX/CN=emea-XXXXXXXXXXXXXXXXXXX' hash=7c05c573f9ba399738da5066dfe4cfefd36437382e4c576725b2e51ee9d15809 air: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:emea-XXXXXXXXXXXXXXXXXXX air: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:emea-XXXXXXXXXXXXXXXXXXXXXXXX EAP-MSCHAPV2: Authentication succeeded EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed air: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully nl80211: Unexpected encryption algorithm 5 air: CTRL-EVENT-DISCONNECTED bssid=XX:XX:XX:XX:XX:XX reason=3 locally_generated=1 This is at a customers site, so I have to hide some details. I'm now trying to build a package not using openssl and check if that really helps. Best regards, Stefan -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 28.05.2015 um 14:39 schrieb Stefan Seyfried:
I'm now trying to build a package not using openssl and check if that really helps.
It helps. You can get the package from home:seife:testing obs repo (beware of the other stuff in that repo, though :-) Best regards -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Just tried it and it definitely works. thanks! Carlos On Thursday, May 28, 2015 03:13:23 PM Stefan Seyfried wrote:
Am 28.05.2015 um 14:39 schrieb Stefan Seyfried:
I'm now trying to build a package not using openssl and check if that really helps. It helps. You can get the package from home:seife:testing obs repo (beware of the other stuff in that repo, though :-)
Best regards
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Bjørn Lie -
Carlos Bessa -
Marcus Meissner -
Stefan Seyfried