Re: [Fwd: Re: Using LEAP, WPA-EAP and CCMP with NetworkManager]

From: "Jan Vlug" <wr26244 wolmail nl>
To: networkmanager-list gnome org
Subject: Re: [Fwd: Re: Using LEAP, WPA-EAP and CCMP with NetworkManager]
Date: Tue, 25 Sep 2007 11:55:55 +0200
> Aaron Konstam wrote:
> > On Fri, 2007-09-21 at 17:46 -0400, Dan Williams wrote:
> >> On Fri, 2007-09-21 at 15:26 -0500, Aaron Konstam wrote:
> >>> On Fri, 2007-09-21 at 22:03 +0200, Jan Vlug wrote:
> >>>> I want to use NetworkManager to setup my wireless connection, however I
> >>>> do not manage to get it working.
> >>>>
> >>>> When using wpa_supplicant, I can connect to the wireless network by
> >>>> using these settings:
> >>>> network={
> >>>>   ssid="NAME"
> >>>>   scan_ssid=1
> >>>>   key_mgmt=WPA-EAP
> >>>>   pairwise=CCMP
> >>>>   eap=LEAP
> >>>>   identity="me"
> >>>>   password="secret"
> >>>> }
> >>>>
> >>>> Is this configuration supported by the NetworkManager GUI?
> >>>> I am using Fedora 7.

> >>> At the risk of being shot down choose in nm-applet Connect to Other
> >>> Wireless Network and a GUI will open up giving you a choice of LEAP, WPA
> >>> with PEAP , etc.
> >>>  However , in my case the GUI for WPA with PEAP  opened up automatically
> >>> when I chose the AP using that protocol.

> >> I don't think there's a GUI option for LEAP as an eap method; it's
> >> likely simple to add one though since it shouldn't require much behind
> >> the scenes or in the UI at all.  Seems pretty easy.
> >>
> >> Dan
> >>
> >>

> > I am not sure what you mean. There are two different GUI based ways to get
> >  LEAP authorization in NM. The first is an option in the default security
> >  GUI as an alternative to WEP.
> > The second is in the Connect to Other Wireless Network GUI as a security
> >  option as as an alternative to WEP and various WPA options.
> >
> > However, Dan you know much more about NM than I do so I assume the problem
> > is in the phrase "LEAP and an eap method" whose meaning is not clear to me.
> > --

>
> This is the wpa_cli status, when I am connected via wpa_supplicant:
>
> ssid=NAME
> id=1
> pairwise_cipher=CCMP
> group_cipher=TKIP
> key_mgmt=WPA2/IEEE 802.1X /EAP
> wpa_state=COMPLETED
> ip_address=192.168.a.b.
> Supplicant PAE state=AUTHENTICATED
> suppPortStatus=Authorized
> EAP state=SUCCESS
> selectedMethod=17 (EAP-LEAP)
>
> When using the nm_applet GUI (0.6.5), I have the impression that I
> cannot select a similar configuration.
> Can I configure NetworkManager manually?
>

I did some further investigation:
I used nm-supplicant-test get some additional info.
Furthermore, below is also the output of wpa_supplicant and
NetworkManager itself.
Apparently my configuration is not supported. Do you know whether it
is supported in a newer version of NetworkManager? Do I have to file a
bug?

So now the long output:

