Grayed out "Connect" button when using WPA2 Entreprise+TLS authentication

could you please killall nm-applet, start nm-applet from a terminal and report the output you get when reproducing?

On Wed, Oct 29, 2008 at 10:32:00AM -0000, Dokterdok wrote:
> +
> + ubuntu@ubuntu:~$ killall nm-applet
> + ubuntu@ubuntu:~$ sudo /usr/bin/nm-applet start

Please dont start the applet as "root". just start it as user should
be enough:

 killall nm-applet; nm-applet

> + ** (nm-applet:8391): WARNING **: No connections defined
> +
> + ** (nm-applet:8391): WARNING **: Invalid connection: 'NMSetting8021x' /
> + 'identity' invalid: 2
> +
> + ** (nm-applet:8391): WARNING **: <WARN>
> + applet_menu_item_activate_helper(): Invalid connection; asking for more
> + information.

is the output above _before_ the connect attempt and the output below
when entering new info?

Also NM applet might be a bit picky. have you ensured that everything
is filled out properly and no whitespaces and such?

 - Alexander

I tried Ubuntu 8.10 final at home today. The "connect" button was grayed out as well when I created a hidden wireless network with my university's settings (same as in bug description). Here's the output:

ubuntu@ubuntu:~$ killall nm-applet; nm-applet

** (nm-applet:8451): WARNING **: No connections defined

** (nm-applet:8451): CRITICAL **: convert_iv: assertion `src != NULL' failed

** (nm-applet:8451): CRITICAL **: convert_iv: assertion `src != NULL' failed

** (nm-applet:8451): CRITICAL **: convert_iv: assertion `src != NULL' failed

** (nm-applet:8451): CRITICAL **: convert_iv: assertion `src != NULL' failed

does "hidden" matter here?

I guess not. The difference here is that I added this connection while being at home (I didn't chose any "available wireless network" from the nm menu), but still get that grayed out connect button. I will try Ubuntu 8.10 final (live cd) at my university tomorrow and compare the outputs with those of the RC.

Same issue here. When I try to connect to a WPA2 TLS network, the "OK" button in the form asking me for the certificates is grayed out no matter what I do.
nm-applet says the following:
** (nm-applet:11940): WARNING **: Invalid connection: 'NMSettingWireless' / 'ssid' invalid: 2
<repeated 13 times>

** (nm-applet:11940): WARNING **: Invalid connection: 'NMSetting8021x' / 'identity' invalid: 2

** (nm-applet:11940): WARNING **: <WARN> applet_menu_item_activate_helper(): Invalid connection; asking for more information.
<connection attempt, asking me for certificates>

** (nm-applet:11940): CRITICAL **: convert_iv: assertion `src != NULL' failed
<one for every character I type into the passphrase field>

The certificates I used to try this didn't even have their private keys encrypted, I didn't need a passphrase on hardy at all.
On hardy, everything worked flawlessly.

Any further things I can try to help debug this issue?

I reproduced the bug at my university with Ubuntu 8.10 (live cd) and the output looks similar to the RC.I also attached a copy of my syslog, after I reproduced the bug twice. I hope this helps.

ubuntu@ubuntu:~$ killall nm-applet; nm-applet

** (nm-applet:9811): WARNING **: No connections defined

** (nm-applet:9811): WARNING **: Invalid connection: 'NMSetting8021x' / 'identity' invalid: 2

** (nm-applet:9811): WARNING **: <WARN> applet_menu_item_activate_helper(): Invalid connection; asking for more information.

** (nm-applet:9811): CRITICAL **: convert_iv: assertion `src != NULL' failed

** (nm-applet:9811): CRITICAL **: convert_iv: assertion `src != NULL' failed

** (nm-applet:9811): CRITICAL **: convert_iv: assertion `src != NULL' failed

** (nm-applet:9811): CRITICAL **: convert_iv: assertion `src != NULL' failed

This sounds just like bug #291242. It's also been looked over at the gnome bugzilla page (http://bugzilla.gnome.org/show_bug.cgi?id=558982), although their fix leaves me a little baffled. Basically, at bugzilla they claim that you now need to make DER instead of PEM files. I've done that, and still have the grayed-out problem, although I have no idea if I've made my DER files correctly. At least one person over there claims its working.

I have solved this problem for me by using a private keyfile with a password associated to it which I didn't have before. Now the button isn't grayed out and I'm able to successfully establish a connection. Maybe this is helpful for others, too.

On Wed, Oct 29, 2008 at 10:41:18AM -0000, Dokterdok wrote:
> The "Connect" button remained grayed out, clicking on it didn't work.

What is the "Connect" button?

 - Alexander

When trying to connect to a not yet configured network, NM asks for the certificates etc.
In the bottom right corner of the Window is the confirmation button, which will save the information provided and try to connect to the network, in German it's called "Verbinden", so "Connect" is a guess.

I can confirm that encrypting the key fixes the problem. It doesn't matter whether the certificates/key are in PEM or DER format. If the key is encrypted, and the correct password is inputted, the connect button lights up and becomes usable.

However, that doesn't fix the fact that network-manager is largely useless for 802.1x. With PEAPv0/MSCHAPv2 I was able to connect about 50% of the time. The rest of the time, the freeradius debug log showed that no attempt was even made to connect. With EAP-TLS, I see the same behavior, but even when the freeradius log shows a successful connection, network manager refuses to connect and doesn't output any errors!

I am able to connect 100% of the time with either the Windows XP supplicant or Juniper's Odyssey Access client. This is clearly a network-manager issue. Hopefully, wpa-supplicant will be more reliable.

On Wed, Dec 10, 2008 at 02:25:49AM -0000, jasonwc wrote:
> I can confirm that encrypting the key fixes the problem. It doesn't
> matter whether the certificates/key are in PEM or DER format. If the key
> is encrypted, and the correct password is inputted, the connect button
> lights up and becomes usable.
>
> However, that doesn't fix the fact that network-manager is largely
> useless for 802.1x. With PEAPv0/MSCHAPv2 I was able to connect about 50%
> of the time. The rest of the time, the freeradius debug log showed that
> no attempt was even made to connect. With EAP-TLS, I see the same
> behavior, but even when the freeradius log shows a successful
> connection, network manager refuses to connect and doesn't output any
> errors!
>
> I am able to connect 100% of the time with either the Windows XP
> supplicant or Juniper's Odyssey Access client. This is clearly a
> network-manager issue. Hopefully, wpa-supplicant will be more reliable.
>

WPA-TLS is fixed in final 0.7 ... will take a bit until this lands as
a backport in intrepid though.

 - Alexander

jasonwc wrote:
> I can confirm that encrypting the key fixes the problem. It doesn't
> matter whether the certificates/key are in PEM or DER format. If the key
> is encrypted, and the correct password is inputted, the connect button
> lights up and becomes usable.
>
>
I think this is the more concrete bug 283635

Hi all. Does this problem still exist in Ubuntu 12.04?

I am seeing the greyed out connect button on 12.04. In my case I believe my key is encrypted (it says "BEGIN ENCRYPTED PRIVATE KEY"). So, this is likely a different problem.