Network manager cannot connect to WPA2/PEAP/MSCHAPv2 enterprise wifi networks without CA_Certificate, like Eduroam
- Trusty (14.04)
- Bug #1104476
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NetworkManager |
Fix Released
|
High
|
|||
Release Notes for Ubuntu |
Fix Released
|
Undecided
|
Andy Whitcroft | ||
Fedora |
Fix Released
|
Medium
|
|||
Gentoo Linux |
Fix Released
|
Medium
|
|||
network-manager (Debian) |
New
|
Unknown
|
|||
network-manager (openSUSE) |
Won't Fix
|
High
|
|||
network-manager-applet (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Trusty |
Triaged
|
High
|
Unassigned | ||
wpasupplicant (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Trusty |
Triaged
|
High
|
Unassigned |
Bug Description
HOW TO REPRODUCE:
Connect to a MPA2/PEAP/MSCHAPv2 enterprise wifi network that doesn't use a CA Certificate, like Eduroam.
RESULT:
The computer doesn't connect, as the certificate verification fails.
WORKAROUNDS:
(http://
RELEASE NOTES TEXT:
When connecting to MPA2/PEAP/MSCHAPv2 enterprise wifi networks that doesn't use a CA Certificate, like Eduroam, the connection fails (http://
zsolt.ruszinyák (zsolt-ruszinyak) wrote : | #1 |
- CRDA.txt Edit (257 bytes, text/plain; charset="utf-8")
- Dependencies.txt Edit (8.1 KiB, text/plain; charset="utf-8")
- IpAddr.txt Edit (683 bytes, text/plain; charset="utf-8")
- IwConfig.txt Edit (508 bytes, text/plain; charset="utf-8")
- NetDevice.eth0.txt Edit (500 bytes, text/plain; charset="utf-8")
- NetDevice.lo.txt Edit (207 bytes, text/plain; charset="utf-8")
- NetDevice.wlan0.txt Edit (493 bytes, text/plain; charset="utf-8")
- NetworkManager.conf.txt Edit (69 bytes, text/plain; charset="utf-8")
- PciNetwork.txt Edit (1.2 KiB, text/plain; charset="utf-8")
- RfKill.txt Edit (188 bytes, text/plain; charset="utf-8")
- WifiSyslog.txt Edit (361.9 KiB, text/plain; charset="utf-8")
summary: |
Network manager cannot connect to Eduroam (worldwide WiFi network for - university students| + university students) |
Launchpad Janitor (janitor) wrote : Re: Network manager cannot connect to Eduroam (worldwide WiFi network for university students) | #2 |
Changed in network-manager (Ubuntu): | |
status: | New → Confirmed |
hepaly (hurezi) wrote : | #3 |
I have the same problem. I can not connect to wifi network (WPA and WPA2 Enterprise PEAP, MSCHAPv2 +username/password)
The network manager doesn't accept my password. On last week, it worked well. (2013. 03.15.)
Mathieu Trudel-Lapierre (cyphermox) wrote : | #4 |
The certificate authority is missing. You may want to add it to the configuration in NetworkManager to point to a CA certificate that can be provided to you by your network administrator:
Jan 24 21:28:21 ubuntu wpa_supplicant[
Jan 24 21:28:21 ubuntu wpa_supplicant[
Jan 24 21:28:21 ubuntu wpa_supplicant[
Jan 24 21:28:21 ubuntu wpa_supplicant[
Jan 24 21:28:21 ubuntu wpa_supplicant[
Jan 24 21:28:22 ubuntu wpa_supplicant[
I've noticed this too happening with self-signed certificates in universities. The alternative is to edit the connection file in /etc/NetworkMan
Changed in network-manager (Ubuntu): | |
status: | Confirmed → Invalid |
zsolt.ruszinyák (zsolt-ruszinyak) wrote : | #5 |
but why only since 13.04 if it worked fine so far. anyway, I have found something here, it should be the certificate, but I haven't got round to try it myself: http://
hepaly (hurezi) wrote : | #6 |
Hi Zsolt, This problem affects me, when i try to connect to my office network. We never used certificate authority. The wifi network allows the connection, when I use a specific hostname, and username/password. Ubuntu 12.10 is working well. On last week, the wifi connection was OK on ubuntu 13.04.
hepaly (hurezi) wrote : | #7 |
I got a certificate file (*.crt) from IT, and the connection is working well (with this cert. file). It is interesting, because the 12.10 works without this file.
