Re: problem connecting EAP/TLS wireless network

From: Arnold Wang <arnold wang inovis com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: problem connecting EAP/TLS wireless network
Date: Fri, 22 Sep 2006 16:59:15 -0700

BTW, I tried manually configuring NIC with the following
wpa_supplicant.conf file and it worked fine.  
[root arnoldw2 ~]# more /etc/wpa_supplicant/wpa_supplicant.conf.eap
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=1
ap_scan=2
fast_reauth=1

network={
        ssid="qrslan"
        key_mgmt=IEEE8021X
        eap=TLS
        identity="awang itlogon com"
        ca_cert="/etc/wpa_supplicant/.credential/itlogon.pem"
        client_cert="/etc/wpa_supplicant/.credential/awang.pem"
        private_key="/etc/wpa_supplicant/.credential/awang.prv"
        eapol_flags=3
}

On Fri, 2006-09-22 at 15:34 -0700, Arnold Wang wrote:
> I upgraded the ndiswrapper to 1.23, which is the latest stable version,
> and I'm still experiencing the same problem.
> [root arnoldw2 ~]# dmesg | grep ndis
> ndiswrapper version 1.23 loaded (preempt=no,smp=no)
> ndiswrapper: driver lsbcmnds (The Linksys Group, Inc.,02/14/2005,
> 3.90.36.0) loaded
> ndiswrapper: using irq 11
> 
> 
> On Fri, 2006-09-22 at 14:54 -0700, Arnold Wang wrote:
> > Thanks for the responding. 
> > I'm using ndiswrapper 1.18 and the Linksys driver is 3.90.36.0. I
> > understand the ndiswrapper is not the latest, however I assume it should
> > be OK since it works fine with my home network.
> > I'll try to compile the latest from source.
> > 
> > On Fri, 2006-09-22 at 17:50 -0400, Dan Williams wrote:
> > > On Fri, 2006-09-22 at 13:39 -0700, Arnold Wang wrote:
> > > > I'm having trouble to connect to my company's EAP/TLS wireless network
> > > > using NM. I'm running FC5 on my laptop and the NIC is Linksys WPC54G
> > > > using ndiswrapper driver. The NM is 0.6.4. The wpa_supplicant driver is
> > > > 0.4.8.
> > > > This combination works great with my home WPA2/AES wireless network. The
> > > > problem is with my company's EAS/TLS network. When I tried to connect to
> > > > the network, I was prompted to enter the WEP key. According to my
> > > > understanding of EAP/TLS, the keys are dynamically generated. I
> > > > shouldn't be prompted at all.
> > > 
> > > It looks like you need a better version of ndiswrapper, if that's what
> > > you're using for your card.  What version do you have?
> > > 
> > > Dan
> > > 
> > > 
> > > > I configured the software components in the following:
> > > > ------
> > > > /etc/sysconfig/wpa_supplicant:
> > > > # wlan0 and wifi0
> > > > # INTERFACES="-iwlan0 -iwifi0"
> > > > INTERFACES="-iwlan0"
> > > > # ndiswrapper and prism
> > > > # DRIVERS="-Dndiswrapper -Dprism"
> > > > DRIVERS="-Dndiswrapper"
> > > > -----
> > > > /etc/wpa_supplicant/wpa_supplicant.conf
> > > > ctrl_interface=/var/run/wpa_supplicant
> > > > ctrl_interface_group=wheel
> > > > ap_scan=2
> > > > 
> > > > network={
> > > >         ssid="any"
> > > >         key_mgmt=NONE
> > > > }
> > > > -----
> > > > NM configuration:
> > > > Network Name:	qrslan(SSID)
> > > > Wireless Security: WPA Enterprise
> > > > EAP:	TLS
> > > > Key Type:	Dynamic WEP
> > > > identity:	awang itlogon com(ID for RADIUS)
> > > > I have all the certificates configured as well.
> > > > The followings are the error messages I can find, which don't tell much:
> > > > ------
> > > > /var/log/messages:
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) started...
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) Stage 1 of 5 (Device Prepare) scheduled...
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) Stage 1 of 5 (Device Prepare) started...
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) Stage 2 of 5 (Device Configure) scheduled...
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) Stage 1 of 5 (Device Prepare) complete.
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) Stage 2 of 5 (Device Configure) starting...
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0/wireless): access point 'qrslan' is encrypted, but NO valid key
> > > > exists.  New key needed.
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) New wireless user key requested for network 'qrslan'.
> > > > Sep 22 13:27:10 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) Stage 2 of 5 (Device Configure) complete.