 === start NetworkManager output ===

NetworkManager: <info>  starting...
NetworkManager: <info>  eth1: Device is fully-supported using driver 'ipw2200'.
NetworkManager: <info>  nm_device_init(): waiting for device's worker
thread to start
NetworkManager: <info>  nm_device_init(): device's worker thread
started, continuing.
NetworkManager: <info>  Now managing wireless (802.11) device 'eth1'.
NetworkManager: <info>  Deactivating device eth1.
NetworkManager: <info>  eth0: Device is fully-supported using driver 'tg3'.
NetworkManager: <info>  nm_device_init(): waiting for device's worker
thread to start
NetworkManager: <info>  nm_device_init(): device's worker thread
started, continuing.
NetworkManager: <info>  Now managing wired Ethernet (802.3) device 'eth0'.
NetworkManager: <info>  Deactivating device eth0.
NetworkManager: <info>  nm-netlink-monitor.c -
nm_netlink_monitor_event_handler (724) netlink reports device eth1
link now 0
NetworkManager: <info>  nm-netlink-monitor.c -
nm_netlink_monitor_event_handler (724) netlink reports device eth0
link now 0
NetworkManager: <info>  nm-device-802-3-ethernet.c -
link_deactivated_helper (129) device eth0 will set active link to
FALSE
NetworkManager: <info>  nm-device-802-3-ethernet.c -
nm_device_802_3_ethernet_link_deactivated (149) device eth0 scheduled
link_deactivated_helper
NetworkManager: <info>  nm-netlink-monitor.c -
nm_netlink_monitor_event_handler (724) netlink reports device eth1
link now 0
NetworkManager: <info>  nm-netlink-monitor.c -
nm_netlink_monitor_event_handler (724) netlink reports device eth0
link now 0
NetworkManager: <info>  nm-device-802-3-ethernet.c -
link_deactivated_helper (129) device eth0 will set active link to
FALSE
NetworkManager: <info>  nm-device-802-3-ethernet.c -
nm_device_802_3_ethernet_link_deactivated (149) device eth0 scheduled
link_deactivated_helper
NetworkManager: <info>  Updating allowed wireless network lists.
NetworkManager: <info>  SWITCH: no current connection, found better
connection 'eth1'.
NetworkManager: <info>  Will activate connection 'eth1/NAME'.
NetworkManager: <info>  Device eth1 activation scheduled...
NetworkManager: <info>  Activation (eth1) started...
NetworkManager: <info>  Activation (eth1) Stage 1 of 5 (Device
Prepare) scheduled...
NetworkManager: <info>  Activation (eth1) Stage 1 of 5 (Device
Prepare) started...
NetworkManager: <info>  Activation (eth1) Stage 2 of 5 (Device
Configure) scheduled...
NetworkManager: <info>  Activation (eth1) Stage 1 of 5 (Device
Prepare) complete.
NetworkManager: <info>  Activation (eth1) Stage 2 of 5 (Device
Configure) starting...
NetworkManager: <info>  Activation (eth1/wireless): access point
'NAME' is encrypted, but NO valid key exists.  New key needed.
NetworkManager: <info>  Activation (eth1) New wireless user key
requested for network 'NAME'.
NetworkManager: <info>  Activation (eth1) Stage 2 of 5 (Device
Configure) complete.
NetworkManager: <info>  Activation (eth1) New wireless user key for
network 'NAME' received.
NetworkManager: <info>  Activation (eth1) Stage 1 of 5 (Device
Prepare) scheduled...
NetworkManager: <info>  Activation (eth1) Stage 1 of 5 (Device
Prepare) started...
NetworkManager: <info>  Activation (eth1) Stage 2 of 5 (Device
Configure) scheduled...
NetworkManager: <info>  Activation (eth1) Stage 1 of 5 (Device
Prepare) complete.
NetworkManager: <info>  Activation (eth1) Stage 2 of 5 (Device
Configure) starting...
NetworkManager: <info>  Activation (eth1/wireless): access point
'NAME' is encrypted, but NO valid key exists.  New key needed.
NetworkManager: <info>  Activation (eth1) New wireless user key
requested for network 'NAME'.
NetworkManager: <info>  Activation (eth1) Stage 2 of 5 (Device
Configure) complete.

This messages keeps repeating.
^C because no further progress and no connection was established

