Re: problem connecting EAP/TLS wireless network



One more thing I noticed with NM. The configuration it generated doesn't
seem right to me, although I know almost nothing it.
$ more %gconf.xml
<?xml version="1.0"?>
<gconf>
        <entry name="wep_auth_algorithm" mtime="1158970359" type="int"
value="1">
        </entry>
        <entry name="we_cipher" mtime="1158970359" type="int"
value="16">
        </entry>
        <entry name="bssids" mtime="1158961060" type="list"
ltype="string">
                <li type="string">
                        <stringvalue>00:0F:24:B6:9C:10</stringvalue>
                </li>
        </entry>
        <entry name="timestamp" mtime="1158970359" type="int"
value="1158970359">
        </entry>
        <entry name="essid" mtime="1158970359" type="string">
                <stringvalue>qrslan</stringvalue>
        </entry>
</gconf>
It seems missing entries for the certificates. Since I have a working
wpa_supplicant.conf now, can I manually create the XML file base on
that? Does anyone know the proper key names?
Thanks.

On Fri, 2006-09-22 at 16:59 -0700, Arnold Wang wrote:
> BTW, I tried manually configuring NIC with the following
> wpa_supplicant.conf file and it worked fine.  
> [root arnoldw2 ~]# more /etc/wpa_supplicant/wpa_supplicant.conf.eap
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=wheel
> eapol_version=1
> ap_scan=2
> fast_reauth=1
> 
> network={
>         ssid="qrslan"
>         key_mgmt=IEEE8021X
>         eap=TLS
>         identity="awang itlogon com"
>         ca_cert="/etc/wpa_supplicant/.credential/itlogon.pem"
>         client_cert="/etc/wpa_supplicant/.credential/awang.pem"
>         private_key="/etc/wpa_supplicant/.credential/awang.prv"
>         eapol_flags=3
> }
> 
> On Fri, 2006-09-22 at 15:34 -0700, Arnold Wang wrote:
> > I upgraded the ndiswrapper to 1.23, which is the latest stable version,
> > and I'm still experiencing the same problem.
> > [root arnoldw2 ~]# dmesg | grep ndis
> > ndiswrapper version 1.23 loaded (preempt=no,smp=no)
> > ndiswrapper: driver lsbcmnds (The Linksys Group, Inc.,02/14/2005,
> > 3.90.36.0) loaded
> > ndiswrapper: using irq 11
> > 
> > 
> > On Fri, 2006-09-22 at 14:54 -0700, Arnold Wang wrote:
> > > Thanks for the responding. 
> > > I'm using ndiswrapper 1.18 and the Linksys driver is 3.90.36.0. I
> > > understand the ndiswrapper is not the latest, however I assume it should
> > > be OK since it works fine with my home network.
> > > I'll try to compile the latest from source.
> > > 
> > > On Fri, 2006-09-22 at 17:50 -0400, Dan Williams wrote:
> > > > On Fri, 2006-09-22 at 13:39 -0700, Arnold Wang wrote:
> > > > > I'm having trouble to connect to my company's EAP/TLS wireless network
> > > > > using NM. I'm running FC5 on my laptop and the NIC is Linksys WPC54G
> > > > > using ndiswrapper driver. The NM is 0.6.4. The wpa_supplicant driver is
> > > > > 0.4.8.
> > > > > This combination works great with my home WPA2/AES wireless network. The
> > > > > problem is with my company's EAS/TLS network. When I tried to connect to
> > > > > the network, I was prompted to enter the WEP key. According to my
> > > > > understanding of EAP/TLS, the keys are dynamically generated. I
> > > > > shouldn't be prompted at all.
> > > > 
> > > > It looks like you need a better version of ndiswrapper, if that's what
> > > > you're using for your card.  What version do you have?
> > > > 
> > > > Dan
> > > > 
> > > > 
> > > > > I configured the software components in the following:
> > > > > ------
> > > > > /etc/sysconfig/wpa_supplicant:
> > > > > # wlan0 and wifi0
> > > > > # INTERFACES="-iwlan0 -iwifi0"
> > > > > INTERFACES="-iwlan0"
> > > > > # ndiswrapper and prism
> > > > > # DRIVERS="-Dndiswrapper -Dprism"
> > > > > DRIVERS="-Dndiswrapper"
> > > > > -----
> > > > > /etc/wpa_supplicant/wpa_supplicant.conf
> > > > > ctrl_interface=/var/run/wpa_supplicant
> > > > > ctrl_interface_group=wheel
> > > > > ap_scan=2
> > > > > 
> > > > > network={
> > > > >         ssid="any"
> > > > >         key_mgmt=NONE
> > > > > }
> > > > > -----
> > > > > NM configuration:
> > > > > Network Name:	qrslan(SSID)
> > > > > Wireless Security: WPA Enterprise
> > > > > EAP:	TLS
> > > > > Key Type:	Dynamic WEP
> > > > > identity:	awang itlogon com(ID for RADIUS)
> > > > > I have all the certificates configured as well.
