Ubuntu fails to reliably associate with WPA2-Enterprise networks using either the WG511T (AR5212) or Intel 4965AGN wireless chipsets with 2.6.27 kernel.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: network-manager
1) Ubuntu 8.10 (Intrepid)
2) network-manager (0.7~~svn200810
3) I expected to be able to use a WPA2-Enterprise network reliably and connect within a reasonable period of time (e.g. 30 seconds).
4) It takes 5 to 6 attempts to connect using EAP-TTLS or PEAP and EAP-TLS doesn't work at all, despite showing a successful authentication message in my FreeRADIUS logs. In each case, it takes 4 or 5 connection attempts before my FreeRADIUS logs show any activity. In Ubuntu 8.04, I can reliably connect on the first try. My server logs show a successful authentication within 2-3 seconds of clicking the connect button in Ubuntu 8.04.
I have tested using my own WPA2-Enterprise wireless network using EAP-TLS, PEAPv0/MSCHAPv2 and EAP-TTLS/MSCHAPv2 in both Ubuntu 8.04 and 8.10. I am able to reliably and quickly connect using Ubuntu 8.04 but no setup works reliably in Ubuntu 8.10. Under Ubuntu 8.04, within 2-3 seconds of clicking on my network, my FreeRADIUS server logs show a successful connection using any of the above mentioned EAP types. However, in Ubuntu 8.10 (with the latest network-manager package), I see absolutely no ATTEMPT to connect to my RADIUS server . Even when running the server in debugging mode, in 5 out of 6 connection attempts, the server shows no activity at all. With PEAP and EAP-TLS, when the server shows a successful authentication, Ubuntu connects properly. However, even when the server shows a successful authentication attempt with EAP-TLS, Ubuntu still fails to connect.
WPA2-PSK, WEP, and open networks work fine in Ubuntu 8.10. In addition, I have tested my network on Windows XP SP3 with Juniper's Odyssey Access Client, Intel's PROSet client, and XP's included supplicant. PEAP and EAP-TLS work in all three (XP's supplicant doesn't support EAP-TTLS).
PARTIAL SOLUTION: PEAP and EAP-TTLS work reliably while using the 2.6.24 kernel. EAP-TLS still doesn't work despite showing a successful authentication on the RADIUS server.
Attempted connection to WPA2-Enterprise network using EAP-TLS authentication in Ubuntu 8.10:
Dec 12 23:02:49 jason-laptop NetworkManager: <info> (ath0): device state change: 5 -> 6
Dec 12 23:02:49 jason-laptop NetworkManager: <info> Activation (ath0/wireless): asking for new secrets
Dec 12 23:02:49 jason-laptop NetworkManager: <info> (ath0): supplicant connection state change: 4 -> 0
Dec 12 23:02:52 jason-laptop NetworkManager: <WARN> get_secrets_cb(): Couldn't get connection secrets: applet-
Dec 12 23:02:52 jason-laptop NetworkManager: <info> (ath0): device state change: 6 -> 9
Dec 12 23:02:52 jason-laptop NetworkManager: <info> Activation (ath0) failed for access point (Wireless 9568392)
Dec 12 23:02:52 jason-laptop NetworkManager: <info> Marking connection 'Auto Wireless 9568392' invalid.
Dec 12 23:02:52 jason-laptop NetworkManager: <info> Activation (ath0) failed.
Dec 12 23:02:52 jason-laptop NetworkManager: <info> (ath0): device state change: 9 -> 3
Dec 12 23:02:52 jason-laptop NetworkManager: <info> (ath0): deactivating device (reason: 0).
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) starting connection 'Auto Wireless 9568392'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): device state change: 3 -> 4
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 1 of 5 (Device Prepare) scheduled...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 1 of 5 (Device Prepare) started...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 2 of 5 (Device Configure) scheduled...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 1 of 5 (Device Prepare) complete.
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 2 of 5 (Device Configure) starting...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): device state change: 4 -> 5
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0/wireless): access point 'Auto Wireless 9568392' has security, but secrets are required.
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): device state change: 5 -> 6
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 2 of 5 (Device Configure) complete.
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 1 of 5 (Device Prepare) scheduled...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 1 of 5 (Device Prepare) started...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): device state change: 6 -> 4
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 2 of 5 (Device Configure) scheduled...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 1 of 5 (Device Prepare) complete.
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 2 of 5 (Device Configure) starting...
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): device state change: 4 -> 5
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0/wireless): connection 'Auto Wireless 9568392' has security, and secrets exist. No new secrets needed.
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'ssid' value 'Wireless 9568392'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'scan_ssid' value '1'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'key_mgmt' value 'WPA-EAP'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'proto' value 'WPA RSN'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'pairwise' value 'TKIP CCMP'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'group' value 'WEP40 WEP104 TKIP CCMP'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'eap' value 'TLS'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'fragment_size' value '1300'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'ca_cert' value 'blob:/
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'client_cert' value 'blob:/
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'private_key' value 'blob:/
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: added 'identity' value 'Jason Wittlin-Cohen'
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Activation (ath0) Stage 2 of 5 (Device Configure) complete.
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): supplicant connection state change: 2 -> 0
Dec 12 23:05:24 jason-laptop NetworkManager: <info> Config: set interface ap_scan to 1
Dec 12 23:05:24 jason-laptop NetworkManager: <info> (ath0): supplicant connection state change: 0 -> 2
Dec 12 23:05:26 jason-laptop NetworkManager: <info> (ath0): supplicant connection state change: 2 -> 3
Dec 12 23:05:28 jason-laptop NetworkManager: <info> (ath0): supplicant connection state change: 3 -> 4
Dec 12 23:05:39 jason-laptop NetworkManager: <info> ath0: link timed out.
(FreeRADIUS reported a successful authentication).
PARTIAL SOLUTION:
Apparently I was wrong. The failure to reliably authenticate issue was in fact a driver problem. I am now able to connect to PEAP and EAP-TTLS networks reliably using the 2.6.24-22-386 kernel. Now I can connect every time rather than every sixth time.
However, the EAP-TLS issue hasn't gone away. I've tested using Hardy's wpasupplicant, network-manager, network- manager- gnome, and Hardy's network-manager libraries. In every case, each connection attempt led to a successful authentication on the RADIUS server, but Ubuntu failed to connect with the same timeout message. Upgrading to the latest version of wpasupplicant and network-manager packages hasn't helped.
Status: EAP-TLS never works. PEAP and EAP-TTLS work consistently.
Fix: Use 2.6.24 kernel from Hardy packages
So any idea what could cause EAP-TLS networks to fail when the RADIUS server authenticates the user properly and does so promptly? What other packages could be involved?