Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
WPA2-Enterprise on MacBook Pro
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eNca
n00b
n00b


Joined: 16 Jan 2017
Posts: 17
Location: Czech Republic

PostPosted: Mon Jan 16, 2017 9:03 am    Post subject: WPA2-Enterprise on MacBook Pro Reply with quote

Hi,
I have gentoo on MacBook Pro installed. I'm using wl kernel driver (installed from net-wireless/broadcom-sta package).
It works well on my home network with WPA2-Personal and on few other networks but I'm not able to connect at work to the WPA2-Enterprise network.

Everytime when I try to connect via wpa_supplicant then these lines appears in /var/log/messages:

Code:

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830212] WARNING: CPU: 5 PID: 7262 at net/wireless/sme.c:850 cfg80211_roamed+0x86/0xa0 [cfg80211]()
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830214] Modules linked in: wl(POE) hidp ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc dm_thin_pool dm_persistent_data dm_bio_prison cfg80211 cmac ecb bnep iTCO_wdt iTCO_vendor_support snd_hda_codec_cirrus snd_hda_codec_generic snd_hda_codec_hdmi x86_pkg_temp_thermal coretemp snd_usb_audio snd_hda_intel snd_hda_codec snd_usbmidi_lib btusb snd_hwdep kvm_intel kvm btrtl btbcm btintel bluetooth snd_rawmidi snd_hda_core irqbypass snd_seq_device crc32c_intel cryptd snd_pcm rfkill lpc_ich pcspkr snd_timer i2c_i801 mfd_core firewire_ohci xts gf128mul cbc sha256_generic iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi vmxnet3 virtio_net virtio_ring virtio tg3 libphy sky2 r8169 pcnet32 mii igb ptp pps_core dca e1000 bnx2 atl1c fuse xfs nfs lockd grace sunrpc fscache jfs reiserfs btrfs ext4 jbd2 ext2 mbcache linear raid10 raid1 raid0 dm
Jan 16 09:45:30 vvotipka-gentoo kernel: raid raid456 async_raid6_recov async_memcpy libcrc32c async_pq async_xor xor async_tx raid6_pq dm_snapshot dm_bufio dm_crypt dm_mirror dm_region_hash dm_log dm_mod firewire_core crc_itu_t sl811_hcd usb_storage aic94xx libsas lpfc qla2xxx megaraid_sas megaraid_mbox megaraid_mm aacraid sx8 hpsa cciss 3w_9xxx 3w_xxxx 3w_sas mptsas scsi_transport_sas mptfc scsi_transport_fc mptspi mptscsih mptbase imm parport sym53c8xx initio arcmsr aic7xxx aic79xx scsi_transport_spi sr_mod cdrom sg sd_mod pdc_adma sata_inic162x sata_mv ata_piix ahci libahci sata_qstor sata_vsc sata_uli sata_sis sata_sx4 sata_nv sata_via sata_svw sata_sil24 sata_sil sata_promise pata_via pata_jmicron pata_marvell pata_sis pata_netcell pata_pdc202xx_old pata_atiixp pata_amd pata_ali pata_it8213 pata_pcmcia pata_serverworks pata_oldpiix pata_artop pata_it821x pata_hpt3x2n pata_hpt3x3 pata_hpt37x pata_hpt366 pata_cmd64x pata_sil680 pata_pdc2027x
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830326] CPU: 5 PID: 7262 Comm: wl_event_handle Tainted: P        W  OE   4.4.39-gentoomac #1
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830328] Hardware name: Apple Inc. MacBookPro11,2/Mac-3CBD00234E554E41, BIOS MBP112.88Z.0138.B18.1610201654 10/20/2016
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830330]  0000000000000000 ffff880271823dd0 ffffffff8129e292 0000000000000000
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830333]  ffffffffa0efa11b ffff880271823e08 ffffffff810592e6 ffff880077803000
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830335]  ffff880273f794c0 000000000000008a ffff8801f07277c0 ffff880076059b08
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830337] Call Trace:
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830344]  [<ffffffff8129e292>] dump_stack+0x67/0x95
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830351]  [<ffffffff810592e6>] warn_slowpath_common+0x86/0xc0
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830356]  [<ffffffff810593da>] warn_slowpath_null+0x1a/0x20
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830377]  [<ffffffffa0ed9ee6>] cfg80211_roamed+0x86/0xa0 [cfg80211]
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830416]  [<ffffffffa10be3e5>] wl_pcie_bar1+0x3875/0x5910 [wl]
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830444]  [<ffffffffa10bad10>] wl_pcie_bar1+0x1a0/0x5910 [wl]
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830474]  [<ffffffffa10bacb0>] ? wl_pcie_bar1+0x140/0x5910 [wl]
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830477]  [<ffffffff810752c9>] kthread+0xc9/0xe0
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830480]  [<ffffffff81075200>] ? kthread_create_on_node+0x170/0x170
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830484]  [<ffffffff817666bf>] ret_from_fork+0x3f/0x70
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830487]  [<ffffffff81075200>] ? kthread_create_on_node+0x170/0x170
Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830488] ---[ end trace 998ad7115e9c4a64 ]---


