Bug#848982: wpasupplicant fails to connect to WPA Enterprise network with 2.6-2
I'm suffering the very same problem than the OP with my employer's WiFi network. > If I downgrade libssl1.0.2 to 1.0.2j-1 then I can connect to the > WPA-EAP network without problem. Good catch downgrading openssl! I can confirm the WiFi connection to work up to libssl1.0.2-4 [1], so I guess the fix for #736687 is to blame for this [2]: * Mark RC4 and 3DES as weak which removes them from the SSL/TLS protocol (Closes: #736687). As a *dirty* workaround, I - re-upgraded to libssl1.0.2ll-2/stretch - renamed /sbin/wpa_supplicant and put a wrapper script in its place - which sets LD_LIBRARY_PATH to a location containing libssl.so.1.0.2 from [1] and then starts the renamed wpa_supplicant binary with the original command-line parameters. HTH, Daniel [1] http://snapshot.debian.org/package/openssl1.0/1.0.2j-4/#libssl1.0.2_1.0.2j-4 [2] https://anonscm.debian.org/viewvc/pkg-openssl/openssl/branches/openssl1.0/debian/patches/Mark-3DES-and-RC4-ciphers-as-weak.patch?revision=865=markup=log signature.asc Description: OpenPGP digital signature
Bug#848982: wpasupplicant fails to connect to WPA Enterprise network with 2.6-2
Package: wpasupplicant Version: 2:2.4-1 Followup-For: Bug #848982 If I downgrade libssl1.0.2 to 1.0.2j-1 then I can connect to the WPA-EAP network without problem. I can't find other 1.0.2j version on snapshot.debian.org so I can't test them. -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.10.0 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages wpasupplicant depends on: ii adduser 3.115 ii libc6 2.24-9 ii libdbus-1-3 1.10.16-1 ii libnl-3-200 3.2.27-1+b1 ii libnl-genl-3-200 3.2.27-1+b1 ii libpcsclite1 1.8.20-1 ii libreadline7 7.0-2 ii libssl1.0.2 1.0.2j-1 ii lsb-base 9.20161125 wpasupplicant recommends no packages. Versions of packages wpasupplicant suggests: pn libengine-pkcs11-openssl pn wpagui -- no debconf information
Bug#848982: [pkg-wpa-devel] Bug#848982: wpasupplicant fails to connect to WPA Enterprise network with 2.6-2
I'm also using network manager and have a Qualcomm Atheros QCA6174 (Dell XPS 9360) and cannot connect to PEAP network recently. I've tried downgrading wpasupplicant, network-manager and even linux kernel but none of them fixes the problem. >From log and code it looks like network-manager already send all uppercase auth=MSCHAPV2 to wpasupplicant. My unsuccessful logs look like: Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: SME: Trying to authenticate with 78:19:f7:75:6f:81 (SSID='Baz' freq=5320 MHz) Jan 17 11:45:26 foo kernel: [ 1220.206224] wlp58s0: authenticate with 78:19:f7:75:6f:81 Jan 17 11:45:26 foo kernel: [ 1220.251155] wlp58s0: send auth to 78:19:f7:75:6f:81 (try 1/3) Jan 17 11:45:26 foo kernel: [ 1220.251862] wlp58s0: authenticated Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: Trying to associate with 78:19:f7:75:6f:81 (SSID='Baz' freq=5320 MHz) Jan 17 11:45:26 foo NetworkManager[650]: [1484624726.9616] device (wlp58s0): supplicant interface state: scanning -> authenticating Jan 17 11:45:26 foo kernel: [ 1220.259636] wlp58s0: associate with 78:19:f7:75:6f:81 (try 1/3) Jan 17 11:45:26 foo kernel: [ 1220.260877] wlp58s0: RX AssocResp from 78:19:f7:75:6f:81 (capab=0x511 status=0 aid=8) Jan 17 11:45:26 foo kernel: [ 1220.263589] wlp58s0: associated Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: Associated with 78:19:f7:75:6f:81 Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-EAP-STARTED EAP authentication started Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Jan 17 11:45:26 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=TW Jan 17 11:45:26 foo kernel: [ 1220.272467] wlp58s0: deauthenticated from 78:19:f7:75:6f:81 (Reason: 1=UNSPECIFIED) Jan 17 11:45:26 foo kernel: [ 1220.272842] ath: EEPROM regdomain: 0x809e Jan 17 11:45:26 foo kernel: [ 1220.272843] ath: EEPROM indicates we should