Re: "login" keyring



Dan Williams wrote:
On Tue, 2007-10-16 at 18:04 +0200, Giovanni Lovato wrote:
Dan Williams wrote:
[CUT]
Reading log files I guess my keyring is being unlocked correctly:

gdm[6175]: pam_unix(gdm:session): session opened for user giovanni by
(uid=0)
gdm[6175]: gkr-pam: unlocked 'login' keyring

And it seems also NM is receiving the key:

<info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) scheduled...
<info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) started...
<info>  Activation (wlan0) Stage 2 of 5 (Device Configure) scheduled...
<info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) complete.
<info>  Activation (wlan0) Stage 2 of 5 (Device Configure) starting...
<info> Activation (wlan0/wireless): access point 'Laurelin' is encrypted, but NO valid key exists. New key needed. <info> Activation (wlan0) New wireless user key requested for network 'Laurelin'.
<info>  Activation (wlan0) Stage 2 of 5 (Device Configure) complete.
<info> Activation (wlan0) New wireless user key for network 'Laurelin' received.
<info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) scheduled...
<info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) started...
<info>  Activation (wlan0) Stage 2 of 5 (Device Configure) scheduled...
<info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) complete.
<info>  Activation (wlan0) Stage 2 of 5 (Device Configure) starting...
<info> Activation (wlan0/wireless): access point 'Laurelin' is encrypted, but NO valid key exists. New key needed. <info> Activation (wlan0) New wireless user key requested for network 'Laurelin'.
<info>  Activation (wlan0) Stage 2 of 5 (Device Configure) complete.

But doesn't bring up the interface and it loops on those stages. The key is correct because if I unset gconf entries and retry to connect all goes fine, it saves the key to the keyring and then connects. The problem appears the next login, so I have to unset gconf entries and always recreate the connection...

I have that issue on two different fresh Gutsy installation. Do you think it's a Gutsy related bug, my fault or NM?
Can you provide the output of an 'iwlist <interface name> scan' for the
'Laurelin' access point?
# iwlist wlan0 scan
iwlist wlan0 scan
wlan0     Scan completed :
           Cell 01 - Address: 00:C0:49:D3:F4:0E
                     ESSID:"Laurelin"
                     Protocol:IEEE 802.11bg
                     Mode:Master
                     Channel:11
                     Frequency:2.462 GHz (Channel 11)
                     Encryption key:on
                     Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
                               11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                               48 Mb/s; 54 Mb/s
Quality=84/100 Signal level=-50 dBm Noise level=-50 dBm
                     IE: WPA Version 1
                         Group Cipher : WEP-40
                         Pairwise Ciphers (1) : WEP-40
                         Authentication Suites (1) : 802.1x
                     Extra: Last beacon: 84ms ago

Wow.

I've never seen an AP advertise in the WPA IE before that it only
supports WEP + 802.1x.  Usually those APs don't advertise that.  Can you
tell me the model and vendor of the AP you're using?

I think technically, it's illegal to advertise WPA capability with only
WEP ciphers.  AFAIK WEP is allowed for the Group cipher, but you cannot
use WEP as a pairwise cipher with WPA, since WPA requires either TKIP or
CCMP or both as pairwise ciphers.  This configuration is essentially
"Dynamic WEP".  So it's not surprising that NM will get this config
wrong, but it's a bug in NM that should probably get fixed.

All that said though, it would be great if all Dynamic WEP access points
advertised like this, because then NM can make a better guess as to what
type of authentication the AP supports.  Seems like a case of a vendor
not quite understanding how to go about advertising AP capability...

The AP is a USR 9106. The fact is that it always worked (and works) with NM 0.6.4; also notice I have the same problem on another wireless network with the newer DWL-2200AP. So I think my problem isn't related to the APs...

G.L.
--
mail: giovanni lovato aldu net
web: http://heruan.my.aldu.net

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]