> > > > > The followings are the error messages I can find, which don't tell much:
> > > > > ------
> > > > > /var/log/messages:
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) started...
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) Stage 1 of 5 (Device Prepare) scheduled...
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) Stage 1 of 5 (Device Prepare) started...
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) Stage 2 of 5 (Device Configure) scheduled...
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) Stage 1 of 5 (Device Prepare) complete.
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) Stage 2 of 5 (Device Configure) starting...
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0/wireless): access point 'qrslan' is encrypted, but NO valid key
> > > > > exists.  New key needed.
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) New wireless user key requested for network 'qrslan'.
> > > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) Stage 2 of 5 (Device Configure) complete.
> > > > > Sep 22 13:27:33 arnoldw2 NetworkManager: <information>  Activation
> > > > > (wlan0) New wireless user key request for network 'qrslan' was canceled.
> > > > > (I clicked cancel on the prompt)
> > > > > ---debug messages when I started wpa_supplicant manually
> > > > > Initializing interface 'wlan0' conf
> > > > > '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'ndiswrapper'
> > > > > ctrl_interface 'N/A'
> > > > > Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' ->
> > > > > '/etc/wpa_supplicant/wpa_supplicant.conf'
> > > > > Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
> > > > > ctrl_interface='/var/run/wpa_supplicant'
> > > > > ctrl_interface_group=10 (from group name 'wheel')
> > > > > ap_scan=1
> > > > > Line: 5 - start of a new network block
> > > > > ssid - hexdump_ascii(len=3):
> > > > >      61 6e 79                                          any
> > > > > key_mgmt: 0x4
> > > > > Priority group 0
> > > > >    id=0 ssid='any'
> > > > > Initializing interface (2) 'wlan0'
> > > > > EAPOL: SUPP_PAE entering state DISCONNECTED
> > > > > EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> > > > > EAPOL: SUPP_BE entering state INITIALIZE
> > > > > EAP: EAP entering state DISABLED
> > > > > EAPOL: External notification - portEnabled=0
> > > > > EAPOL: External notification - portValid=0
> > > > > SIOCGIWRANGE: WE(compiled)=20 WE(source)=18 enc_capa=0xf
> > > > >   capabilities: key_mgmt 0xf enc 0xf
> > > > > Own MAC address: 00:0c:41:e3:ca:ad
> > > > > Driver does not support WPA.
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> > > > > Setting scan request: 0 sec 100000 usec
> > > > > Added interface wlan0
> > > > > Wireless event: cmd=0x8b06 len=8
> > > > > RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> > > > > RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> > > > > State: DISCONNECTED -> SCANNING
> > > > > Starting AP scan (broadcast SSID)
> > > > > Scan timeout - try to get results
> > > > > Received 607 bytes of scan results (3 BSSes)
> > > > > Scan results: 3
> > > > > Selecting BSS from priority group 0
> > > > > 0: 00:0f:24:b6:9c:10 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > > >    skip - no WPA/RSN IE
> > > > > 1: 00:0f:24:1d:0f:50 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > > >    skip - no WPA/RSN IE
> > > > > 2: 00:06:25:a0:d1:98 ssid='HelpDesk' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
> > > > >    skip - no WPA/RSN IE
> > > > > No suitable AP found.
