Ubuntu
wpasupplicant package

  1. Bug #1104476
  2. Comment #38

Comment 38 for bug 1104476

Revision history for this message
vacaloca (ltirado) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate

I just wanted to say that comment #19 of removing "system-ca-certs=true" from /etc/NetworkManager/system-connections also worked for me. Actually, what I did was set the statement to false. When I re-started the connection, it worked on the next try.

I also did a sudo chmod -w NUwave after the first time it connected, so that should avoid the statement from reappearing since now the file is read-only. Given the connection name, I'm at Northeastern University, which uses WPA2/PEAP/MSCHAP as well.

From /var/log/syslog upon successful authentication:

May 2 13:21:52 wpa_supplicant[1434]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 2 13:21:52 wpa_supplicant[1434]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 2 13:21:52 wpa_supplicant[1434]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 2 13:21:52 wpa_supplicant[1434]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=Massachusetts/L=Boston/O=Northeastern University/OU=IT/CN=wireless.neu.edu'
May 2 13:21:52 wpa_supplicant[1434]: last message repeated 2 times
May 2 13:21:52 Faraday wpa_supplicant[1434]: EAP-MSCHAPV2: Authentication succeeded

Before the statement was switched to false, syslog showed statements like:

May 2 13:02:59 wpa_supplicant[1483]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 2 13:02:59 wpa_supplicant[1483]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 2 13:02:59 wpa_supplicant[1483]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 2 13:02:59 wpa_supplicant[1483]: TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=US/ST=Massachusetts/L=Boston/O=Northeastern University/OU=IT/CN=wireless.neu.edu'
May 2 13:02:59 wpa_supplicant[1483]: wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=0 subject='/C=US/ST=Massachusetts/L=Boston/O=Northeastern University/OU=IT/CN=wireless.neu.edu' err='unable to get local issuer certificate'
May 2 13:02:59 wpa_supplicant[1483]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
May 2 13:02:59 wpa_supplicant[1483]: OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
May 2 13:02:59 wpa_supplicant[1483]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 2 13:03:00 wpa_supplicant[1483]: wlan0: CTRL-EVENT-DISCONNECTED bssid=00:24:6c:e7:7b:51 reason=6

Before I had tried this, I had attempted to use the certificate that Windows 7 associated with the same NUwave wireless connection, but I was still unsuccessful at authenticating even with that. The odd thing is that a few weeks back when I tested with an Ubuntu 13.04 Beta 2 USB stick it worked fine, but stopped working at some point, and I re-tested with the USB stick today and it still failed, so at that point I knew it wasn't anything package related and stumbled across this bug and solution which fixed it! :)