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to Eduroam (worldwide WiFi network for university students) | #8 |
if it doesn't change, this could mean a serious move-away from ubuntu,
cause I instapped ubuntu to many of my friemds juat because they were
unaboe to connect to eduroam in windows! don't underestimate this, I would
mark this of a very high importanace, being a dev...
On Mar 19, 2013 2:02 PM, "hepaly" <email address hidden> wrote:
> I got a certificate file (*.crt) from IT, and the connection is working
> well (with this cert. file). It is interesting, because the 12.10 works
> without this file.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to Eduroam (worldwide WiFi network for
> university students)
>
> Status in “network-manager” package in Ubuntu:
> Invalid
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> nmcli-dev:
> DEVICE TYPE ...
Alfredo Buttari (alfredo-buttari) wrote : Re: Network manager cannot connect to Eduroam (worldwide WiFi network for university students) | #9 |
Hi Hepaly,
what kind of certificate did you use? googling around I found (here, for example https:/
/usr/share/
should work but instead it does not work for me.
alfredo
hepaly (hurezi) wrote : | #10 |
Here are some screenshots about this issue:
I can connect to office network without using CA certificate file (ubuntu 12.10 live cd):
http://
Ubuntu 13.04 daily build doesn't accept my password. (using same settings, as ubuntu 12.10):
http://
But if I use the CA certificate file, what I got from IT guys, then the password validation is OK, and it connects to wifi network.
http://
Actually it works well using with CA certificate file, but why does the 12.10 work without this file? Is it bug or feature? :)
Changed in network-manager (Ubuntu): | |
status: | Invalid → New |
zsolt.ruszinyák (zsolt-ruszinyak) wrote : | #11 |
I'm marking this again as new, cause the definition of invalid says that it should be a support request which it is not, because canonical cannot provide support to solve it.
most people don't know what a CA certificate is, so you can't leave it this way, cause they will say, that ubuntu just cannot connect and they are moving back to windows... you have to consider what normal people will think about this.
Alfredo Buttari (alfredo-buttari) wrote : | #12 |
I've tried all sorts of certificates in the last few days (searching on google people say to use different types of them) but I couldn't make this work. Moreover the Eduroam site says to leave the certificate field empty. I can connect with my telephone with no problems so I'm sure the problem is not related to my account. I'll check if it works with an older ubuntu version asap.
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to Eduroam (worldwide WiFi network for university students) | #13 |
I have tries with different certificates (cause my school haven't issued
one) and it didn't work. currently there's no way for us to connect to
eduroam in 13.04.
On Mar 25, 2013 10:50 AM, "Alfredo Buttari" <email address hidden>
wrote:
> I've tried all sorts of certificates in the last few days (searching on
> google people say to use different types of them) but I couldn't make
> this work. Moreover the Eduroam site says to leave the certificate field
> empty. I can connect with my telephone with no problems so I'm sure the
> problem is not related to my account. I'll check if it works with an
> older ubuntu version asap.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to Eduroam (worldwide WiFi network for
> university students)
>
> Status in “network-manager” package in Ubuntu:
> New
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan...
Launchpad Janitor (janitor) wrote : Re: Network manager cannot connect to Eduroam (worldwide WiFi network for university students) | #14 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in network-manager (Ubuntu): | |
status: | New → Confirmed |
Igor Petrović (paradajz) wrote : | #15 |
Also unable to connect, works well in any Ubuntu version except for 13.04.
gluca (gianluca-carlesso) wrote : | #16 |
Hi! i have same bug. The problem occurs only in 13.04.
Eduard Gotwig (gotwig) wrote : | #17 |
I have the same problem.
Very bad.
My college, the b.i.b International College Bergisch Gladbach (www.bg.bib.de) is affected!
In 12.04 it worked perfectly!
summary: |
- Network manager cannot connect to Eduroam (worldwide WiFi network for - university students) + Network manager cannot connect to WPA/PEAP/MSCHAPv2 network |
summary: |
- Network manager cannot connect to WPA/PEAP/MSCHAPv2 network + Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network |
Eduard Gotwig (gotwig) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network | #18 |
If this bug does not get fixed, a whole industry is affected.
This bug has to be critical!
summary: |
- Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network + Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without + CA_Certificate |
Eduard Gotwig (gotwig) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #19 |
Sry, I just want to note that removing "system-
Eduard Gotwig (gotwig) wrote : | #20 |
- Remove line 20 to solve the bug Edit (435 bytes, text/plain)
Remove the line that I marked (line 20) , to fix it
This is an example of my NetworkManager profile.
This file is saved under /etc/NetworkMan
with connecting to the wireless point at my college. (www.bg.bib.de)
Brendan Donegan (brendan-donegan) wrote : | #21 |
So it seems the problem is system-
Changed in network-manager (Ubuntu): | |
importance: | Undecided → High |
status: | Confirmed → Triaged |
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #22 |
I had no possibilty of testing these days. any progress, guys?
On Apr 9, 2013 11:30 AM, "Brendan Donegan" <email address hidden>
wrote:
> So it seems the problem is system-
> Eduard cancelling the request for the cert.
>
> ** Changed in: network-manager (Ubuntu)
> Importance: Undecided => High
>
> ** Changed in: network-manager (Ubuntu)
> Status: Confirmed => Triaged
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in “network-manager” package in Ubuntu:
> Triaged
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> nmcli-dev:
> DEVICE TYPE STATE DBUS-PATH
> wlan0 802-11-wireless connected
> /org/f...
Carl Davis (carl.davis) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #23 |
I can confirm that even though I choose ignore on the CA Cert dialog, the line "system-
Ryan Yates (ryanyates23) wrote : | #24 |
Hey, my laptop can't even find eduroam or setup-wifi to even attempt connecting since upgrading to 13.04. How can I go about fixing this?
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #25 |
upgrading is not good. try to fire up a usb image and try if it it can
connect in the live mode. the problem is probably with the upgrade. but
first try to connect to a hidden network.
On Apr 17, 2013 5:45 AM, "Ryan Yates" <email address hidden> wrote:
> Hey, my laptop can't even find eduroam or setup-wifi to even attempt
> connecting since upgrading to 13.04. How can I go about fixing this?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in “network-manager” package in Ubuntu:
> Triaged
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> nmcli-dev:
> DEVICE TYPE STATE DBUS-PATH
> wlan0 802-11-wireless connected
> /org/freedeskto
Eduard Gotwig (gotwig) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #26 |
Ryan: Just read the log on this page...
Pedro Nunes (nunes-p89) wrote : | #27 |
I am affected too.
Lets hope that on Monday its already fixed! :P
cosmin (wizardelo) wrote : | #28 |
well i just tried 13.04 on a live-usb and this issue is still there:(
cannot connect to peap without CA, line "system-
Matthew Dye (mdye) wrote : | #29 |
I believe this may be a GNOME problem. When I try it under Kubuntu and KDE, I can connect fine; while in GNOME, I cannot connect to my university (University of Missouri) wifi network.
Ben Hilburn (bhilburn) wrote : | #30 |
Confirming that this is a really serious issue.
PEAP connection, MSCHAPv2, no certificate but with a username & password, I *cannot* connect to the network. Previous versions of Ubuntu work fine. Indeed, my credentials on another machine running 12.10 work just fine.
Changed in network-manager (Ubuntu): | |
status: | Triaged → Confirmed |
mrtrick (patrick-hendrick) wrote : | #31 |
I can confirm this issue on a Lenovo T510, PEAP, MSCHAPv2, no cert. Switching to LEAP seems to hold fine. Removing system-
Fei (feisung) wrote : | #32 |
Hey Guys, this problem is quite serious!! Excitement in the morning after the upgrade on home wifi then complete dissapointment after 2hrs+ attempting to patch it :(
Tried just about all that was posted here and was unsuccessful. eduroam and other enterprise wpa networks just don't work anymore. Please supply a quick fix...
DeepJoy (deepjoy) wrote : | #33 |
Confirmed "system-
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #34 |
this is the 1. ubuntu release I didn't install right after it came out.
guess why.
and by the way the workarond by Eduard Gotwig from comment #19 sadly
doesn't work here either. the line is always re-added. please explain us
better how u did it cause more people have reported here that it doesn't
work.