expect a country code Jan 17 11:45:26 foo kernel: [ 1220.272844] ath: doing EEPROM country->regdmn map search Jan 17 11:45:26 foo kernel: [ 1220.272844] ath: country maps to regdmn code: 0x50 Jan 17 11:45:26 foo kernel: [ 1220.272845] ath: Country alpha2 being used: TW Jan 17 11:45:26 foo kernel: [ 1220.272845] ath: Regpair used: 0x50 Jan 17 11:45:26 foo kernel: [ 1220.272846] ath: regdomain 0x809e dynamically updated by country IE Jan 17 11:45:27 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-DISCONNECTED bssid=78:19:f7:75:6f:81 reason=1 Jan 17 11:45:27 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD Jan 17 11:45:27 foo NetworkManager[650]: [1484624727.0250] device (wlp58s0): supplicant interface state: authenticating -> associating Jan 17 11:45:27 foo NetworkManager[650]: [1484624727.0265] device (wlp58s0): supplicant interface state: associating -> associated Jan 17 11:45:27 foo NetworkManager[650]: [1484624727.0269] sup-iface[0x558eaae0aa20,wlp58s0]: connection disconnected (reason 1) Jan 17 11:45:27 foo NetworkManager[650]: [1484624727.0269] device (wlp58s0): supplicant interface state: associated -> disconnected Jan 17 11:45:27 foo wpa_supplicant[1025]: wlp58s0: CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=TW Jan 17 11:45:27 foo NetworkManager[650]: [1484624727.1257] device (wlp58s0): supplicant interface state: disconnected -> scanning Boot with a Ubuntu 16.04 live cd with proper firmware can connect to the network successfully. I only has this live cd handy but I can test with Debian later. Kanru
Bug#848982: [pkg-wpa-devel] Bug#848982: wpasupplicant fails to connect to WPA Enterprise network with 2.6-2
On 12 January 2017 at 20:25, Axel Beckertwrote: >> Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: workaround, ignore >> invalid ms_len 46 (len 50) >> Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Authentication >> succeeded > > In the old log, there's mentioning of MSCHAPV2, but in the new log, > there's no more mentioning of MSCHAPV2. > > Could this be related to https://bugs.launchpad.net/wicd/+bug/1656061 > in wicd where someone said that > > phase2="auth=MSCHAPv2" > > no more works and that the correct syntax is > > phase2="auth=MSCHAPV2" > > with a capital "V". > > Can you check if you have a lower-case "v" in your WPA configuration, > too? I wonder, if it's that problem indeed, could we have it patched to accept the old syntax temporarily while issuing a warning? -- Cheers, Andrew
Bug#848982: wpasupplicant fails to connect to WPA Enterprise network with 2.6-2
Hi, Matan Peled wrote: > I'm using network manager and have a Qualcomm Atheros QCA6174 adapter > using the ath10k_pci driver. > > After upgrading to 2.6-2, I am no longer able to connect to a WPA > Enterprise secured network, while it worked fine with 2.5-2+v2.4-3. > > When it works fine on 2.5-2+v2.4-3, I see in daemon.log: […] > Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Invalid header: > len=68 ms_len=64 > Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: workaround, ignore > invalid ms_len 64 (len 68) > Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Invalid header: > len=50 ms_len=46 > Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: workaround, ignore > invalid ms_len 46 (len 50) > Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Authentication > succeeded In the old log, there's mentioning of MSCHAPV2, but in the new log, there's no more mentioning of MSCHAPV2. Could this be related to https://bugs.launchpad.net/wicd/+bug/1656061 in wicd where someone said that phase2="auth=MSCHAPv2" no more works and that the correct syntax is phase2="auth=MSCHAPV2" with a capital "V". Can you check if you have a lower-case "v" in your WPA configuration, too? Regards, Axel -- ,''`. | Axel Beckert, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Bug#848982: wpasupplicant fails to connect to WPA Enterprise network with 2.6-2
