[Desktop-packages] [Bug 610084] Re: wpasupplicant fails to access 802.11x wired network by peap and mschapv2: periodic reauthentication fails

Mathieu Trudel-Lapierre Mon, 20 Aug 2012 14:21:35 -0700

Indeed it's pretty likely that this is an issue with openssl, for the
specific hardware being used in this particular case (since
PEAP/MSCHAPv2 works great here, on 12.04 and 12.10).


Please see if you could provide debug logs for wpasupplicant. You can do
this easily:

sudo python /usr/lib/NetworkManager/debug-helper.py --wpa debug

Then reproduce the issue (without rebooting); the logs will be found in
/var/log/syslog; which you should attach to this bug report.

** Changed in: wpasupplicant (Ubuntu)
       Status: Confirmed => Incomplete

** Changed in: network-manager (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/610084

Title:
  wpasupplicant fails to access 802.11x wired network by peap and
  mschapv2: periodic reauthentication fails

Status in “network-manager” package in Ubuntu:
  Invalid
Status in “wpasupplicant” package in Ubuntu:
  Incomplete

Bug description:
  Binary package hint: wpasupplicant

  Package: wpasupplicant  0.6.9-3ubuntu3 on Ubuntu 10.04 LTS and 12.04
  LTS

  Intended functionality:

  Accessing 802.1x secured wired network via wpasupplicant by peap and
  mschapv2 and successful periodic reauthentication w/a user
  interaction.

  What happens:

  User enters credentials (login/pw) and gets authenticated and his computer is 
put in the correct vlan. The switch (cisco 3560g) is configured to 
re-authenticate
  all 802.1x users every n seconds to propagate new vlan assignments w/a 
restarting the port.

  The initial connection works and the user can access the network.

  Here the part of the syslog during this initial phase (NetworkManager
  stuff just FYI):

  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) starting 
connection '192.168.1.101 w 802.1x'
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0): device state change: 3 -> 
4 (reason 0)
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 1 of 5 
(Device Prepare) scheduled...
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 1 of 5 
(Device Prepare) started...
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 2 of 5 
(Device Configure) scheduled...
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 1 of 5 
(Device Prepare) complete.
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 2 of 5 
(Device Configure) starting...
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0): device state change: 4 -> 
5 (reason 0)
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0/wired): 
connection '192.168.1.101 w 802.1x' has security, but secrets are required.
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0): device state change: 5 -> 
6 (reason 0)
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 2 of 5 
(Device Configure) complete.
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 1 of 5 
(Device Prepare) scheduled...
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 1 of 5 
(Device Prepare) started...
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0): device state change: 6 -> 
4 (reason 0)
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 2 of 5 
(Device Configure) scheduled...
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 1 of 5 
(Device Prepare) complete.
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 2 of 5 
(Device Configure) starting...
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0): device state change: 4 -> 
5 (reason 0)
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0/wired): 
connection '192.168.1.101 w 802.1x' requires no security. No secrets needed.
  Jul 26 15:15:28 raw NetworkManager: <info>  Activation (eth0) Stage 2 of 5 
(Device Configure) complete.
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0): supplicant interface 
state:  starting -> ready
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'password' value 
'<omitted>'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'key_mgmt' value 
'IEEE8021X'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'eapol_flags' value 
'0'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'eap' value 'PEAP'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'fragment_size' 
value '1300'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'phase2' value 
'auth=MSCHAPV2'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: added 'identity' value 
'jan'
  Jul 26 15:15:28 raw NetworkManager: <info>  Config: set interface ap_scan to 1
  Jul 26 15:15:28 raw wpa_supplicant[1258]: Associated with 01:80:c2:00:00:03
  Jul 26 15:15:28 raw NetworkManager: <info>  (eth0) supplicant connection 
state:  disconnected -> associated
  Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP 
authentication started
  Jul 26 15:15:29 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 
method 25 (PEAP) selected
  Jul 26 15:15:29 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake - 
Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
  Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-MSCHAPV2: Authentication 
succeeded
  Jul 26 15:15:29 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - 
EAP-TLV/Phase2 Completed
  Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-SUCCESS EAP 
authentication completed successfully
  Jul 26 15:15:33 raw wpa_supplicant[1258]: CTRL-EVENT-CONNECTED - Connection 
to 01:80:c2:00:00:03 completed (auth) [id=0 id_str=]
  Jul 26 15:15:33 raw NetworkManager: <info>  (eth0) supplicant connection 
state:  associated -> completed
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0/wired) Stage 2 
of 5 (Device Configure) successful.
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 3 of 5 
(IP Configure Start) scheduled.
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 3 of 5 
(IP Configure Start) started...
  Jul 26 15:15:33 raw NetworkManager: <info>  (eth0): device state change: 5 -> 
7 (reason 0)
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 4 of 5 
(IP4 Configure Get) scheduled...
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 4 of 5 
(IP6 Configure Get) scheduled...
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 3 of 5 
(IP Configure Start) complete.
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 4 of 5 
(IP4 Configure Get) started...
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 4 of 5 
(IP4 Configure Get) complete.
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 4 of 5 
(IP6 Configure Get) started...
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 5 of 5 
(IP Configure Commit) scheduled...
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 4 of 5 
(IP6 Configure Get) complete.
  Jul 26 15:15:33 raw NetworkManager: <info>  Activation (eth0) Stage 5 of 5 
(IP Configure Commit) started...
  Jul 26 15:15:33 raw avahi-daemon[1059]: Joining mDNS multicast group on 
interface eth0.IPv4 with address 192.168.1.101.
  Jul 26 15:15:33 raw avahi-daemon[1059]: New relevant interface eth0.IPv4 for 
mDNS.
  Jul 26 15:15:33 raw avahi-daemon[1059]: Registering new address record for 
192.168.1.101 on eth0.IPv4.
  Jul 26 15:15:34 raw NetworkManager: <info>  (eth0): device state change: 7 -> 
8 (reason 0)
  Jul 26 15:15:34 raw NetworkManager: <info>  Activation (eth0) successful, 
device activated.
  Jul 26 15:15:34 raw NetworkManager: <info>  Activation (eth0) Stage 5 of 5 
(IP Configure Commit) complete.
  Jul 26 15:15:34 raw ntpdate[12890]: can't find host ntp.ubuntu.com
  Jul 26 15:15:34 raw ntpdate[12890]: no servers can be used, exiting

  Now after ten seconds the switch requests re-authentification:

  Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-STARTED EAP 
authentication started
  Jul 26 15:15:43 raw wpa_supplicant[1258]: CTRL-EVENT-EAP-METHOD EAP vendor 0 
method 25 (PEAP) selected
  Jul 26 15:15:43 raw wpa_supplicant[1258]: OpenSSL: tls_connection_handshake - 
Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)
  Jul 26 15:15:43 raw wpa_supplicant[1258]: EAP-TLV: TLV Result - Success - 
EAP-TLV/Phase2 Completed

  To me this looks exactly the same as before but the radius server
  logs: "Auth: Login incorrect: [jan/<via Auth-Type=EAP>]..."

  On top of that the NetworkManager also does not realize that the
  connection is broken.

  This setup works with M$ Windows XP sp3. What also works is
  TTLS+MSCHAPv1 on the linux machine, however TTLS+MSCHAPv2 fails just
  as PEAP+MSCHAPv2 does here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/610084/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 610084] Re: wpasupplicant fails to access 802.11x wired network by peap and mschapv2: periodic reauthentication fails

Reply via email to