[Bug 969343] Re: Unable to connect to WPA enterprise wireless
Neo
neojia at gmail.com
Wed Sep 26 17:36:54 UTC 2012
Hi Benjamin,
I am using dell xps 13 with precise and my company is using Aruba AP,
which I am not able to connect to it through WPA2 enterprise.
And I don't see libssl1.0.0_1.0.0e-2ubuntu4 in "synaptic package
manager" anymore. So I am running libssl1.0.0_1.0.1-4ubuntu5.5.
I am using wpagui and wpasupplicant "0.7.3-6ubuntu3.gnutls1".
Please let me know if there is anything I can try to test.
Thanks,
Neo
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/969343
Title:
Unable to connect to WPA enterprise wireless
Status in OEM Priority Project:
In Progress
Status in OEM Priority Project precise series:
In Progress
Status in OpenSSL cryptography and SSL/TLS toolkit:
New
Status in Linux WPA/WPA2/IEEE 802.1X Supplicant:
In Progress
Status in “openssl” package in Ubuntu:
Incomplete
Status in “wpa” package in Ubuntu:
Fix Released
Status in “wpasupplicant” package in Ubuntu:
Invalid
Status in “openssl” source package in Precise:
Incomplete
Status in “wpa” source package in Precise:
Invalid
Status in “wpasupplicant” source package in Precise:
Triaged
Status in “openssl” package in Debian:
Confirmed
Status in “openssl” package in Fedora:
New
Status in “wpasupplicant” package in Fedora:
Unknown
Bug description:
[Impact]
Breaks 802.1x (PEAP) authentication for wireless networks using specific authentication servers and/or AP hardware. Aruba network devices specifically are known to be affected; and is a popular device type used in enterprises to secure wireless networks.
[Test Case]
This issue is hardware specific and may or may not be limited to Aruba authentication servers.
1) Attempt to connect / authenticate to a wireless, 802.1x network requiring Protected EAP (or possibly other auth mechanisms).
2) (optionally) Watch SSL traffic between the station and authentication server using wireshark/tcpdump, looking for auth failures and the extensions passed.
[Regression Potential]
Since this changes the SSL extensions and options used to connect to 802.1x wireless networks; some networks specifically configured to request or make use of the session ticket extension could be made impossible to successfully authenticate to; up to the point where multiple connection failures could lock the accounts used in highly-restricted networks. Also, there is a potential (again, due to the change in SSL options) for other networks (using specific AP hardware) that don't support the extensions used to fail authentication.
---
Using identical settings as in 11.10, I am unable to make a wpa
enterprise connection using xubuntu precise beta 2. This is a Lenovo
X220 with a Centrino Advanced-N 6205 wireless interface. During the
attempted logon, I am not presented with a certificate to approve,
although wireless instructions for OSX suggest that I should be.
However, I never had to approve a certificate when connecting with
11.10 -- I just ignored the certificate screen and everything worked.
This seems like the relevant excerpt from syslog:
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Trying to associate with 00:11:92:3e:79:80 (SSID='Northwestern' freq=2462 MHz)
Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: scanning -> associating
Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940422] wlan0: authenticated
Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940974] wlan0: associate with 00:11:92:3e:79:80 (try 1)
Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943165] wlan0: RX ReassocResp from 00:11:92:3e:79:80 (capab=0x431 status=0 aid=222)
Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943174] wlan0: associated
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Associated with 00:11:92:3e:79:80
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-STARTED EAP authentication started
Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: associating -> associated
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: SSL: SSL3 alert: read (remote end reported an error):fatal:bad certificate
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: OpenSSL: openssl_handshake - SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Mar 30 10:39:01 fin8344m2 kernel: [ 2201.969742] wlan0: deauthenticated from 00:11:92:3e:79:80 (Reason: 23)
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: network-manager 0.9.4.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12
Uname: Linux 3.2.0-20-generic x86_64
ApportVersion: 2.0-0ubuntu1
Architecture: amd64
Date: Fri Mar 30 10:34:13 2012
IfupdownConfig:
auto lo
iface lo inet loopback
InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true
WimaxEnabled=true
ProcEnviron:
LANGUAGE=en_US:en
TERM=xterm
LANG=en_US.UTF-8
SHELL=/bin/bash
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-con: Error: command ['nmcli', '-f', 'all', 'con'] failed with exit code 1: Error: Can't obtain connections: settings service is not running.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/969343/+subscriptions
More information about the foundations-bugs
mailing list