> > > > > Setting scan request: 5 sec 0 usec
> > > > > Wireless event: cmd=0x8b1a len=8
> > > > > Wireless event: cmd=0x8b15 len=20
> > > > > Wireless event: new AP: 00:00:00:00:00:00
> > > > > Added BSSID 00:00:00:00:00:00 into blacklist
> > > > > State: SCANNING -> DISCONNECTED
> > > > > EAPOL: External notification - portEnabled=0
> > > > > EAPOL: External notification - portValid=0
> > > > > CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > > Wireless event: cmd=0x8b2a len=8
> > > > > Wireless event: cmd=0x8b06 len=8
> > > > > Wireless event: cmd=0x8c07 len=40
> > > > > AssocReq IE wireless event - hexdump(len=32): 00 08 48 65 6c 70 44 65 73
> > > > > 6b 01 04 82 84 0b 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > > Wireless event: cmd=0x8c08 len=14
> > > > > AssocResp IE wireless event - hexdump(len=6): 01 04 82 84 0b 16
> > > > > Wireless event: cmd=0x8b15 len=20
> > > > > Wireless event: new AP: 00:06:25:a0:d1:98
> > > > > Association info event
> > > > > req_ies - hexdump(len=32): 00 08 48 65 6c 70 44 65 73 6b 01 04 82 84 0b
> > > > > 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > > resp_ies - hexdump(len=6): 01 04 82 84 0b 16
> > > > > WPA: clearing own WPA/RSN IE
> > > > > State: DISCONNECTED -> ASSOCIATED
> > > > > Associated to a new BSS: BSSID=00:06:25:a0:d1:98
> > > > > No keys have been configured - skip key clearing
> > > > > No network configuration found for the current AP
> > > > > State: ASSOCIATED -> DISCONNECTED
> > > > > No keys have been configured - skip key clearing
> > > > > EAPOL: External notification - portEnabled=0
> > > > > EAPOL: External notification - portValid=0
> > > > > State: DISCONNECTED -> SCANNING
> > > > > Starting AP scan (broadcast SSID)
> > > > > Wireless event: cmd=0x8b1a len=8
> > > > > Wireless event: cmd=0x8b15 len=20
> > > > > Wireless event: new AP: 00:00:00:00:00:00
> > > > > Added BSSID 00:06:25:a0:d1:98 into blacklist
> > > > > State: SCANNING -> DISCONNECTED
> > > > > EAPOL: External notification - portEnabled=0
> > > > > EAPOL: External notification - portValid=0
> > > > > CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> > > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > > Wireless event: cmd=0x8b2a len=8
> > > > > Wireless event: cmd=0x8b06 len=8
> > > > > Wireless event: cmd=0x8c07 len=40
> > > > > AssocReq IE wireless event - hexdump(len=32): 00 08 48 65 6c 70 44 65 73
> > > > > 6b 01 04 82 84 0b 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > > Wireless event: cmd=0x8c08 len=14
> > > > > AssocResp IE wireless event - hexdump(len=6): 01 04 82 84 0b 16
> > > > > Wireless event: cmd=0x8b15 len=20
> > > > > Wireless event: new AP: 00:06:25:a0:d1:98
> > > > > Association info event
> > > > > req_ies - hexdump(len=32): 00 08 48 65 6c 70 44 65 73 6b 01 04 82 84 0b
> > > > > 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > > resp_ies - hexdump(len=6): 01 04 82 84 0b 16
> > > > > WPA: clearing own WPA/RSN IE
> > > > > State: DISCONNECTED -> ASSOCIATED
> > > > > Associated to a new BSS: BSSID=00:06:25:a0:d1:98
> > > > > No keys have been configured - skip key clearing
> > > > > No network configuration found for the current AP
> > > > > State: ASSOCIATED -> DISCONNECTED
> > > > > No keys have been configured - skip key clearing
> > > > > EAPOL: External notification - portEnabled=0
> > > > > EAPOL: External notification - portValid=0
> > > > > Scan timeout - try to get results
> > > > > Received 607 bytes of scan results (3 BSSes)
> > > > > Scan results: 3
> > > > > Selecting BSS from priority group 0
> > > > > 0: 00:0f:24:b6:9c:10 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > > >    skip - no WPA/RSN IE
> > > > > 1: 00:0f:24:1d:0f:50 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > > >    skip - no WPA/RSN IE
> > > > > 2: 00:06:25:a0:d1:98 ssid='HelpDesk' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
> > > > >    skip - no WPA/RSN IE
> > > > > No APs found - clear blacklist and try again
> > > > > Removed BSSID 00:06:25:a0:d1:98 from blacklist (clear)
> > > > > Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
> > > > > Selecting BSS from priority group 0
> > > > > 0: 00:0f:24:b6:9c:10 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > > >    skip - no WPA/RSN IE
> > > > > 1: 00:0f:24:1d:0f:50 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > > >    skip - no WPA/RSN IE
> > > > > 2: 00:06:25:a0:d1:98 ssid='HelpDesk' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
> > > > >    skip - no WPA/RSN IE
> > > > > No suitable AP found.
> > > > > Setting scan request: 5 sec 0 usec
> > > > > CTRL-EVENT-TERMINATING - signal 2 received
> > > > > Removing interface wlan0
> > > > > State: DISCONNECTED -> DISCONNECTED
> > > > > No keys have been configured - skip key clearing
> > > > > EAPOL: External notification - portEnabled=0
> > > > > EAPOL: External notification - portValid=0
> > > > > No keys have been configured - skip key clearing
> > > > > Cancelling scan request
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > NetworkManager-list mailing list
> > > > > NetworkManager-list gnome org
> > > > > http://mail.gnome.org/mailman/listinfo/networkmanager-list
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]