View previous topic :: View next topic |
Author |
Message |
rburcham Apprentice
Joined: 20 Mar 2003 Posts: 240
|
Posted: Tue Feb 21, 2017 12:21 am Post subject: [SOLVED] wpa_supplicant-2.6-r1 and EAP/MSCHAPV2 = no joy |
|
|
Hi. I'm the guy that uses networkmanager to connect his wifi and every so often runs into trouble. You might remember me from such hits as
https://forums.gentoo.org/viewtopic-t-1048614-highlight-.html
Hardware kernel and driver have remained constant for some time,
Quote: |
# modinfo 8192cu
filename: /lib/modules/4.6.3-gentoo/kernel/drivers/net/wireless/8192cu.ko
version: v4.0.2_9000.20130911
author: Realtek Semiconductor Corp.
description: Realtek Wireless Lan Driver
license: GPL
srcversion: 70FDA6D2D4382D3AE0FCFFB
|
Quote: |
ASUSTek Computer, Inc. USB-N13 802.11n Network Adapter (rev. B1) [Realtek RTL8192CU]
|
But it's worth noting that when they have changed in the past the networkmanager behavior has also remained consistent (when dealing with a nm ver <= 1.08 it works, when it doesn't it doesn't, at least until I roll back nm).
It seems that networkmanager > 1.08 simply fails to successfully authenticate/associate to EAP with MSCHAPv2. At least I can't get it to work on the command line or via wpa_cli, wpa_gui, plasma-nm, anything. I don't experience any trouble connecting to SSIDs with WPA-PSK or no auth.
Here's what it's doing:
Code: |
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8700] device (wlan1): Activation: starting connection 'MY-SSID' (394444ce-ca05-42a1-8c48-3dd53981536b)
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8701] audit: op="connection-activate" uuid="394444ce-ca05-42a1-8c48-3dd00000000b" name="MY-SSID" pid=10815 uid=1000 result="success"
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8702] device (wlan1): state change: disconnected -> prepare (reason 'none') [30 40 0]
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8704] manager: NetworkManager state is now CONNECTING
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8711] device (wlan1): state change: prepare -> config (reason 'none') [40 50 0]
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8713] device (wlan1): Activation: (wifi) access point 'MY-SSID' has security, but secrets are required.
Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info> [1487635791.8713] device (wlan1): state change: config -> need-auth (reason 'none') [50 60 0]
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7121] device (wlan1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7127] device (wlan1): state change: prepare -> config (reason 'none') [40 50 0]
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7129] device (wlan1): Activation: (wifi) connection 'MY-SSID' has security, and secrets exist. No new secrets needed.
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7130] Config: added 'ssid' value 'MY-SSID'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7130] Config: added 'scan_ssid' value '1'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7130] Config: added 'key_mgmt' value 'WPA-EAP'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7130] Config: added 'password' value '<omitted>'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7130] Config: added 'eap' value 'PEAP'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7131] Config: added 'fragment_size' value '1266'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7131] Config: added 'phase2' value 'auth=MSCHAPV2'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7131] Config: added 'identity' value 'rburcham'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7131] Config: added 'bgscan' value 'simple:30:-65:300'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7131] Config: added 'proactive_key_caching' value '1'
Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info> [1487635797.7156] sup-iface[0x21fc0a0,wlan1]: config: set interface ap_scan to 1
Feb 20 18:09:58 roblt3 NetworkManager[10347]: <info> [1487635798.1206] device (wlan1): supplicant interface state: disconnected -> scanning
Feb 20 18:09:59 roblt3 NetworkManager[10347]: <info> [1487635799.2575] device (wlan1): supplicant interface state: scanning -> associating
Feb 20 18:09:59 roblt3 NetworkManager[10347]: <info> [1487635799.3286] device (wlan1): supplicant interface state: associating -> associated
Feb 20 18:10:01 roblt3 kernel: rtw_wx_set_mlme
Feb 20 18:10:01 roblt3 kernel: rtw_wx_set_mlme, cmd=0, reason=3
Feb 20 18:10:01 roblt3 NetworkManager[10347]: <warn> [1487635801.3586] sup-iface[0x21fc0a0,wlan1]: connection disconnected (reason -3)
Feb 20 18:10:01 roblt3 NetworkManager[10347]: <info> [1487635801.3588] device (wlan1): supplicant interface state: associated -> disconnected
Feb 20 18:10:01 roblt3 cron[3295]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
Feb 20 18:10:01 roblt3 cron[3294]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Feb 20 18:10:02 roblt3 NetworkManager[10347]: <info> [1487635802.5301] device (wlan1): supplicant interface state: disconnected -> scanning
|
There seems to be an association at 18:09:59, but then an instant disconnection 2 seconds later. Does anyone know the secret to getting nm to stick the landing with EAP/MSCHAPv2?