=== End NetworkManager output ===


=== Start nm-supplicant-test output

ap_scan: 2
Key: ssid, Value: "NAME"
Key: scan_ssid, Value: 1
Key: key_mgmt, Value: WPA-EAP
Key: pairwise, Value: CCMP
Key: eap, Value: LEAP
Key: identity, Value: "me"
Key: password, Value: "secret"
SUP: sending command 'INTERFACE_ADD eth1                wext
/var/run/wpa_supplicant '
SUP: response was 'OK'
SUP: sending command 'AP_SCAN 2'
SUP: response was 'OK'
SUP: sending command 'ADD_NETWORK'
SUP: response was '0'
SUP: sending command 'SET_NETWORK 0 ssid "NAME"'
SUP: response was 'OK'
SUP: sending command 'SET_NETWORK 0 scan_ssid 1'
SUP: response was 'OK'
SUP: sending command 'SET_NETWORK 0 key_mgmt WPA-EAP'
SUP: response was 'OK'
SUP: sending command 'SET_NETWORK 0 pairwise CCMP'
SUP: response was 'OK'
SUP: sending command 'SET_NETWORK 0 eap LEAP'
SUP: response was 'OK'
SUP: sending command 'SET_NETWORK 0 identity "me"'
SUP: response was 'OK'
SUP: sending command 'SET_NETWORK 0 password "secret"'
SUP: response was 'OK'
SUP: sending command 'ENABLE_NETWORK 0'
SUP: response was 'OK'
wpa_supplicant(24828): Global control interface '/var/run/wpa_supplicant-global'
wpa_supplicant(24828): RX global ctrl_iface - hexdump_ascii(len=49):
wpa_supplicant(24828):      49 4e 54 45 52 46 41 43 45 5f 41 44 44 20
65 74   INTERFACE_ADD et
wpa_supplicant(24828):      68 31 09 09 77 65 78 74 09 2f 76 61 72 2f
72 75   h1__wext_/var/ru
wpa_supplicant(24828):      6e 2f 77 70 61 5f 73 75 70 70 6c 69 63 61
6e 74   n/wpa_supplicant
wpa_supplicant(24828):      09
       _
wpa_supplicant(24828): CTRL_IFACE GLOBAL INTERFACE_ADD 'eth1
 wext    /var/run/wpa_supplicant '
wpa_supplicant(24828): Initializing interface 'eth1' conf 'N/A' driver
'wext' ctrl_interface '/var/run/wpa_supplicant' bridge 'N/A'
wpa_supplicant(24828): Initializing interface (2) 'eth1'
wpa_supplicant(24828): EAPOL: SUPP_PAE entering state DISCONNECTED
wpa_supplicant(24828): EAPOL: KEY_RX entering state NO_KEY_RECEIVE
wpa_supplicant(24828): EAPOL: SUPP_BE entering state INITIALIZE
wpa_supplicant(24828): EAP: EAP entering state DISABLED
wpa_supplicant(24828): EAPOL: External notification - portEnabled=0
wpa_supplicant(24828): EAPOL: External notification - portValid=0
wpa_supplicant(24828): SIOCGIWRANGE: WE(compiled)=22 WE(source)=18 enc_capa=0xf
wpa_supplicant(24828):   capabilities: key_mgmt 0xf enc 0xf
wpa_supplicant(24828): WEXT: Operstate: linkmode=1, operstate=5
wpa_supplicant(24828): 4
wpa_supplicant(24828): wpa_driver_wext_set_wpa
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=0
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=1
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=2
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=3
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_countermeasures
wpa_supplicant(24828): wpa_driver_wext_set_drop_unencrypted
wpa_supplicant(24828): Setting scan request: 0 sec 100000 usec
wpa_supplicant(24828): Added interface eth1
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
wpa_supplicant(24828): Wireless event: cmd=0x8b06 len=8
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=9):
wpa_supplicant(24828):      41 50 5f 53 43 41 4e 20 32
       AP_SCAN 2
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=11):
wpa_supplicant(24828):      41 44 44 5f 4e 45 54 57 4f 52 4b
       ADD_NETWORK
wpa_supplicant(24828): CTRL_IFACE: ADD_NETWORK
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=28): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='ssid'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=9): [REMOVED]
wpa_supplicant(24828): (len=7):
wpa_supplicant(24828):      4e 43 33 41 2d 38 34
       NAME
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=25): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='scan_ssid'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=1): [REMOVED]
wpa_supplicant(24828): scan_ssid=1 (0x1)
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=30): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='key_mgmt'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=7): [REMOVED]
wpa_supplicant(24828): key_mgmt: 0x1
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=27): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='pairwise'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=4): [REMOVED]
wpa_supplicant(24828): pairwise: 0x10
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=22): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='eap'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=4): [REMOVED]
wpa_supplicant(24828): eap methods - hexdump(len=16): 00 00 00 00 11
00 00 00 00 00 00 00 00 00 00 00
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=29): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='identity'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=6): [REMOVED]
wpa_supplicant(24828): identity - hexdump_ascii(len=4):
wpa_supplicant(24828): ug
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=33): [REMOVED]
wpa_supplicant(24828): CTRL_IFACE: SET_NETWORK id=0 name='password'
wpa_supplicant(24828): CTRL_IFACE: value - hexdump_ascii(len=10): [REMOVED]
wpa_supplicant(24828): password - hexdump_ascii(len=8): [REMOVED]
wpa_supplicant(24828): RX ctrl_iface - hexdump_ascii(len=16):
wpa_supplicant(24828):      45 4e 41 42 4c 45 5f 4e 45 54 57 4f 52 4b