My wpa_supplicant.conf file looks like this:
Code:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
update_config=1

network={
   ssid="home"
   psk="some_secret_pass"
   proto=RSN
   key_mgmt=WPA-PSK
   pairwise=CCMP
   auth_alg=OPEN
}

network={
   ssid="WORK"
   proto=RSN
   key_mgmt=WPA-EAP
   pairwise=CCMP
   auth_alg=OPEN
   eap=MD5
   identity="correct_identity"
   password="correct_password"
}

Home network works well, work network doesn't. Fields ssid, psk, identity and password was changed in the listing above.

Where is to correct place to report this problem? Is it gentoo bugzilla or broadcom suppoort? Unfortunatelly the home page from ebuild (http://www.broadcom.com/support/802.11/) returns 404 error.

Some info about my computer and configuration:

Code:

# lspci -s 2:0 -nn -k
02:00.0 Network controller [0280]: Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter [14e4:43a0] (rev 03)
   Subsystem: Apple Inc. BCM4360 802.11ac Wireless Network Adapter [106b:0134]
   Kernel driver in use: wl
   Kernel modules: wl

Code:

# equery l broadcom-sta
 * Searching for broadcom-sta ...
[IP-] [  ] net-wireless/broadcom-sta-6.30.223.271-r4:0

Code:

# zgrep 'CONFIG_\(PACKET\|IPW2100\|MAC80211\|BRCMFMAC\|SSB\|BCMA\|B43\)' /proc/config.gz
CONFIG_PACKET=y
CONFIG_PACKET_DIAG=m
# CONFIG_MAC80211 is not set
CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
# CONFIG_BRCMFMAC is not set
CONFIG_IPW2100=m
# CONFIG_IPW2100_MONITOR is not set
# CONFIG_IPW2100_DEBUG is not set
CONFIG_SSB_POSSIBLE=y
# CONFIG_SSB is not set
CONFIG_BCMA_POSSIBLE=y
# CONFIG_BCMA is not set
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 2583

PostPosted: Mon Jan 16, 2017 9:23 am    Post subject: Reply with quote

Have you checked the Known problems & limitations section?
Back to top
View user's profile Send private message
eNca
n00b
n00b


Joined: 16 Jan 2017
Posts: 17
Location: Czech Republic

PostPosted: Mon Jan 16, 2017 10:01 am    Post subject: Reply with quote

charles17 wrote:
Have you checked the Known problems & limitations section?

Yes, I have.
If I understand this page well then it tells that my wireless network adapter [14e4:43a0] is not supported by b43 driver and there is an alternative driver called wl.
That's the reason why I have B43 disabled in kernel and I'm using wl driver installed via broadcom-sta package.

My post is about problems with wl driver not with b43.

Anyway thanks for reply.
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 2583

PostPosted: Mon Jan 16, 2017 10:28 am    Post subject: Reply with quote

Looks like your problem were in wpa_supplicant. Could you try running wpa_supplicant in debug mode?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Jan 16, 2017 1:30 pm    Post subject: Reply with quote

charles17 wrote:
Looks like your problem were in wpa_supplicant. Could you try running wpa_supplicant in debug mode?

charles17 ... well, no, there is definitely a bug in cgf80211, wpa_supplicant is perhaps the trigger, but not the cause.

@eNca ... please try with another kernel (what version is the above?) and see if the same happens. As for wpa_supplicant.conf you will need TLS.

