networkmanager can't use PEAP or TTLS

I can confirm this.

I spent the better part of today trying to connect to my University's TTLS network before figuring it out via wpa_supplicant.

Here is my wpa_supplicant configuration:

ctrl_interface_group=0
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=1
fast_reauth=1
network={
        ssid="My-SSID"
        proto=WPA
        key_mgmt=WPA-EAP
        pairwise=TKIP
        group=TKIP
        ca_cert="/tmp/rootca.cer"
        eap=TTLS
        identity="<username>"
        password="<password>"
        phase2="auth=PAP"
        priority=2
}

It is run with:

  sudo wpa_supplicant -D wext -i ath0 -c /etc/wpa_supplicant/supp.conf

and works perfectly. However, when I enter the same info into NetworkManager, it tries but eventually gives up.

One thing I noticed is that without the option:

  pairwise=TKIP

It would not work. I do not know how to investigate what parameters NM is passing to wpa_supplicant, but if it omits that one, things will probably not work.

This would be a wonderful fix to have, since doing this manually requires I kill NM and do it myself instead, not preferable.

Very similar situation for me: I have to be able to use eap=TLS and pairwise=TKIP, but there is no way to specify it in knetworkmanager.
With wpasupplicant configured "by hand" everything works well.

The same bug for knetworkmanager can be found in KDE's bugtracker: http://bugs.kde.org/show_bug.cgi?id=143526

This should be confirmed. A simple search with Google reveals a lot of people with the same problem:

http://www.google.com/search?hl=en&q=peap+network.manager&btnG=Google+Search

I have this problem with the Concordia University Wireless network (Montreal). A user provides a workaround:

http://blog.naxsoft.com/post/422

Other workaround proposed (which are similar to those given in this bug report):

http://ubuntuforums.org/showthread.php?p=1455704#post1455704
http://ubuntuforums.org/showthread.php?t=278603
http://ubuntudemon.wordpress.com/2006/10/18/problems-connecting-to-wireless-university-network-peapwep/

Essentially, everybody says that NetworkManager does not provide the features required to connect LEAP/PEAP/TTLS.

This should be confirmed. This is really annoying to use an outdated method while it could just work if it was integrated with NM.
I am willing to pay to see this feature implemented.

A week ago I was at a commercial center and there was a secure AP that I mistakenly clicked on. To my surprise, NM showed me PEAP options (I should have taken a screenshot). Of course, I could not connect since I did not had any authorization, so I could not test if an actual connection was possible.

This suggest that NM has the GUI implemented properly, but often cannot properly detect when the connection requires PEAP authentication.

This has been fixed upstream (http://mail.gnome.org/archives/networkmanager-list/2006-July/msg00034.html - here is a patch that adds the support), therefore it will undoubtly be included in Gutsy. I reject this because it will not get solved before Gutsy anyway...

I disagree with that last comment as this isn't a LEAP issue, but rather with the configuration options available within KNetworkManager.

I can connect to any network using any valid security configuration as long as wpa_supplicant is used. If I use KNetworkManager, I can only connect consistenly to networks using Pre-Shared Keys. It doesn't matter if it is WPA or WEP and and Personal vs. Enterprise.

The only configuration option that differs from the GUI and wpa_supplicant.conf is the "pairwise" option. By using wpa_supplicant and this option, I can consistenly connect to a PEAP/WPA/TKIP/MsCHAPv2/RADIUS Wireless network (please see attached working wpa_supplicant.conf file). I cannot do this using KNetworkManager - even including v0.2 from Gutsy.

This issues described above are the same issues I experienced (exactly) with Edgy, Feisty, and now Gutsy (to Tribe 3 so far) with both KNetworkManger 0.1 and 0.2. I would suggest that the KNetworkManager GUI have all of the options that are available in wpa_supplicant.

On Fri, Aug 10, 2007 at 08:56:48PM -0000, Tix6174 wrote:
> I disagree with that last comment as this isn't a LEAP issue, but rather
> with the configuration options available within KNetworkManager.
>
> I can connect to any network using any valid security configuration as
> long as wpa_supplicant is used. If I use KNetworkManager, I can only
> connect consistenly to networks using Pre-Shared Keys. It doesn't
> matter if it is WPA or WEP and and Personal vs. Enterprise.
>
> The only configuration option that differs from the GUI and
> wpa_supplicant.conf is the "pairwise" option. By using wpa_supplicant
> and this option, I can consistenly connect to a
> PEAP/WPA/TKIP/MsCHAPv2/RADIUS Wireless network (please see attached
> working wpa_supplicant.conf file). I cannot do this using
> KNetworkManager - even including v0.2 from Gutsy.
>
> This issues described above are the same issues I experienced (exactly)
> with Edgy, Feisty, and now Gutsy (to Tribe 3 so far) with both
> KNetworkManger 0.1 and 0.2. I would suggest that the KNetworkManager
> GUI have all of the options that are available in wpa_supplicant.
>

which version of network-manager package do you use? Can you please
try the latest gutsy package?

 - Alexander

I am using all latest packages from Gutsy. I have also wiped my installation and performed a clean install from Tribe 4 CD and all updates.

Packages are:
network-manager-kde 1:0.2ubuntu1-0ubuntu1
network-manager 0.6.5-0ubuntu9
wpasupplicant 0.6.0-1

One thing I forgot to mention in my last post was that I'm using the IPW2200 driver.

I added knetworkmanager to this bug ... as this appears to be not a network-manager issue.

can you guys see if this is the same issue?
https://bugs.launchpad.net/ubuntu/+source/knetworkmanager/+bug/107321

That is this bug ID (107321).

It also seems that there is a NetworkManager version on which phase2 is available (I don't know which version this image comes from) : http://rorschach.concordia.ca/neg/remote_access/wireless/gnome-network-manager.png

After a few more researches, this is NetworkManager 0.6.5, that will be included in Gutsy Gibbon :-)

I've just upgraded to Gutsy, and knetworkmanager still fails to connect to a PEAP-based network. WPA-Personal works fine, even through knetworkmanager, but the PEAP option doesn't seem to work.

knetworkmanager 1:0.2ubuntu1-0ubuntu4
network-manager 0.6.5-0ubuntu11

Hi,

looks like there is a patch that adds Key Type to the dialog but it can't be applied to current gutsy knetworkmanager.

You can found it there : http://bugs.kde.org/show_bug.cgi?id=138504

For the Key Type Problem, see this beg : #105899

The problem still persist in Hardy Heron 08.04 Alpha 4 (A4), at least for TTLS.

BTW, why is this bug stated as "invalid" against the network-manager?

Putting this bug back to "new" from "invalid". Someone needs to justify why they put this one as "invalid". If it is because the problem is not the Network Manager per say, but the Gnome application, then nm-applet should be listed too.

hans: sorry, that was my bad, I did not properly understood the triaging proces by then.

The problem reported here and in most of the comments is that KNetworkManager doesn't allow you to select TKIP, which is the same as bug 105899. Network-manager supports it, knetworkmanager is just missing the option, so this is "Invalid" for network-manager, and a duplicate of bug 105899.

If you have trouble connecting for a different reason (i.e. different solution/workaround) please look for and/or file another bug.