20 30   ENABLE_NETWORK 0
wpa_supplicant(24828): CTRL_IFACE: ENABLE_NETWORK id=0
wpa_supplicant(24828): Setting scan request: 0 sec 0 usec
wpa_supplicant(24828): State: DISCONNECTED -> SCANNING
wpa_supplicant(24828): Trying to associate with SSID 'NAME'
wpa_supplicant(24828): Cancelling scan request
wpa_supplicant(24828): WPA: clearing own WPA/RSN IE
wpa_supplicant(24828): Automatic auth_alg selection: 0x1
wpa_supplicant(24828): WPA: No WPA/RSN IE available from association info
wpa_supplicant(24828): WPA: Set cipher suites based on configuration
wpa_supplicant(24828): WPA: Selected cipher suites: group 30 pairwise
16 key_mgmt 1 proto 2
wpa_supplicant(24828): WPA: clearing AP WPA IE
wpa_supplicant(24828): WPA: clearing AP RSN IE
wpa_supplicant(24828): WPA: using GTK CCMP
wpa_supplicant(24828): WPA: using PTK CCMP
wpa_supplicant(24828): WPA: using KEY_MGMT 802.1X
wpa_supplicant(24828): WPA: Set own WPA IE default - hexdump(len=22):
30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
wpa_supplicant(24828): No keys have been configured - skip key clearing
wpa_supplicant(24828): wpa_driver_wext_set_drop_unencrypted
wpa_supplicant(24828): tate: SCANNING -> ASSOCIATING
wpa_supplicant(24828): wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
wpa_supplicant(24828): WEXT: Operstate: linkmode=-1, operstate=5
wpa_supplicant(24828): wpa_driver_wext_associate
wpa_supplicant(24828): Setting authentication timeout: 60 sec 0 usec
wpa_supplicant(24828): EAPOL: External notification - portControl=Auto
wpa_supplicant(24828): CTRL_IFACE monitor attached - hexdump(len=18):
2f 77 70 61 5f 63 74 72 6c 5f 32 34 38 32 36 2d 32 00
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b06 len=8
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b1a len=15
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3132 bytes of scan results (11 BSSes)
wpa_supplicant(24828): Scan results: 11
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b15 len=20
wpa_supplicant(24828): Wireless event: new AP: 00:00:00:00:00:00
wpa_supplicant(24828):sendmsg(CTRL_IFACE monitor): No such file or directory
icant(24828): CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
wpa_supplicant(24828): CTRL_IFACE monitor send - hexdump(len=18): 2f
77 70 61 5f 63 74 72 6c 5f 32 34 38 32 36 2d 32 00
wpa_supplicant(24828): 0 set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=1
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=2
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=3
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): wpa_driver_wext_set_key: alg=0 key_idx=0
set_tx=0 seq_len=0 key_len=0
wpa_supplicant(24828): State: ASSOCIATING -> DISCONNECTED
wpa_supplicant(24828): wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
wpa_supplicant(24828): WEXT: Operstate: linkmode=-1, operstate=5
wpa_supplicant(24828): EAPOL: External notification - portEnabled=0
wpa_supplicant(24828): EAPOL: External notification - portValid=0
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3127 bytes of scan results (11 BSSes)
wpa_supplicant(24828): Scan results: 11
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3134 bytes of scan results (11 BSSes)
wpa_supplicant(24828): Scan results: 11
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3129 bytes of scan results (11 BSSes)
wpa_supplicant(24828): Scan results: 11
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
eth1: link timed out.
wpa_supplicant(24828): less event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3432 bytes of scan results (12 BSSes)
wpa_supplicant(24828): Scan results: 12
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3428 bytes of scan results (12 BSSes)
wpa_supplicant(24828): Scan results: 12
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3432 bytes of scan results (12 BSSes)
wpa_supplicant(24828): Scan results: 12
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3431 bytes of scan results (12 BSSes)
wpa_supplicant(24828): Scan results: 12
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3431 bytes of scan results (12 BSSes)
wpa_supplicant(24828): Scan results: 12
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3429 bytes of scan results (12 BSSes)
wpa_supplicant(24828): Scan results: 12
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
wpa_supplicant(24828): Wireless event: cmd=0x8b19 len=8
wpa_supplicant(24828): Received 3165 bytes of scan results (11 BSSes)
wpa_supplicant(24828): Scan results: 11
wpa_supplicant(24828): RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Activation (eth1/wireless): association took too long (>20s), failing
activation.

=== End nm-supplicant-test output


=== Start wpa_supplicant output (of successful connection)

Trying to associate with 00:xx:xx:xx:xx:00 (SSID='NAME' freq=2462 MHz)
Associated with 00:xx:xx:xx:xx:00
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 17 (LEAP) selected
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:xx:xx:xx:xx:00 [PTK=CCMP GTK=TKIP]
CTRL-EVENT-CONNECTED - Connection to 00:xx:xx:xx:xx:00 completed
(auth) [id=0 id_str=]

Here successfully a connection was established.

=== End wpa_supplicant output (of successful connection)
Follow-Ups:
- Re: [Fwd: Re: Using LEAP, WPA-EAP and CCMP with NetworkManager]
  - From: Jan Vlug
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]