Ath9k and WPA2-Enterprise

[p3d4N71c]

Hello,
currently I am at a university and I have a card that uses the ath9k driver. The card authenticates easily with WPA2-Personal, but with WPA2-Enterprise, the system will connect and give me an I.P. address, but shortly afterwards (20-30 seconds) I cannot access any resources on the WiFi. Lucky, they have a guest network that has minimal security on it that I can use for right now, but for classes, I am going to be needing the access to the secured network. When I do try to connect my TX excessive retry count slowly climbs and so does Invalid Misc. I have tried the directions listed here https://wiki.archlinux.org/index.php/Wi ... _times_out. But still, I am not able to connect. Eventually, after a week or so, I've contacted the I.T. department for help and they seem to believe that there is something wrong with the driver, and I agree since I've tested the card on a windows box as well and it worked flawlessly. I've double, and triple checked my settings.... But I wanted to cover all of my bases before I start contacting the developers looking for guidance on trying to support this wonderful piece of technology. If it helps at all, I am running an TP-Link TL-WDN4800.

Does anyone have any ideas? Am I missing something?

[DONAHUE]

What form of network management are you using? wicd? networkmanager? wpa_gui? Gentoo scripts from the handook? Something else? Is the driver for wpa_supplicant wext or nl80211 or something else?

Code: Select all

emerge wgetpaste
dmesg | wgetpaste
wgetpaste ifconfig

post the url's returned. before pasting the dmesg try connecting with wpa_enterprise and with wpa_personal.

[p3d4N71c]

I am currently using networkmanager and the kde-misc/networkmanagement applet to connect to the network.

For wpa_supplicant I am using the wext driver and my setting are:

Code: Select all

###### Global Configuration ######
fast_reauth=1
ap_scan=1
ctrl_interface=/var/run/wpa_supplicant GROUP=wheel
update_config=1
eapol_version=1

###### Security Configuration ######
network={
	ca_cert="/home/*****/Downloads/GTECyberTrustGlobalRoot.der"
	priority=7
	password="Liberty-Secure"
	bssid=00:1a:1e:26:29:72
	phase1="peaplabel=1"
	eap=PEAP
	phase2="auth=MSCHAPV2"
	ssid="**********"
	key_mgmt=WPA-EAP
	identity="***********"
	scan_ssid=1
	pairwise=CCMP TKIP
	proto=WPA2
}

After I enter the command: wpa_supplicant -Dwext -c /etc/wpa_supplicant/wpa_supplicant.conf.bak -i wlan0
The following is printed the the console:

Code: Select all

Successfully initialized wpa_supplicant
wlan0: Trying to associate with 00:1a:1e:26:29:72 (SSID='Liberty-Secure' freq=5785 MHz)
ioctl[SIOCSIWFREQ]: Device or resource busy
wlan0: Association request to the driver failed
wlan0: Associated with 00:1a:1e:26:29:72
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root'
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/DC=edu/DC=liberty/CN=LUPKI01'
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=Virginia/L=Lynchburg/O=Liberty University/OU=Information Services/CN=LUACP01.university.liberty.edu'
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlan0: Authentication with 00:1a:1e:26:29:72 timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=00:1a:1e:26:29:72 reason=3 locally_generated=1
wlan0: Trying to associate with 00:1a:1e:26:29:72 (SSID='Liberty-Secure' freq=5785 MHz)
ioctl[SIOCSIWFREQ]: Device or resource busy
wlan0: Association request to the driver failed
wlan0: Associated with 00:1a:1e:26:29:72
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

Also, here is the link to the dmesg http://bpaste.net/show/128299/

[DONAHUE]

if ls /etc/init.d/net.* shows the symlinks /etc/init.d/net.eth0 /etc/init.d/net.wlan0 remove them
if rc-update show shows wpa_supplicant , dhcpcd, net.eth0, net.wlan0, or wicd in a run level remove them, if networkmanager is not in the default runlevel add it
unplug ethernet cable
reboot

Code: Select all

/etc/init.d/dhcpcd stop
/etc/init.d/NetworkManager restart

use gnome-extra/nm-applet - GNOME frontend, kde-misc/networkmanagement - KDE frontend, or nmcli to setup connection.

[p3d4N71c]

There are no symlinks in any of those files and the only run level program I have running is NetworkManager. No ethernet cable and I am using the KDE frontend to set up the connection. Sorry it took me so long to reply, I've had a lot of Calculus work lately and it can be hard to get on when I am busy.

[p3d4N71c]

NetworkManagement -- KDE Frontend is doing something odd though. It keeps asking for the shared secret to the radius servers. I haven't been asked this on windows so I am just a little confused... and if it's asking for what I think it is asking me for, well I highly doubt the school will just hand that to me.

[DONAHUE]

if you are to use a radius server as required for wpa enterprise you have to provide a key to the radius server
possible the school gave you some windows applet to use for networking that hides the key?
you might want to provide a screenshot of the nmapplet dialogs to your IT types and have them tell you what to insert in each space.

do you have a link to a set of directions provided by the school for connecting to the enterprise network? Although I have forgotten more wpa enterprise than I ever knew ...

