802.1X EAP-TTLS (RADIUS) wireless network authentication using NetworkManager/nm-applet (eduroam)

Bug #182906 reported by harrydb
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
NetworkManager
Fix Released
Wishlist
network-manager (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: network-manager

Eduroam is a large international wireless network for students/staff of educational institutes, see http://www.eduroam.org/ It uses RADIUS authentication protocol with EAP-TTLS . I think support for this network will be great for the adoption of Ubuntu on these institutes.

When clicking on 'eduroam' in the network manager applet it keeps connecting indefinitely, or sometimes spits out a dialog asking for a wep key.

I searched the forums and there where lots of support requests for this issue, but all solutions referred to using wpa_supplicant from the command line, none gave a solution using the network manager.

I will attach wpa.conf with which I can connect to eduroam networks (although somewhat buggy sometimes).
The log attached is what normally happens, nm-applet keeps asking for a wep key, I post a log with WPA enterprise set from nm-applet later (it does not work, I tried, but might give some more info).

Revision history for this message
harrydb (harrydeboer) wrote :
Revision history for this message
harrydb (harrydeboer) wrote :
harrydb (harrydeboer)
description: updated
harrydb (harrydeboer)
description: updated
harrydb (harrydeboer)
description: updated
Revision history for this message
PjotrAmslap (pieterpalsma) wrote :

Same problem here; student at Twente University, the Netherlands. Connecting to the wireless network is quite tricky, even with the description provided by the network administrators. It would help me much if connecting would be made easier.

It also keeps student from trying Ubuntu, because using the wireless network is essential. When it's such a hassle to connect, most users stop using Ubuntu and go back to Windows.

Changed in network-manager:
status: New → Confirmed
Revision history for this message
harrydb (harrydeboer) wrote :

I have figured out how to configure the network manager applet to make it work (screenshot attached). The key was to manually select "Dynamic WEP" ("Automatic" does not work) for key type and other settings as in the image. When this is set once manually the applet will remember the settings.

Still I think it is not ideal since in the initial dialog asking for a network key it is not possible to select the right type (EAP). Since it is possible this is not really a bug anymore but maybe more "wishlist".

Revision history for this message
David Jaša (dejv) wrote :

Part of trouble is that both PEAP and TTLS don't tell supplicant supported phase2 protocols (some of PAP/CHAP/MSCHAPV2) and another part is that you can't tell NM(-applet) to remember credentials even if something goes wrong. (I filed upstream bug report, feel free to add it to "also affects project": http://bugzilla.gnome.org/show_bug.cgi?id=514363 )

Changed in network-manager:
status: Confirmed → Triaged
Changed in network-manager:
status: Unknown → Fix Released
Revision history for this message
tdl (tuedel) wrote :

I'm still experiencing problems connecting to the eduroam wlan at my university with the current version of NetworkManager (network-manager-0.7~~svn20081008t224042, Intrepid). Somehow the connection times out, while connecting manually with wpa_supplicant (same settings and certificate ) works like a charm.

I've attached a tarball containing a logfile of NetworkManager, the respective iwevent output and my working wpa_supplicant config.

Revision history for this message
tdl (tuedel) wrote :

reopened

Changed in network-manager:
status: Triaged → New
Revision history for this message
harrydb (harrydeboer) wrote :

Most of the time I can get a connection, but I get disconnected *a lot*. Sometimes I cannot get a connection as described above.

Revision history for this message
Alexander Sack (asac) wrote :

should be fixed in NM 0.7

Changed in network-manager:
status: New → Fix Released
Revision history for this message
tdl (tuedel) wrote :

Well, maybe it should be fixed, but it still doesn't work for me. (I tried it again today with an Intrepid live CD)

Should I open a new bug?

Revision history for this message
Alexander Sack (asac) wrote :

we have a few EAP enterprise regression bugs open. bug 272185 ... and bug 291242 ... does one of those fit your issue?

Revision history for this message
tdl (tuedel) wrote :

No, none of these fits my issue. As I said, I don't get any error message, the connection attempt just times out. (I get one if I use an invalid certificate). Everything is working fine if just connect manually via wpa_supplicant (using the wext interface).
I will try again with a Gutsy live CD asap to check if it is a regression.

Revision history for this message
tdl (tuedel) wrote :

No regression from 7.10... The old NetworkManager doesn't even give me the option to select EAP as phase 2 authentication.

Revision history for this message
Alexander Sack (asac) wrote :

tdl, the network-manager in network-manager PPA increases the timeout ... so if its just atiming thing it might help you. please test.

Revision history for this message
Luis Medinas (lmedinas) wrote :

See also this bug i'm trying to debug -> http://bugzilla.gnome.org/show_bug.cgi?id=558175
Feel free to track it via LP.

Changed in network-manager:
importance: Unknown → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.