Last edited by rburcham on Wed Feb 22, 2017 4:05 am; edited 1 time in total |
|
Back to top |
|
|
turtles Veteran
Joined: 31 Dec 2004 Posts: 1653
|
Posted: Tue Feb 21, 2017 6:05 pm Post subject: |
|
|
I had a similar issue this AM after deep world update even wired ethernet did not work. I recompiled my kernel and that took care of it.
Hope that helps _________________ Donate to Gentoo |
|
Back to top |
|
|
rburcham Apprentice
Joined: 20 Mar 2003 Posts: 240
|
Posted: Tue Feb 21, 2017 6:38 pm Post subject: |
|
|
Hmm, see for me it's just EAP/MSCHAPv2. Other wireless auth is working.
Did you use same kernel ver or new one? |
|
Back to top |
|
|
rburcham Apprentice
Joined: 20 Mar 2003 Posts: 240
|
Posted: Wed Feb 22, 2017 4:04 am Post subject: [SOLVED] networkmanager-1.4.4-r1 and EAP/MSCHAPV2 = no joy |
|
|
Turns out it's wpa_supplicant-2.6 and 2.6-r1. They both fail to authenticate with EAP/MSCHAPV2.
Of course earlier version of wpa_supplicant have been removed from portage, but on a hunch I went to the effort of recovering wpa_supplicant-2.5-r1 ebuild and files from here:
https://gitweb.gentoo.org/repo/gentoo.git/tree/net-wireless/wpa_supplicant?id=7304a9f3c5386be6a3e81f370b0cbe5cbba654ae
and put them in a portdir overlay. I then rolled back to that version and all of a sudden EAP/MSCHAPV2 works again! So I'm masking >wpa_supplicant-2.5-r1 until this gets resolved upstream.
In the meantime, how does one petition to get 2.5-r1 restored to portage proper? |
|
Back to top |
|
|
jburns Veteran
Joined: 18 Jan 2007 Posts: 1213 Location: Massachusetts USA
|
|
Back to top |
|
|
turtles Veteran
Joined: 31 Dec 2004 Posts: 1653
|
Posted: Wed Feb 22, 2017 5:08 am Post subject: |
|
|
Wow very interesting. 4.6.3-gentoo is pretty old can you update to 4.7 at least?
And post or Pastbin your emerge --info _________________ Donate to Gentoo |
|
Back to top |
|
|
rburcham Apprentice
Joined: 20 Mar 2003 Posts: 240
|
Posted: Wed Feb 22, 2017 2:35 pm Post subject: |
|
|
@jburns yes! I saw that bug last year some time when I was dealing with plasma-qt's inability to store profiles or provide password credentials to wpa_supplicant. In fact even the latest version today still cannot pass credentials if you set the config to "Always Ask." You have to store the password in the profile for it to work.
The failures as I describe them apply to both the kernel driver and the external driver. I will say though that both drivers fail to commit mac address changes to the device. Using any method, e.g. maccchanger, ip, etc. they all report success but when you examine the device again it still reports the original mac. I believe it was this bug that pointed me at disabling the mac randomization sometime last year.
@turtles Yes I have a kernel upgrade in my near future. I'm on a 2012 macbook pro retina 15 with nvidia, and I have to drive external monitors so I am using the nvidia blob, and finding healthy kernel/nvidia-drivers combos is an experiment. What's interesting is the most recent nvidia blob seems to be playing nicely with efifb again, whereas in prior versions for about the past year it would flake out with a blank screen about half the time. But that's a story for another thread. |
|
Back to top |
|
|
|