Too much info : http://en.wikipedia.org/wiki/RADIUS

[p3d4N71c]

When I asked IT about my wireless problem they told me that I should be able to log in with just my username and password. I actually got the network-management application to work properly now. It no longer asks for the secret and it connects properly. It is still dropping the connection however. It is still only working for about twenty or thirty seconds and then it stops transmitting information.

This is all the output that I am receiving from dmesg regarding the connection:

Code: Select all

[ 7489.029385] cfg80211: Calling CRDA to update world regulatory domain
[ 7489.034965] cfg80211: World regulatory domain updated:
[ 7489.034967] cfg80211:   (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[ 7489.034968] cfg80211:   (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[ 7489.034969] cfg80211:   (2457000 KHz - 2482000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[ 7489.034971] cfg80211:   (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
[ 7489.034972] cfg80211:   (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[ 7489.034973] cfg80211:   (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
[ 7490.895791] wlan0: authenticate with 00:1a:1e:26:29:71
[ 7490.906197] wlan0: send auth to 00:1a:1e:26:29:71 (try 1/3)
[ 7490.910641] wlan0: authenticated
[ 7490.915060] wlan0: associate with 00:1a:1e:26:29:71 (try 1/3)
[ 7490.921398] wlan0: RX AssocResp from 00:1a:1e:26:29:71 (capab=0x401 status=0 aid=1)
[ 7490.921476] wlan0: associated

The card is still experiencing a high TX excessive retry and Invalid Misc count. I have tried setting nohwcrypt=1, messing with the bit rate, power, txpower, RTS threshold and Fragmentation Threshold. But none of these or combination of these seems to help with the connection. The people at the IT help desk did say that they have had issues with Atheros cards recently connecting to the network, but I have the computer that is running windows with an atheros card and it is working properly. I did however have it running Fedora earlier on and the card was experiencing the same issue, so my guess is that there is an issue with the ath9k driver. Any thoughts? I appreciate all of your help.

[p3d4N71c]

I have gone forward with emailing the ath9k-devel list and I wanted to include the link to the posting for you all to take a look at.
Perhaps it will give you more information on the topic as well. https://lists.ath9k.org/pipermail/ath9k ... 12068.html

[DONAHUE]

I use ralink chipset wifi (mostly usb, some pci, 2860, 2870, 3572, 5370 from several manufacturers costing from 10-30 dollars.

[p3d4N71c]

I think I am actually going to have to just purchase another card. I was probably going to go with this: http://www.amazon.com/TP-LINK-TL-WN8200 ... roduct_top
I am just a bit of a perfectionist on certain things and I wanted to make sure I covered all the possible bases. Do you have any cards that you recommend? If I do it I am going to grab a USB adaptor for the sole reason of not having to spend the extra money to purchase one for each device. I really appreciate all of your help, thank you.

[DONAHUE]

http://www.newegg.com/Product/Product.a ... llFullInfo writing you from one of its cousins a eub9801 with same ralink chipset

a list of most ralink chipset containing products; (if you have another chipset in mind go to the main page and run a different search)
http://wikidevi.com/wiki/Special:Ask?ti ... 5D=&eq=yes

my shopping principle has been first ralink chip, second a little known manufacturer (engenius,encore,edimax) who is unlikely to "enhance" the chipset (netgear, belkin) come to mind as enhancers. ralink is now merged with mediatek -- hopefully reliability, compatibility, linux support will not decline

[p3d4N71c]

So apprearently the issue has to do with the wireless-n roaming and how it is trying to connect with multimple AP's at one time. Do you know if there is a way to limit the roaming distance do that it is only trying to connect to one card or even just shut roaming off for wireless-n?

[Meister-Lampe]

Are there any news on this topic? I have the same hardware and apparently the same problems at our university network. I was using windows on this machine before and didn't experience this behavior. A hint on how to disable wireless at n-speed on ath9k would be great. Is there a way to talk wpa_supplicant into not using 802.11n?

[Meister-Lampe]

My problem seems to be fixed with a more recent kernel (3.12), it seems i ran into this bug: https://bugs.launchpad.net/ubuntu/+sour ... ug/1160188

[p3d4N71c]

I am sorry that I have not been keeping up with this particular thread, but someone did just email me about the problem and asked me what I did to solve the issue. I've talked to a lot of IT, not just here at the University but also at a series of hospitals north of me that are also having this issue. My understanding is it has to do with the CISCO configurations within the network and how the wireless-n is scanning multiple ap's at one time; but honestly, I do not have the hardware to play with and cannot tell you for sure. Since I do not own the network and cannot disable wireless-n, I decided to take care of it myself. This is what I did and I haven't had any issues since.

Code: Select all

# diff /usr/src/linux/drivers/net/wireless/ath/ath9k/init.c.bak /usr/src/linux/drivers/net/wireless/ath/ath9k/init.c 
59a60,63
> int ath9k_modparam_disable_11n;
> module_param_named(11n_disable, ath9k_modparam_disable_11n, int, 0444);
> MODULE_PARM_DESC(11n_disable, "disable 11n functionality");
> 
257c261,264
< 	ht_info->ht_supported = true;
---
> 	if (ath9k_modparam_disable_11n)
> 		ht_info->ht_supported = false;
> 	else
> 		ht_info->ht_supported = true;

After this, I just

Code: Select all

echo "options ath9k 11n_disable" >> /etc/modprobe.d/backports.conf

and allow the module to load up on boot. The device will now only connect with b,g,a.