** Description changed: + [Impact] + Breaks 802.1x (PEAP) authentication for wireless networks using specific authentication servers and/or AP hardware. Aruba network devices specifically are known to be affected; and is a popular device type used in enterprises to secure wireless networks. + + [Test Case] + This issue is hardware specific and may or may not be limited to Aruba authentication servers. + 1) Attempt to connect / authenticate to a wireless, 802.1x network requiring Protected EAP (or possibly other auth mechanisms). + 2) (optionally) Watch SSL traffic between the station and authentication server using wireshark/tcpdump, looking for auth failures and the extensions passed. + + [Regression Potential] + Since this changes the SSL extensions and options used to connect to 802.1x wireless networks; some networks specifically configured to request or make use of the session ticket extension could be made impossible to successfully authenticate to; up to the point where multiple connection failures could lock the accounts used in highly-restricted networks. Also, there is a potential (again, due to the change in SSL options) for other networks (using specific AP hardware) that don't support the extensions used to fail authentication. + + --- + Using identical settings as in 11.10, I am unable to make a wpa enterprise connection using xubuntu precise beta 2. This is a Lenovo X220 with a Centrino Advanced-N 6205 wireless interface. During the attempted logon, I am not presented with a certificate to approve, although wireless instructions for OSX suggest that I should be. However, I never had to approve a certificate when connecting with 11.10 -- I just ignored the certificate screen and everything worked. This seems like the relevant excerpt from syslog: Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Trying to associate with 00:11:92:3e:79:80 (SSID='Northwestern' freq=2462 MHz) Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: scanning -> associating Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940422] wlan0: authenticated Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940974] wlan0: associate with 00:11:92:3e:79:80 (try 1) Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943165] wlan0: RX ReassocResp from 00:11:92:3e:79:80 (capab=0x431 status=0 aid=222) Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943174] wlan0: associated Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Associated with 00:11:92:3e:79:80 Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-STARTED EAP authentication started Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: associating -> associated Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: SSL: SSL3 alert: read (remote end reported an error):fatal:bad certificate Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: OpenSSL: openssl_handshake - SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-FAILURE EAP authentication failed Mar 30 10:39:01 fin8344m2 kernel: [ 2201.969742] wlan0: deauthenticated from 00:11:92:3e:79:80 (Reason: 23) ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: network-manager 0.9.4.0-0ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12 Uname: Linux 3.2.0-20-generic x86_64 ApportVersion: 2.0-0ubuntu1 Architecture: amd64 Date: Fri Mar 30 10:34:13 2012 IfupdownConfig: - auto lo - iface lo inet loopback + auto lo + iface lo inet loopback InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328) NetworkManager.state: - [main] - NetworkingEnabled=true - WirelessEnabled=true - WWANEnabled=true - WimaxEnabled=true + [main] + NetworkingEnabled=true + WirelessEnabled=true + WWANEnabled=true + WimaxEnabled=true ProcEnviron: - LANGUAGE=en_US:en - TERM=xterm - LANG=en_US.UTF-8 - SHELL=/bin/bash + LANGUAGE=en_US:en + TERM=xterm + LANG=en_US.UTF-8 + SHELL=/bin/bash RfKill: - 0: phy0: Wireless LAN - Soft blocked: no - Hard blocked: no + 0: phy0: Wireless LAN + Soft blocked: no + Hard blocked: no SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-con: Error: command ['nmcli', '-f', 'all', 'con'] failed with exit code 1: Error: Can't obtain connections: settings service is not running.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/969343 Title: Unable to connect to WPA enterprise wireless To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/969343/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
