touch-packages team mailing list archive

Thread
Date
[Bug 969343] Re: Unable to connect to WPA enterprise wireless

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Mathew Hodson <mathew.hodson@xxxxxxxxx>
Date: Sat, 02 Aug 2014 01:38:58 -0000
Reply-to: Bug 969343 <969343@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: openssl (Ubuntu)
       Status: Incomplete => Invalid

** Changed in: openssl (Ubuntu Precise)
       Status: Fix Committed => Invalid

** Tags removed: verification-done-precise

** This bug is no longer a duplicate of bug 1104476
   Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wpa in Ubuntu.
https://bugs.launchpad.net/bugs/969343

Title:
  Unable to connect to WPA enterprise wireless

Status in OEM Priority Project:
  Fix Released
Status in OEM Priority Project precise series:
  Fix Released
Status in OpenSSL cryptography and SSL/TLS toolkit:
  New
Status in Linux WPA/WPA2/IEEE 802.1X Supplicant:
  In Progress
Status in “openssl” package in Ubuntu:
  Invalid
Status in “wpa” package in Ubuntu:
  Fix Released
Status in “wpasupplicant” package in Ubuntu:
  Invalid
Status in “openssl” source package in Precise:
  Invalid
Status in “wpa” source package in Precise:
  Invalid
Status in “wpasupplicant” source package in Precise:
  Fix Released
Status in “openssl” package in Debian:
  Confirmed
Status in “openssl” package in Fedora:
  New
Status in “wpasupplicant” package in Fedora:
  Unknown

Bug description:
  [Impact]
  Breaks 802.1x (PEAP) authentication for wireless networks using specific authentication servers and/or AP hardware. Aruba network devices specifically are known to be affected; and is a popular device type used in enterprises to secure wireless networks.

  [Test Case]
  This issue is hardware specific and may or may not be limited to Aruba authentication servers.
  1) Attempt to connect / authenticate to a wireless, 802.1x network requiring Protected EAP (or possibly other auth mechanisms).
  2) (optionally) Watch SSL traffic between the station and authentication server using wireshark/tcpdump, looking for auth failures and the extensions passed.

  [Regression Potential]
  Since this changes the SSL extensions and options used to connect to 802.1x wireless networks; some networks specifically configured to request or make use of the session ticket extension could be made impossible to successfully authenticate to; up to the point where multiple connection failures could lock the accounts used in highly-restricted networks. Also, there is a potential (again, due to the change in SSL options) for other networks (using specific AP hardware) that don't support the extensions used to fail authentication.

  ---

  Using identical settings as in 11.10, I am unable to make a wpa
  enterprise connection using xubuntu precise beta 2. This is a Lenovo
  X220 with a Centrino Advanced-N 6205 wireless interface. During the
  attempted logon, I am not presented with a certificate to approve,
  although wireless instructions for OSX suggest that I should be.
  However, I never had to approve a certificate when connecting with
  11.10 -- I just ignored the certificate screen and everything worked.

  This seems like the relevant excerpt from syslog:

  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Trying to associate with 00:11:92:3e:79:80 (SSID='Northwestern' freq=2462 MHz)
  Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: scanning -> associating
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940422] wlan0: authenticated
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.940974] wlan0: associate with 00:11:92:3e:79:80 (try 1)
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943165] wlan0: RX ReassocResp from 00:11:92:3e:79:80 (capab=0x431 status=0 aid=222)
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.943174] wlan0: associated
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: Associated with 00:11:92:3e:79:80
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-STARTED EAP authentication started
  Mar 30 10:39:01 fin8344m2 NetworkManager[848]: <info> (wlan0): supplicant interface state: associating -> associated
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: SSL: SSL3 alert: read (remote end reported an error):fatal:bad certificate
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: OpenSSL: openssl_handshake - SSL_connect error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
  Mar 30 10:39:01 fin8344m2 wpa_supplicant[1116]: CTRL-EVENT-EAP-FAILURE EAP authentication failed
  Mar 30 10:39:01 fin8344m2 kernel: [ 2201.969742] wlan0: deauthenticated from 00:11:92:3e:79:80 (Reason: 23)

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: network-manager 0.9.4.0-0ubuntu1
  ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12
  Uname: Linux 3.2.0-20-generic x86_64
  ApportVersion: 2.0-0ubuntu1
  Architecture: amd64
  Date: Fri Mar 30 10:34:13 2012
  IfupdownConfig:
   auto lo
   iface lo inet loopback
  InstallationMedia: Xubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=true
   WimaxEnabled=true
  ProcEnviron:
   LANGUAGE=en_US:en
   TERM=xterm
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  RfKill:
   0: phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
  SourcePackage: network-manager
  UpgradeStatus: No upgrade log present (probably fresh install)
  nmcli-con: Error: command ['nmcli', '-f', 'all', 'con'] failed with exit code 1: Error: Can't obtain connections: settings service is not running.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/969343/+subscriptions