> > > > Sep 22 13:27:33 arnoldw2 NetworkManager: <information>  Activation
> > > > (wlan0) New wireless user key request for network 'qrslan' was canceled.
> > > > (I clicked cancel on the prompt)
> > > > ---debug messages when I started wpa_supplicant manually
> > > > Initializing interface 'wlan0' conf
> > > > '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'ndiswrapper'
> > > > ctrl_interface 'N/A'
> > > > Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' ->
> > > > '/etc/wpa_supplicant/wpa_supplicant.conf'
> > > > Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
> > > > ctrl_interface='/var/run/wpa_supplicant'
> > > > ctrl_interface_group=10 (from group name 'wheel')
> > > > ap_scan=1
> > > > Line: 5 - start of a new network block
> > > > ssid - hexdump_ascii(len=3):
> > > >      61 6e 79                                          any
> > > > key_mgmt: 0x4
> > > > Priority group 0
> > > >    id=0 ssid='any'
> > > > Initializing interface (2) 'wlan0'
> > > > EAPOL: SUPP_PAE entering state DISCONNECTED
> > > > EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> > > > EAPOL: SUPP_BE entering state INITIALIZE
> > > > EAP: EAP entering state DISABLED
> > > > EAPOL: External notification - portEnabled=0
> > > > EAPOL: External notification - portValid=0
> > > > SIOCGIWRANGE: WE(compiled)=20 WE(source)=18 enc_capa=0xf
> > > >   capabilities: key_mgmt 0xf enc 0xf
> > > > Own MAC address: 00:0c:41:e3:ca:ad
> > > > Driver does not support WPA.
> > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> > > > Setting scan request: 0 sec 100000 usec
> > > > Added interface wlan0
> > > > Wireless event: cmd=0x8b06 len=8
> > > > RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> > > > RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> > > > State: DISCONNECTED -> SCANNING
> > > > Starting AP scan (broadcast SSID)
> > > > Scan timeout - try to get results
> > > > Received 607 bytes of scan results (3 BSSes)
> > > > Scan results: 3
> > > > Selecting BSS from priority group 0
> > > > 0: 00:0f:24:b6:9c:10 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > >    skip - no WPA/RSN IE
> > > > 1: 00:0f:24:1d:0f:50 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > >    skip - no WPA/RSN IE
> > > > 2: 00:06:25:a0:d1:98 ssid='HelpDesk' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
> > > >    skip - no WPA/RSN IE
> > > > No suitable AP found.
> > > > Setting scan request: 5 sec 0 usec
> > > > Wireless event: cmd=0x8b1a len=8
> > > > Wireless event: cmd=0x8b15 len=20
> > > > Wireless event: new AP: 00:00:00:00:00:00
> > > > Added BSSID 00:00:00:00:00:00 into blacklist
> > > > State: SCANNING -> DISCONNECTED
> > > > EAPOL: External notification - portEnabled=0
> > > > EAPOL: External notification - portValid=0
> > > > CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > Wireless event: cmd=0x8b2a len=8
> > > > Wireless event: cmd=0x8b06 len=8
> > > > Wireless event: cmd=0x8c07 len=40
> > > > AssocReq IE wireless event - hexdump(len=32): 00 08 48 65 6c 70 44 65 73
> > > > 6b 01 04 82 84 0b 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > Wireless event: cmd=0x8c08 len=14
> > > > AssocResp IE wireless event - hexdump(len=6): 01 04 82 84 0b 16
> > > > Wireless event: cmd=0x8b15 len=20
> > > > Wireless event: new AP: 00:06:25:a0:d1:98
> > > > Association info event
> > > > req_ies - hexdump(len=32): 00 08 48 65 6c 70 44 65 73 6b 01 04 82 84 0b
> > > > 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > resp_ies - hexdump(len=6): 01 04 82 84 0b 16
> > > > WPA: clearing own WPA/RSN IE
> > > > State: DISCONNECTED -> ASSOCIATED
> > > > Associated to a new BSS: BSSID=00:06:25:a0:d1:98
> > > > No keys have been configured - skip key clearing
> > > > No network configuration found for the current AP
> > > > State: ASSOCIATED -> DISCONNECTED
> > > > No keys have been configured - skip key clearing
> > > > EAPOL: External notification - portEnabled=0
> > > > EAPOL: External notification - portValid=0
> > > > State: DISCONNECTED -> SCANNING
> > > > Starting AP scan (broadcast SSID)
> > > > Wireless event: cmd=0x8b1a len=8
> > > > Wireless event: cmd=0x8b15 len=20
> > > > Wireless event: new AP: 00:00:00:00:00:00
> > > > Added BSSID 00:06:25:a0:d1:98 into blacklist
> > > > State: SCANNING -> DISCONNECTED
> > > > EAPOL: External notification - portEnabled=0