Code:
network={
   ssid="WORK"
   scan_ssid=1
   key_mgmt=WPA-EAP
   eap=TTLS
   phase2="auth=MD5"
   identity="correct_identity@domain.tld"
   anonymous_identity="anonymous@domain.tld"
   password="correct_password"
   ca_cert="/path/to/cert/cert.pem"
}

HTH & best ... khay
Back to top
View user's profile Send private message
eNca
n00b
n00b


Joined: 16 Jan 2017
Posts: 17
Location: Czech Republic

PostPosted: Mon Jan 16, 2017 4:44 pm    Post subject: Reply with quote

charles17 wrote:
Looks like your problem were in wpa_supplicant. Could you try running wpa_supplicant in debug mode?


I had run wpa_supplicant in debug mode and according to this part of log file it seems that an DEAUTH event is received right after successful authentication.
Code:

   ...cut...
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
wlp2s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
nl80211: Event message available
nl80211: Drv Event 48 (NL80211_CMD_DISCONNECT) received for wlp2s0
nl80211: Disconnect event
wlp2s0: Event DEAUTH (12) received
wlp2s0: Deauthentication notification
wlp2s0:  * reason 0
Deauthentication frame IE(s) - hexdump(len=0): [NULL]
wlp2s0: CTRL-EVENT-DISCONNECTED bssid=04:bd:88:58:70:b1 reason=0
wlp2s0: Auto connect enabled: try to reconnect (wps=0/0 wpa_state=6)
wlp2s0: Setting scan request: 0.100000 sec
   ...cut...
Back to top
View user's profile Send private message
eNca
n00b
n00b


Joined: 16 Jan 2017
Posts: 17
Location: Czech Republic

PostPosted: Mon Jan 16, 2017 5:57 pm    Post subject: Reply with quote

khayyam wrote:

@eNca ... please try with another kernel (what version is the above?) and see if the same happens. As for wpa_supplicant.conf you will need TLS.

I'm running on linux kernel 4.4.39 (sys-kernel/gentoo-sources). I have tried 4.4.26 with the same result.

Quote:

Code:
network={
   ssid="WORK"
   scan_ssid=1
   key_mgmt=WPA-EAP
   eap=TTLS
   phase2="auth=MD5"
   identity="correct_identity@domain.tld"
   anonymous_identity="anonymous@domain.tld"
   password="correct_password"
   ca_cert="/path/to/cert/cert.pem"
}


I have no "cert.pem". I don't need it when I'm using the same wifi network from MacOS.
Is it really required for linux if it is not required for MacOS?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Jan 16, 2017 6:44 pm    Post subject: Reply with quote

eNca wrote:
khayyam wrote:
@eNca ... please try with another kernel (what version is the above?) and see if the same happens.

I'm running on linux kernel 4.4.39 (sys-kernel/gentoo-sources). I have tried 4.4.26 with the same result.

eNca ... in which case try with 4.8.17, or 4.9.4, if its reproducable with these then it means its not yet fixed (or backported), and so you would need to report it upstream.

Quote:
I have no "cert.pem". I don't need it when I'm using the same wifi network from MacOS.
Is it really required for linux if it is not required for MacOS?

All hosts will have certificates in order to do https, tls, etc. I'm not sure who the certificate authority will be for your work domain but you should find a .pem under /etc/certs ... or ask your network admin.

best ... khay
Back to top
View user's profile Send private message
eNca
n00b
n00b


Joined: 16 Jan 2017
Posts: 17
Location: Czech Republic

PostPosted: Tue Jan 17, 2017 5:30 pm    Post subject: Reply with quote

khayyam wrote:

eNca ... in which case try with 4.8.17, or 4.9.4, if its reproducable with these then it means its not yet fixed (or backported), and so you would need to report it upstream.

@khayyam ... I have tried it with 4.9.4 with the same result - deauthentication right after successul authentication.

So I will try to report this problem to wpa_supplicant mailing list.

Thanks for your help
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Jan 17, 2017 7:33 pm    Post subject: Reply with quote

eNca wrote:
@khayyam ... I have tried it with 4.9.4 with the same result - deauthentication right after successul authentication.

eNca ... "reason 0" could mean anything in this case, if your kernel is segfaulting then I wouldn't trust what wpa_supplicant is saying.

eNca wrote:
So I will try to report this problem to wpa_supplicant mailing list.

It doesn't seem to be a wpa_supplicant issue, as I said above, it might trigger the issue but it is cfg80211 that seems to be the culprit. That is why I asked if you'd tried various kernels, it means that its probably not a known bug, so really it needs reported to LKML.

eNca wrote:
Thanks for your help

You're welcome ... & best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum