Comment 56 for bug 429370

In 12.04.x proposed there is patched wpasupplicant package, which solves the problem to 90 percent. Give it a try!

There are random disconnects, but it is stable most of the time. From my experience the 5 GHz channel are more stable than the 2 GHz ones.

Furthermore there are different kernel patches since 3.9.5 to get a faster authentication during direct probing => see text;

wpasupplicant (0.7.3-6ubuntu2.2) precise-proposed; urgency=low

  * Multiple patches to reduce the number of disconnections for WPA Enterprise
    roaming and Opportunistic Key Caching. (LP: #1187524)
  * In debian/patches:
    0001-sme-fix-retry-after-auth-assoc-timeout-failure.patch,
    0002-sme-optimize-recovery-from-common-load-balancing-mechanisms.patch,
    0003-sme-blacklist-bss-on-first-failure-if-only-a-*.patch,
    0004-sme-extend-load-balancing-optimization-in-bss-blacklisting.patch,
    0005-sme-optimize-recovery-from-association-command-failures.patch,
    0006-sme-add-timers-for-authentication-and-association.patch,
    0007-sme-nl80211-set-cipher-suites.patch:
    Cherry-pick patches fixing SME (Session Management Entity) for the nl80211
    driver, which works as a basis for the OKC patches.
  * In debian/patches:
    0001-pmkokc-Set-portValid-TRUE-on-association-for-driver-based-4.patch,
    0002-pmkokc-Clear-WPA-and-EAPOL-state-machine-config-pointer-on-.patch,
    0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch,
    0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch,
    0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch,
    0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch,
    0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch,
    0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch,
    0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch,
    0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch,
    0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch,
    0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch,
    0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch:
    Cherry-pick patches to properly do OKC (Opportunistic Key Caching) which
    helps maintaining connectivity on networks secured with WPA Enterprise,
    especially on nl80211-based drivers -- these patches require SME, and add
    or fix key caching and handling of the cache entries.
  * debian/patches/force-enable-okc.patch: force Opportunistic Key Caching to
    be enabled.
  * debian/patches/less-aggressive-roaming.patch: use less aggressive roaming
    settings to avoid switching to another AP unnecessarily, when the actual
    signal level difference is small.
  * debian/patches/wpa_supplicant-dbus-null-error.patch: Don't send NULL to
    dbus_message_new_error().
  * debian/patches/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch: fix
    marking qual as invalid rather than signal level.
  * debian/patches/wpa_supplicant-squelch-driver-disconnect-spam.patch: recover
    cleanly from streams of disconnect messages (like on iwl3945).
  * debian/patches/wpa_supplicant-assoc-timeout.patch: increase association
    timeouts.
 -- Mathieu Trudel-Lapierre <email address hidden> Wed, 12 Jun 2013 15:57:50 -0400

ubuntu bug 1187524 Frequent disconnects under certain network conditions

https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.9.5

commit dfd969a6927de9298544d1d51d9e69b9e88243f2
Author: Stanislaw Gruszka <email address hidden>
Date: Fri May 17 13:43:04 2013 +0200

    mac80211: fix direct probe auth
        commit 6211dd12da609bc6893b9c3182630b494737ec4b upstream.
        We send direct probe to broadcast address, as some APs do not respond to
    unicast PROBE frames when unassociated. Broadcast frames are not acked,
    so we can not use that for trigger MLME state machine, but we need to
    use old timeout mechanism.
        This fixes authentication timed out like below:
        [ 1024.671974] wlan6: authenticate with 54:e6:fc:98:63:fe
    [ 1024.694125] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
    [ 1024.695450] wlan6: direct probe to 54:e6:fc:98:63:fe (try 2/3)
    [ 1024.700586] wlan6: send auth to 54:e6:fc:98:63:fe (try 3/3)
    [ 1024.701441] wlan6: authentication with 54:e6:fc:98:63:fe timed out
        With fix, we have:
        [ 4524.198978] wlan6: authenticate with 54:e6:fc:98:63:fe
    [ 4524.220692] wlan6: direct probe to 54:e6:fc:98:63:fe (try 1/3)
    [ 4524.421784] wlan6: send auth to 54:e6:fc:98:63:fe (try 2/3)
    [ 4524.423272] wlan6: authenticated
    [ 4524.423811] wlan6: associate with 54:e6:fc:98:63:fe (try 1/3)
    [ 4524.427492] wlan6: RX AssocResp from 54:e6:fc:98:63:fe (capab=0x431 status=0 aid=1)
        Signed-off-by: Stanislaw Gruszka <email address hidden>
    Signed-off-by: Johannes Berg <email address hidden>
    Signed-off-by: Greg Kroah-Hartman <email address hidden>

commit c52d6fec681236d2adc5cdfcc10e76c7baea455d
Author: Johannes Berg <email address hidden>
Date: Mon May 13 16:42:40 2013 +0200

    mac80211: fix AP-mode frame matching
        commit 2b9ccd4e4308272e5aec614b77c5385e7ec2ec90 upstream.
        In AP mode, ignore frames with mis-matched BSSID that aren't
    multicast or sent to the correct destination. This fixes
    reporting public action frames to userspace multiple times
    on multiple virtual AP interfaces.
        Reported-by: Jouni Malinen <email address hidden>
    Signed-off-by: Johannes Berg <email address hidden>
    Signed-off-by: Greg Kroah-Hartman <email address hidden>