Tyler (tyler.h) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #35 |
Workaround of removing "system-
BrunoB (bruno-bak) wrote : | #36 |
How i got it working:
1. Download the AddTrust External CA Root (Base64 format) available here: http://
2. Double click it and import using Gnome2 Key Storage (require sudo privileges).
3. Go to Network connections (right click con the wi-fi logo on the top right of the screen) and Add a new connection.
4. Name the new connection "eduroam"and have the SSID also "eduroam"
5. Under Wi-fi security choose "WPA 2 enterprise", Authentication: "Proteacted EAP (PEAP)", CA Certificate browse the file you downladed on step 1.
6. Username have your COMPLETE email (include @schoolname.
7.include your password.
Save it.
Good luck
Franko Burolo (fburolo) wrote : | #37 |
Same problem here. And 13.04 really is the first Ubuntu where this doesn't work. And sure it IS critical!
If this is not fixed, Ubuntu will prove useless for most education (students/profs) and business users. And the bug is still unassigned since January?! Come on!
I just can't believe that the swirl direction of the BFB icon was a more important bug than this one... In terms that it was promptly addressed, unlike this one.
vacaloca (ltirado) wrote : | #38 |
I just wanted to say that comment #19 of removing "system-
I also did a sudo chmod -w NUwave after the first time it connected, so that should avoid the statement from reappearing since now the file is read-only. Given the connection name, I'm at Northeastern University, which uses WPA2/PEAP/MSCHAP as well.
From /var/log/syslog upon successful authentication:
May 2 13:21:52 wpa_supplicant[
May 2 13:21:52 wpa_supplicant[
May 2 13:21:52 wpa_supplicant[
May 2 13:21:52 wpa_supplicant[
May 2 13:21:52 wpa_supplicant[
May 2 13:21:52 Faraday wpa_supplicant[
Before the statement was switched to false, syslog showed statements like:
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:02:59 wpa_supplicant[
May 2 13:03:00 wpa_supplicant[
Before I had tried this, I had attempted to use the certificate that Windows 7 associated with the same NUwave wireless connection, but I was still unsuccessful at authenticating even with that. The odd thing is that a few weeks back when I tested with an Ubuntu 13.04 Beta 2 USB stick it worked fine, but stopped working at some point, and I re-tested with the USB stick today and it still failed, so at that point I knew it wasn't anything package related and stumbled across this bug and solution which fixed it! :)
Franko Burolo (fburolo) wrote : | #39 |
The workaround works for me, too. Even without making the file read-only. I connected at my faculty's library in the early afternoon today. But I still think this is a critical issue, that could turn people away from Ubuntu.
It's very interesting what vacalola said about the old unchanged live image working once, and then not... Yet, the fact remains that this works completely fine in both 12.04 and 12.10, and just in 13.04 not.
Fei (feisung) wrote : | #40 |
I give up... this has just got me switching to another Linux distro! Spent the whole week trying to rebuild my machine just cos of this issue... One year + of Ubuntu Love now to it's brother... Which I should state that wpa-enterprise works at time of writing that is!
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #41 |
see? that's what I was talking about earlier.
don't u realize that u are destroying what u have been building all those 9
years?
u shouldn't have rolled out the new ubuntu with this.
On May 4, 2013 6:11 PM, "Fei" <email address hidden> wrote:
> I give up... this has just got me switching to another Linux distro!
> Spent the whole week trying to rebuild my machine just cos of this
> issue... One year + of Ubuntu Love now to it's brother... Which I should
> state that wpa-enterprise works at time of writing that is!
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in “network-manager” package in Ubuntu:
> Confirmed
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> nmcli-dev:
> DEVICE ...
Louis Mondésir (louis-mondesir) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #42 |
I've got the same bug. Editing the conf file jsut bring me random deconnection each minutes. Please fix this, I'm using Ubuntu for my studies ;)
(ps: sorry for bad english)
Franko Burolo (fburolo) wrote : | #43 |
...and still unassigned. :-/
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #44 |
ubuntu's gonna be the new "OFFLINE OS" :))) that't the right way to
penetrate the mobile market, isn't it?
On May 6, 2013 1:11 AM, "Franko Burolo" <email address hidden> wrote:
> ...and still unassigned. :-/
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in “network-manager” package in Ubuntu:
> Confirmed
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> nmcli-dev:
> DEVICE TYPE STATE DBUS-PATH
> wlan0 802-11-wireless connected
> /org/freedeskto
> eth0 802-3-ethernet unavailable
> /org/freedeskto
> nmcli-nm:
> RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE
> ...
ભાવિન દોશી (bkd-online) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #45 |
I had the same problem, and comment [#4][https:/
Franko Burolo (fburolo) wrote : | #46 |
So, we know that Network Manager should eihter remove that line or set it on false automatically, but it doesn't. We know it probably happens only in Gnome, though. See comment #29. I guess Kubuntu uses Network Manager too, but I might be wrong. No devs at all interested into investigating this, really?
Maybe they are trying to induce us to learn programming and fix it ourselves. :-D
Marius B. Kotsbak (mariusko) wrote : | #47 |
Hmm, I do not understand this. I'm using Eduroam with Raring and have not seen this problem. Maybe it is different since I have upgraded? I see that I have "system-
Anyway, I have pointed to the certificate file: "ca-cert=
Franko Burolo (fburolo) wrote : | #48 |
You are not seeing this problem because you ARE using CA certificate. When you don't have one Network Manager should ignore it and connect anyway, if you tell him so, which doesn't happen without manually editig a config file to force it to do so.
Now, it IS true that using a cert is safer, but my faculty doesn't even provide one. The network we use there is not Eduroam (though we have that too, for guests), but a local one. A year or so ago, I wrote them about this, they told me that it wasn't necessary, and that they don't have plans to provide it in the future. So I was thinking "Oh, well, whatever. As long as I can connect." And from the comments above, I see that my faculty is not the only one. So this is still of high importance, if not critical.
Franko Burolo (fburolo) wrote : | #49 |
...because most people will just follow their faculty's/company's IT team instructions, and those don't always provide any CA certificate.
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #50 |
u are absolutely right, fanko, my faculty doesn't provide a cert either and
I can confirm that people always follow the faculty's instructions. we have
a nice step by step tutorial for each OS and I also used when I set up
eduroam for the 1st time.
this bug is critical.
On May 6, 2013 5:15 PM, "Franko Burolo" <email address hidden> wrote:
> ...because most people will just follow their faculty's/company's IT
> team instructions, and those don't always provide any CA certificate.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in “network-manager” package in Ubuntu:
> Confirmed
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> nmcli-dev:
> DEVICE TYPE STATE DBUS-...
xyloman (xyloman) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #51 |
Removing the system-ca-cert=true line also worked in my configuration. I didn't notice this being an issue post upgrade because the configuration in the NetworkManager was working. I had to update my configuration in the NetworkManager because of a password rotation and this caused the system-ca-cert=true to be added to the file even though I answered Ignore to the dialog prompt. Upon finding this bug through google I removed the line from the /etc/NetworkMan
Pedro Nunes (nunes-p89) wrote : | #52 |
After all removing System-cs-cert=true from the file solved the problem.
Regards :P
Franko Burolo (fburolo) wrote : | #53 |
Yeh, in a regular support forum, this would be marked as [solved]... But this is a bug report, and is still unassigned, since January! :-/
Falk (andreas-mockel) wrote : | #54 |
I can confirm this "problem"
When I rotated server certs on our NPS'es from the CA in the PKI env.
The networkmanager messed with the file and the connection stopped working.
On our NPS radius server
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.
So it seems that even if I ignore the CA warning it sends some information of CA's to the NPS.
I haven't had the time to debug it further. But when editing the suggested line things started working again.
--
Regards Falk
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #55 |
earlier the workaround with removing the ominous line didn't work for me,
so I tried to set it to false as carl davis suggested in comment #23 and
and it works. it looks like this method should work for anyone. it somehow
removes the line anyway.
Sry, I just want to note that removing "system-
/etc/NetworkMan
--
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
CA_Certificate
Status in “network-manager” package in Ubuntu:
Confirmed
Bug description:
I can connect to Eduroam in 12.10 and any other previous release, but
not in 13.04. I checked, my name and password are correct, all
settings are the same as in 12.10.
Network properties:
security: WPA - WPA2 enterprise
authentication: protected EAP (PEAP)
CA certificate: none
PEAP version: automatic
inner autentication: MSCHAPv2
username: (required)
password: (required)
ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: network-manager 0.9.6.0+
ProcVersionSi
Uname: Linux 3.8.0-1-generic i686
ApportVersion: 2.8-0ubuntu2
Architecture: i386
CasperVersion: 1.330
Date: Thu Jan 24 21:32:25 2013
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
IpRoute:
default via 192.168.43.1 dev wlan0 proto static
169.254.0.0/16 dev wlan0 scope link metric 1000
192.168.43.0/24 dev wlan0 proto kernel scope link src 192.168.43.149
metric 9
LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
MarkForUpload: True
NetworkManage
[main]
NetworkingEn
WirelessEnab
WWANEnabled=true
WimaxEnabled
ProcEnviron:
PATH=(custom, no user)
XDG_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-con:
NAME UUID TYPE
READONLY DBUS-PATH
AndroidAP 978da457-
802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
no /org/freedeskto
Wired connection 1 6703fabc-
802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
no /org/freedeskto
eduroam 00f69a95-
802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
no /org/freedeskto
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH
wlan0 802-11-wireless connected
/org/freedeskto
eth0 802-3-ethernet unavailable
/org/freedeskto
nmcli-nm:
RUNNING VERSION STATE NET-ENABLED ...
Franko Burolo (fburolo) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #56 |
Ok, but this is just a workaround, not a fix... :-/
Marius B. Kotsbak (mariusko) wrote : | #57 |
I connected to eduroam using a Raring live cd without selecting a CA. Maybe the system ca setting means that it tries your system CA certificates? In that case this bug only applies to certificates used that are not in your system, e.g. self signed ones.
Franko Burolo (fburolo) wrote : | #58 |
I don't follow you... We are not having problems with certain certificates, but with connecting without one. So this bug applies only to a no-certificate situation. Read up the description again, please.
Marius B. Kotsbak (mariusko) wrote : | #59 |
In that case I assume the option you remove tries system CAs instead and fails if a ccertificate chain to one is not found.
Franko Burolo (fburolo) wrote : | #60 |
Maybe... Could you look into it and take this assignment, please? I see you have already been active in Network Manager bug fixing. :-)
Myzeus (myzeus) wrote : | #61 |
I can confirm the method in comment #23 works for me at UNIVPM (Ancona - Italy) with Ubuntu 13.04 Raring 64bit.
This is what I have done:
1) Connect to Eduroam using Networrk Manager inserting name, password and ignoring the certificate request. The connection fails, but the associated network profile appears in "/etc/NetworkMa
2) Turn off WI-Fi
3) Open the terminal and edit the network profile with "sudo nano /etc/NetworkMan
4) Change the line "system-
5) Turn on Wi-Fi
6) Connect to Eduroam using Network-Manager as usual
Looking ad the network profile I have seen that the line "system-
maxadamo (massimilianoadamo) wrote : | #62 |
Just OT.
Yes, the workaround fixes the issue.
OT: Troubles came from the day when Network Manager was invented.
It has never been reliable and - as we can see in every day experience - it has never been tested properly.
My favorite method for network configuration is the one used in Red Hat 5.
Yasar Wafeeq (yasir-wafeeq) wrote : | #63 |
Hello every body. I am also victim of such problem. Due to this wifi problem i am unable to use ubuntu. I started hating ubuntu. I can not connect to eduroam. It connects and after sometime it disconnects again after few seconds. and it keep going on like connecting then disconnecting. When i restart my laptop it ask for password and usernam again and authentication is required. what is this? please help me.
alecive (alecive) wrote : | #64 |
Ok now we found both the bug and the workaround. When the fix is supposed to be moved upstream?
rgrig (radugrigore) wrote : | #65 |
None of the following workarounds work for me:
1. remove "system-
2. change "system-
3. add a certificate, namely /usr/share/
What did work was to boot with kernel 3.5 instead of 3.8.
Elliot K Payen Padilla (epayen) wrote : | #66 |
Dear friends... I have same problem, I did test with live cd Ubuntu 12.08 and it worked smooth, but when I return to 13.04 I got the same problem. Only we have to wait the fix for this bug.. thanks for share your experiences.
Franko Burolo (fburolo) wrote : | #67 |
Yeh, but if nobody takes this assignment, will it ever be fixed?
