Binary package hint: wpasupplicant
I'm trying to connect to a wireless network via EAP-TLS with NetworkManager and wpa-supplicant. The RADIUS server is running freeradius 2.1.0.
Jaunty never manages to authenticate with 4096 bit keys. The same 4096 bit keys work fine with Windows, OS X, and even my iPhone. After some testing I found out that I can connect with Jaunty if I use 1024 bit keys (on the client side, the server side still can use larger ones) but all keys > 1024 bits won't work.
To debug this, I've built eapol_test from wpasupplicant 0.6.6-2ubuntu1 and did some test with a certificate infrastructure created by freeradius' example scripts (which use 2048 bit keys both for the server and clients).
Once again: The 2048 keys worked fine everywhere except on Jaunty!
freeradius' debug messages show that it actually sends out an Access-Accept but wpasupplicant sees a failure nevertheless!
Then I did the same tests with an older statically-linked version of eapol_test (http://wiki.eduroam.cz/rad_eap_test/eapol_test/ linked from the freeradius site). This version actually manages to authenticate (even with 4096 bit keys). The logs on the server look just like with the Jaunty' eapol_test but unlike the Jaunty version, this older version actually interprets the Access-Accept correctly.
So, either newer wpasupplicant versions broke EAP-TLS for keys with more than 1024 bits, or there's an Ubuntu-specific problem.
Thank you for reporting this bug to Ubuntu. Jaunty reached EOL on October 23, 2010.
See this document for currently supported Ubuntu releases: https:/
Please either a) upgrade and test or b) increase the verbosity of the steps to recreate it so we can try again.
Do feel free to report any other bugs you may find.