Package: wpasupplicant Version: 2.6-2 Severity: important Dear Maintainer, I'm using network manager and have a Qualcomm Atheros QCA6174 adapter using the ath10k_pci driver. After upgrading to 2.6-2, I am no longer able to connect to a WPA Enterprise secured network, while it worked fine with 2.5-2+v2.4-3. When it works fine on 2.5-2+v2.4-3, I see in daemon.log: Dec 21 15:33:37 green wpa_supplicant[696]: wlp1s0: SME: Trying to authenticate with 3c:8a:b0:fa:ec:41 (SSID='CS_WiFi' freq=5320 MHz) Dec 21 15:33:41 green wpa_supplicant[696]: wlp1s0: SME: Trying to authenticate with 3c:8a:b0:f9:61:01 (SSID='CS_WiFi' freq=5200 MHz) Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: Trying to associate with 3c:8a:b0:f9:61:01 (SSID='CS_WiFi' freq=5200 MHz) Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: Associated with 3c:8a:b0:f9:61:01 Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=eap.auto.configed.certificate/unstructuredName=Certificate created by auto-config. Please obtain a real one.' hash=19642d3c7816dc34b023f17c3eb44584fda8be12c50d2c14598883f13c086945 Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=eap.auto.configed.certificate/unstructuredName=Certificate created by auto-config. Please obtain a real one.' hash=19642d3c7816dc34b023f17c3eb44584fda8be12c50d2c14598883f13c086945 Dec 21 15:33:42 green wpa_supplicant[696]: p2p-dev-wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=IL Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Invalid header: len=68 ms_len=64 Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: workaround, ignore invalid ms_len 64 (len 68) Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Invalid header: len=50 ms_len=46 Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: workaround, ignore invalid ms_len 46 (len 50) Dec 21 15:33:42 green wpa_supplicant[696]: EAP-MSCHAPV2: Authentication succeeded Dec 21 15:33:42 green wpa_supplicant[696]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Dec 21 15:33:42 green wpa_supplicant[696]: nl80211: Unexpected encryption algorithm 5 Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: WPA: Key negotiation completed with 3c:8a:b0:f9:61:01 [PTK=CCMP GTK=CCMP] Dec 21 15:33:42 green wpa_supplicant[696]: wlp1s0: CTRL-EVENT-CONNECTED - Connection to 3c:8a:b0:f9:61:01 completed [id=0 id_str=] When it does not work, with 2.6-2, I see many more attempts: Dec 21 15:29:11 green wpa_supplicant[685]: wlp1s0: Trying to associate with 3c:8a:b0:fc:72:80 (SSID='CS_WiFi' freq=2412 MHz) Dec 21 15:29:11 green wpa_supplicant[685]: wlp1s0: Associated with 3c:8a:b0:fc:72:80 Dec 21 15:29:11 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started Dec 21 15:29:11 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Dec 21 15:29:11 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=IL Dec 21 15:29:27 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=3c:8a:b0:fc:72:80 reason=3 locally_generated=1 Dec 21 15:29:27 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD Dec 21 15:29:28 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=BEACON_HINT type=UNKNOWN Dec 21 15:29:28 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=BEACON_HINT type=UNKNOWN Dec 21 15:29:28 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=BEACON_HINT type=UNKNOWN Dec 21 15:29:32 green wpa_supplicant[685]: wlp1s0: SME: Trying to authenticate with 3c:8a:b0:fc:72:80 (SSID='CS_WiFi' freq=2412 MHz) Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: SME: Trying to authenticate with 3c:8a:b0:f9:61:01 (SSID='CS_WiFi' freq=5200 MHz) Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: Trying to associate with 3c:8a:b0:f9:61:01 (SSID='CS_WiFi' freq=5200 MHz) Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: Associated with 3c:8a:b0:f9:61:01 Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Dec 21 15:29:36 green wpa_supplicant[685]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE