Mailinglist Archive: opensuse-bugs (12986 mails)

< Previous Next >
[Bug 396347] Knetworkmanager does not connect with wpa-enterprise (WPA-EAP)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 16 Jan 2009 05:33:01 -0700 (MST)
  • Message-id: <20090116123301.0CD4B245390@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=396347

User jsnel@xxxxxxxxx added comment
https://bugzilla.novell.com/show_bug.cgi?id=396347#c39





--- Comment #39 from Joris Snellenburg <jsnel@xxxxxxxxx> 2009-01-16 05:32:58
MST ---
(In reply to comment #38)
(In reply to comment #37)
No, it's still running WPA(2) - EAP-TTLS with TKIP (AES).

I use EAP-TTLS every day and have no problems at all with KNM, NM and
wpa_supplicant.

The phase2-not-saved error is fixed in Factory already.
The only non-working EAP-method I'm aware of is EAP-TLS.

Because you said it should be working I decided to look into the NetworkManager
and wpa_supplicant logs again. It seems the problem is with the Certificate.
Even though I have configured the NetworkManager *not* to use any certificate
(it is not mandatory on our Network and NetworkManager always worked without it
before) it is still looking for a certificate, or so it seems. Is this not a
bug? I will try to fix it by installing the certificates onto my computer. On
Windows - using the SecureW2 program these certificates are automatically
downloaded from the Network, I don't suppose that's possible on openSUSE ... or
is it?

Anyways, here are the logs attached:

############### /var/log/NetworkManager #####################
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) starting
connection 'VU-Campusnet'
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 3 -> 4
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 1
of 5 (Device Prepare) scheduled...
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 1
of 5 (Device Prepare) started...
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 2
of 5 (Device Configure) scheduled...
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 1
of 5 (Device Prepare) complete.
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 2
of 5 (Device Configure) starting...
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 4 -> 5
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0/wireless):
access point 'VU-Campusnet' has security, but secrets are required.
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 5 -> 6
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 2
of 5 (Device Configure) complete.
Jan 16 13:00:40 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 1
of 5 (Device Prepare) scheduled...
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 1
of 5 (Device Prepare) started...
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 6 -> 4
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 2
of 5 (Device Configure) scheduled...
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 1
of 5 (Device Prepare) complete.
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 2
of 5 (Device Configure) starting...
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 4 -> 5
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Activation (wlan0/wireless):
connection 'VU-Campusnet' has security, and secrets exist. No new secrets
needed.
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Config: added 'ssid' value
'VU-Campusnet'
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Config: added 'scan_ssid'
value '1'
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Config: added 'key_mgmt'
value 'WPA-EAP'
Jan 16 13:00:41 linux-4de5 NetworkManager: <info> Config: added 'proto' value
'RSN'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'pairwise'
value 'TKIP CCMP'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'group' value
'TKIP CCMP'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'password'
value '<omitted>'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'eap' value
'TTLS'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added
'fragment_size' value '1300'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'phase2' value
'auth=PAP'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'identity'
value 'username@xxxxxxxxxx'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'ca_path'
value '/etc/ssl/certs'
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Activation (wlan0) Stage 2
of 5 (Device Configure) complete.
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: set interface
ap_scan to 1
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: inactive -> scanning
Jan 16 13:00:45 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: scanning -> associating
Jan 16 13:00:55 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: associating -> disconnected
Jan 16 13:00:55 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: disconnected -> scanning
Jan 16 13:00:58 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: scanning -> associating
Jan 16 13:00:58 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: associating -> associated
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> Activation (wlan0/wireless):
association took too long.
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 5 -> 6
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> Activation (wlan0/wireless):
asking for new secrets
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> (wlan0): supplicant
connection state: associated -> disconnected
Jan 16 13:01:08 linux-4de5 NetworkManager: <WARN> get_secrets_cb(): Couldn't
get connection secrets: Requested setting is empty.
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 6 -> 9
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> Activation (wlan0) failed
for access point (VU-Campusnet)
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> Marking connection
'VU-Campusnet' invalid.
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> Activation (wlan0) failed.
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> (wlan0): device state
change: 9 -> 3
Jan 16 13:01:08 linux-4de5 NetworkManager: <info> (wlan0): deactivating device
(reason: 0).
######################################################

It looks like the problem is where it says:
Jan 16 13:00:43 linux-4de5 NetworkManager: <info> Config: added 'ca_path'
value '/etc/ssl/certs'
But I have configured no certificates whatsoever (the field is blank, empty)
and apparently some default value is used.

############### OUTPUT OF: dmesg #####################
wlan0: authenticate with AP 00:12:7f:50:a2:a0
wlan0: authenticate with AP 00:12:7f:50:a2:a0
wlan0: authenticated
wlan0: associate with AP 00:12:7f:50:a2:a0
wlan0: RX AssocResp from 00:12:7f:50:a2:a0 (capab=0x411 status=0 aid=1)
wlan0: associated
wlan0: disassociating by local choice (reason=3)
######################################################


############### /var/log/wpa_supplicant.log #####################
Trying to associate with 00:12:7f:50:a2:a0 (SSID='VU-Campusnet' freq=2412 MHz)
Associated with 00:12:7f:50:a2:a0
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
TLS: Certificate verification failed, error 19 (self signed certificate in
certificate chain) depth 1 for '/C=NL/ST=NH/L=Amsterdam/O=VU/OU=IT/CN=CA-VU'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
######################################################

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >