[Bug 969343] Re: Unable to connect to WPA enterprise wireless

Lars Vierbergen vierbergenlars at gmail.com
Tue Oct 9 13:33:32 UTC 2012 

The bug is not fixed on my network (KULeuven/Eduroam)
Dmesg log: (grepped for wlan0)

[   37.885705] ADDRCONF(NETDEV_UP): wlan0: link is not ready
[  103.898976] ADDRCONF(NETDEV_UP): wlan0: link is not ready
[  182.706388] wlan0: authenticate with 00:26:99:99:93:cd (try 1)
[  182.709876] wlan0: authenticated
[  182.710586] wlan0: associate with 00:26:99:99:93:cd (try 1)
[  182.718540] wlan0: RX AssocResp from 00:26:99:99:93:cd (capab=0x11 status=0 aid=8)
[  182.718549] wlan0: associated
[  182.724260] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  236.004976] wlan0: deauthenticating from 00:26:99:99:93:cd by local choice (reason=3)
[ 5155.412467] ADDRCONF(NETDEV_UP): wlan0: link is not ready
[ 5162.798052] wlan0: authenticate with 00:3a:98:c1:28:c2 (try 1)
[ 5162.800314] wlan0: authenticated
[ 5163.016468] wlan0: associate with 00:3a:98:c1:28:c2 (try 1)
[ 5163.021561] wlan0: RX AssocResp from 00:3a:98:c1:28:c2 (capab=0x411 status=0 aid=71)
[ 5163.021567] wlan0: associated
[ 5163.025957] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 5177.196392] wlan0: disassociating from 00:3a:98:c1:28:c2 by local choice (reason=3)
[ 5177.214274] wlan0: deauthenticating from 00:3a:98:c1:28:c2 by local choice (reason=3)
[ 5180.487626] wlan0: authenticate with 00:3a:98:c1:28:c2 (try 1)
[ 5180.492060] wlan0: authenticated
[ 5180.492382] wlan0: associate with 00:3a:98:c1:28:c2 (try 1)
[ 5180.497998] wlan0: RX ReassocResp from 00:3a:98:c1:28:c2 (capab=0x11 status=0 aid=71)
[ 5180.498004] wlan0: associated
[ 5182.724740] wlan0: disassociating from 00:3a:98:c1:28:c2 by local choice (reason=3)
[ 5182.749047] wlan0: deauthenticating from 00:3a:98:c1:28:c2 by local choice (reason=3)
[ 5186.024820] wlan0: authenticate with 00:26:99:99:93:c2 (try 1)
[ 5186.027693] wlan0: authenticated
[ 5186.048651] wlan0: associate with 00:26:99:99:93:c2 (try 1)
[ 5186.052456] wlan0: RX ReassocResp from 00:26:99:99:93:c2 (capab=0x411 status=0 aid=154)
[ 5186.052462] wlan0: associated
[ 5188.215355] wlan0: disassociating from 00:26:99:99:93:c2 by local choice (reason=3)
[ 5188.252204] wlan0: deauthenticating from 00:26:99:99:93:c2 by local choice (reason=3)
[ 5191.520497] wlan0: authenticate with 00:26:99:99:93:c2 (try 1)
[ 5191.525983] wlan0: authenticated
[ 5191.526382] wlan0: associate with 00:26:99:99:93:c2 (try 1)
[ 5191.533362] wlan0: RX ReassocResp from 00:26:99:99:93:c2 (capab=0x411 status=0 aid=154)
[ 5191.533368] wlan0: associated
[ 5193.732081] wlan0: disassociating from 00:26:99:99:93:c2 by local choice (reason=3)
[ 5193.750543] wlan0: deauthenticating from 00:26:99:99:93:c2 by local choice (reason=3)
[ 5197.021400] wlan0: direct probe to 00:3a:98:d5:ac:62 (try 1/3)
[ 5197.220048] wlan0: direct probe to 00:3a:98:d5:ac:62 (try 2/3)
[ 5197.420047] wlan0: direct probe to 00:3a:98:d5:ac:62 (try 3/3)
[ 5197.620040] wlan0: direct probe to 00:3a:98:d5:ac:62 timed out
[ 5205.856240] wlan0: direct probe to 00:3a:98:c1:28:cd (try 1/3)
[ 5205.857324] wlan0: direct probe responded
[ 5205.872054] wlan0: authenticate with 00:3a:98:c1:28:cd (try 1)
[ 5205.873432] wlan0: authenticated
[ 5205.873714] wlan0: associate with 00:3a:98:c1:28:cd (try 1)
[ 5205.878299] wlan0: RX ReassocResp from 00:3a:98:c1:28:cd (capab=0x11 status=0 aid=9)
[ 5205.878304] wlan0: associated
[ 5210.777866] wlan0: authenticate with 00:26:99:99:93:cd (try 1)
[ 5210.976233] wlan0: authenticate with 00:26:99:99:93:cd (try 2)
[ 5211.176246] wlan0: authenticate with 00:26:99:99:93:cd (try 3)
[ 5211.376240] wlan0: authentication with 00:26:99:99:93:cd timed out
[ 5220.181455] wlan0: authenticate with 00:3a:98:c1:28:cd (try 1)
[ 5220.380048] wlan0: authenticate with 00:3a:98:c1:28:cd (try 2)
[ 5220.580050] wlan0: authenticate with 00:3a:98:c1:28:cd (try 3)
[ 5220.780053] wlan0: authentication with 00:3a:98:c1:28:cd timed out
[ 5233.951591] wlan0: authenticate with 00:23:33:c2:6c:82 (try 1)
[ 5233.954513] wlan0: authenticated
[ 5233.955054] wlan0: associate with 00:23:33:c2:6c:82 (try 1)
[ 5233.962206] wlan0: RX ReassocResp from 00:23:33:c2:6c:82 (capab=0x411 status=0 aid=43)
[ 5233.962212] wlan0: associated
[ 5236.159708] wlan0: disassociating from 00:23:33:c2:6c:82 by local choice (reason=3)
[ 5236.179467] wlan0: deauthenticating from 00:23:33:c2:6c:82 by local choice (reason=3)
[ 5239.440699] wlan0: authenticate with 00:23:33:c2:6c:82 (try 1)
[ 5239.446619] wlan0: authenticated
[ 5239.459235] wlan0: associate with 00:23:33:c2:6c:82 (try 1)
[ 5239.463692] wlan0: RX ReassocResp from 00:23:33:c2:6c:82 (capab=0x411 status=0 aid=43)
[ 5239.463697] wlan0: associated
[ 5241.893958] wlan0: disassociating from 00:23:33:c2:6c:82 by local choice (reason=3)
[ 5241.917905] wlan0: deauthenticating from 00:23:33:c2:6c:82 by local choice (reason=3)
[ 5245.194181] wlan0: authenticate with 00:26:99:99:93:cd (try 1)
[ 5245.195798] wlan0: authenticated
[ 5245.225402] wlan0: associate with 00:26:99:99:93:cd (try 1)
[ 5245.228173] wlan0: RX ReassocResp from 00:26:99:99:93:cd (capab=0x11 status=0 aid=9)
[ 5245.228178] wlan0: associated
[ 5290.004218] wlan0: deauthenticating from 00:26:99:99:93:cd by local choice (reason=3)
[ 5328.608281] wlan0: authenticate with 00:26:99:99:93:cd (try 1)
[ 5328.610003] wlan0: authenticated
[ 5328.622919] wlan0: associate with 00:26:99:99:93:cd (try 1)
[ 5328.625590] wlan0: RX ReassocResp from 00:26:99:99:93:cd (capab=0x11 status=0 aid=9)
[ 5328.625595] wlan0: associated
[ 5364.538229] wlan0: direct probe to 00:3a:98:c1:28:cd (try 1/3)
[ 5364.736235] wlan0: direct probe to 00:3a:98:c1:28:cd (try 2/3)
[ 5364.936233] wlan0: direct probe to 00:3a:98:c1:28:cd (try 3/3)
[ 5365.136232] wlan0: direct probe to 00:3a:98:c1:28:cd timed out
[ 5373.546794] wlan0: authenticate with 00:26:99:99:93:cd (try 1)
[ 5373.549229] wlan0: authenticated
[ 5373.549605] wlan0: associate with 00:26:99:99:93:cd (try 1)
[ 5373.552780] wlan0: RX ReassocResp from 00:26:99:99:93:cd (capab=0x11 status=0 aid=9)
[ 5373.552786] wlan0: associated
[ 5385.003316] wlan0: deauthenticating from 00:26:99:99:93:cd by local choice (reason=3)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/969343

Title:
  Unable to connect to WPA enterprise wireless

Status in OEM Priority Project:
  In Progress
Status in OEM Priority Project precise series:
  Fix Committed
Status in OpenSSL cryptography and SSL/TLS toolkit:
  New
Status in Linux WPA/WPA2/IEEE 802.1X Supplicant:
  In Progress
Status in “openssl” package in Ubuntu:
  Incomplete
Status in “wpa” package in Ubuntu:
  Fix Released
Status in “wpasupplicant” package in Ubuntu:
  Invalid
Status in “openssl” source package in Precise:
  Fix Committed
Status in “wpa” source package in Precise:
  Invalid
Status in “wpasupplicant” source package in Precise:
  Fix Committed
Status in “openssl” package in Debian:
  Confirmed
Status in “openssl” package in Fedora:
  New
Status in “wpasupplicant” package in Fedora:
  Unknown

Bug description:
  [Impact]
  Breaks 802.1x (PEAP) authentication for wireless networks using specific authentication servers and/or AP hardware. Aruba network devices specifically are known to be affected; and is a popular device type used in enterprises to secure wireless networks.

  [Test Case]
  This issue is hardware specific and may or may not be limited to Aruba authentication servers.
  1) Attempt to connect / authenticate to a wireless, 802.1x network requiring Protected EAP (or possibly other auth mechanisms).
  2) (optionally) Watch SSL traffic between the station and authentication server using wireshark/tcpdump, looking for auth failures and the extensions passed.

  [Regression Potential]
  Since this changes the SSL extensions and options used to connect to 802.1x wireless networks; some networks specifically configured to request or make use of the session ticket extension could be made impossible to successfully authenticate to; up to the point where multiple connection failures could lock the accounts used in highly-restricted networks. Also, there is a potential (again, due to the change in SSL options) for other networks (using specific AP hardware) that don't support the extensions used to fail authentication.

  ---

  Using identical settings as in 11.10, I am unable to make a wpa
  enterprise connection using xubuntu precise beta 2. This is a Lenovo
  X220 with a Centrino Advanced-N 6205 wireless interface. During the
  attempted logon, I am not presented with a certificate to approve,
  although wireless instructions for OSX suggest that I should be.
  However, I never had to approve a certificate when connecting with
  11.10 -- I just ignored the certificate screen and everything worked.

  This seems like the relevant excerpt from syslog:

  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Trying to associate with 00:11:92:3e:79:80 (SSID='Northwestern' freq=2462 MHz)
  Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: scanning -> associating
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940422] wlan0: authenticated
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940974] wlan0: associate with 00:11:92:3e:79:80 (try 1)
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943165] wlan0: RX ReassocResp from 00:11:92:3e:79:80 (capab=0x431 status=0 aid=222)
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943174] wlan0: associated
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Associated with 00:11:92:3e:79:80
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-STARTED EAP authentication started
  Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: associating -> associated
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: SSL: SSL3 alert: read (remote end reported an error):fatal:bad certificate
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: OpenSSL: openssl_handshake - SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-FAILURE EAP authentication failed
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.969742] wlan0: deauthenticated from 00:11:92:3e:79:80 (Reason: 23)

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: network-manager 0.9.4.0-0ubuntu1
  ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12
  Uname: Linux 3.2.0-20-generic x86_64
  ApportVersion: 2.0-0ubuntu1
  Architecture: amd64
  Date: Fri Mar 30 10:34:13 2012
  IfupdownConfig:
   auto lo
   iface lo inet loopback
  InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=true
   WimaxEnabled=true
  ProcEnviron:
   LANGUAGE=en_US:en
   TERM=xterm
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  RfKill:
   0: phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
  SourcePackage: network-manager
  UpgradeStatus: No upgrade log present (probably fresh install)
  nmcli-con: Error: command ['nmcli', '-f', 'all', 'con'] failed with exit code 1: Error: Can't obtain connections: settings service is not running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/969343/+subscriptions

More information about the foundations-bugs mailing list