> > > > EAPOL: External notification - portValid=0
> > > > CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
> > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> > > > wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> > > > Wireless event: cmd=0x8b2a len=8
> > > > Wireless event: cmd=0x8b06 len=8
> > > > Wireless event: cmd=0x8c07 len=40
> > > > AssocReq IE wireless event - hexdump(len=32): 00 08 48 65 6c 70 44 65 73
> > > > 6b 01 04 82 84 0b 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > Wireless event: cmd=0x8c08 len=14
> > > > AssocResp IE wireless event - hexdump(len=6): 01 04 82 84 0b 16
> > > > Wireless event: cmd=0x8b15 len=20
> > > > Wireless event: new AP: 00:06:25:a0:d1:98
> > > > Association info event
> > > > req_ies - hexdump(len=32): 00 08 48 65 6c 70 44 65 73 6b 01 04 82 84 0b
> > > > 16 dd 06 00 40 96 01 01 00 dd 06 00 10 18 02 00 00
> > > > resp_ies - hexdump(len=6): 01 04 82 84 0b 16
> > > > WPA: clearing own WPA/RSN IE
> > > > State: DISCONNECTED -> ASSOCIATED
> > > > Associated to a new BSS: BSSID=00:06:25:a0:d1:98
> > > > No keys have been configured - skip key clearing
> > > > No network configuration found for the current AP
> > > > State: ASSOCIATED -> DISCONNECTED
> > > > No keys have been configured - skip key clearing
> > > > EAPOL: External notification - portEnabled=0
> > > > EAPOL: External notification - portValid=0
> > > > Scan timeout - try to get results
> > > > Received 607 bytes of scan results (3 BSSes)
> > > > Scan results: 3
> > > > Selecting BSS from priority group 0
> > > > 0: 00:0f:24:b6:9c:10 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > >    skip - no WPA/RSN IE
> > > > 1: 00:0f:24:1d:0f:50 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > >    skip - no WPA/RSN IE
> > > > 2: 00:06:25:a0:d1:98 ssid='HelpDesk' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
> > > >    skip - no WPA/RSN IE
> > > > No APs found - clear blacklist and try again
> > > > Removed BSSID 00:06:25:a0:d1:98 from blacklist (clear)
> > > > Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
> > > > Selecting BSS from priority group 0
> > > > 0: 00:0f:24:b6:9c:10 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > >    skip - no WPA/RSN IE
> > > > 1: 00:0f:24:1d:0f:50 ssid='qrslan' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
> > > >    skip - no WPA/RSN IE
> > > > 2: 00:06:25:a0:d1:98 ssid='HelpDesk' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
> > > >    skip - no WPA/RSN IE
> > > > No suitable AP found.
> > > > Setting scan request: 5 sec 0 usec
> > > > CTRL-EVENT-TERMINATING - signal 2 received
> > > > Removing interface wlan0
> > > > State: DISCONNECTED -> DISCONNECTED
> > > > No keys have been configured - skip key clearing
> > > > EAPOL: External notification - portEnabled=0
> > > > EAPOL: External notification - portValid=0
> > > > No keys have been configured - skip key clearing
> > > > Cancelling scan request
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > 
> > > > _______________________________________________
> > > > NetworkManager-list mailing list
> > > > NetworkManager-list gnome org
> > > > http://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: problem connecting EAP/TLS wireless network
  - From: Arnold Wang

References:
- connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Ertugrul Harman
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Dan Williams
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: David Abrahams
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Ertugrul Harman
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Darren Albers
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Ertugrul Harman
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Darren Albers
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Ertugrul Harman
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Dan Williams
- Re: connecting to a WPA secured wireless network often fails and takes a very long time
  - From: Darren Albers
- problem connecting EAP/TLS wireless network
  - From: Arnold Wang
- Re: problem connecting EAP/TLS wireless network
  - From: Dan Williams
- Re: problem connecting EAP/TLS wireless network
  - From: Arnold Wang
- Re: problem connecting EAP/TLS wireless network
  - From: Arnold Wang

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]