It could be also a kernel problem, as rgrig points out. Anyone tried wicd or another distro with same kernel version?
Mervin Beng (mervinb) wrote : | #68 |
I have been hitting exactly what has been described on Arch (3.9 kernel, nm-applet 0.9.8.0), and the workaround of removing the ca-cert line in the config file works (permanently) for me. On Arch the permissions on the config files are 600, and removing that line seems to permanently address the problem.
Looks very much like a problem in nm-applet, which writes an incorrect config for ca-cert when password is set to save.
Chris Taylor (chris-taylor-t) wrote : | #69 |
I can concur with rgrig that under Kubuntu 13.04 booting with a 3.5 kernel rather than a 3.8 kernel solved the issue for me.
Also, as with rgrig, the other workarounds didn't work for the 3.8 kernel.
kazersozet (kazersozet) wrote : | #70 |
Hello,
I've the same problem.
None of the following workarounds work for me:
1. change "system-
2. chattr +i /etc/NetworkMan
Ubuntu 13.04 kernel 3.8.0-23
Chris Taylor (chris-taylor-t) wrote : | #71 |
I've installed some mainline kernels to check and again the problem is resolved and I can connect without problem.
The two kernels I've checked are:
3.9.0-030900-
3.10.0-999-generic
I've not tried wicd as I couldn't get it to install on my laptop.
schoubi (schoubi) wrote : | #72 |
I'm affected too.
13.04 + eduroam (WPA2/PEAP/
The workaround, as pointed by #19 and #23 : suppress the "system-
That's works.
Seems that the «Ignore» button when cert alert is displayed was just...
Arno Teigseth (arno-teigseth) wrote : | #73 |
just installed gnome3 desktop on top of linux mint 15.
Saw the error 20 and remembered I was bugged by that before. Edouards posting in #20 solves error 20 - :)
remove the certs...=true line. I DID press Ignore in the "oops no CA cert selected" box
network-manager 0.9.8.0-0ubuntu6 from linuxmint/ubuntu and ppa.launchpad.
Rebootkid (nate-moore) wrote : | #74 |
Comment #72 worked better for me than just removing the file.
I created the network connection, then edited it to show false for system-ca-cert
Elliot K Payen Padilla (epayen) wrote : | #75 |
Please.. somebody could post the entire configuration where appears
"certs...=true"
where "system-ca-cert" is located.
Thanks
John Chee (chee) wrote : | #76 |
Upstream bug: https:/
Marc Purdon (carc) wrote : | #77 |
I find it rather strange this is still unassigned, seems to me no network access is a major issue
Rommel Bojorge (rbojorge) wrote : | #78 |
the "system-ca-cert" is located at /etc/NetworkMan
Franko Burolo (fburolo) wrote : | #79 |
@carc: It seems like they don't care much about non-LTS releases anymore... Reporting serious bugs for them is becoming ever more useless. :-/
Leszek (pb-zalewski-leszek) wrote : | #80 |
Setting 'system-
Anyway looks like bug is just about setting system-
Cheers,
Leszek
Le Gluon Du Net (legluondunet) wrote : | #81 |
Thank you very much Eduard Gotwin, more than one month I could not connect to the wifi at work.
As you said I deleted the line
system-
and I could connect again at all my wpa2 enterprise WIFI network.
This bug is very critical as it touches enterprise wifi network, it should be corrected as soon as possible.
zsolt.ruszinyák (zsolt-ruszinyak) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #82 |
I wish there was no workaround for this big otherwise it would have been
solved long ago. But if there's a workaround, Canonical thinks there is no
need to work out the solution... obviously
On Aug 1, 2013 2:01 PM, "Le Gluon Du Net" <email address hidden> wrote:
> Thank you very much Eduard Gotwin, more than one month I could not connect
> to the wifi at work.
> As you said I deleted the line
> system-
> and I could connect again at all my wpa2 enterprise WIFI network.
> This bug is very critical as it touches enterprise wifi network, it should
> be corrected as soon as possible.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in “network-manager” package in Ubuntu:
> Confirmed
>
> Bug description:
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> 192.168.43.0/24 dev wlan0 proto kernel scope link src
> 192.168.43.149 metric 9
> LiveMediaBuild: Ubuntu 13.04 "Raring Ringtail" - Alpha i386 (20130123)
> MarkForUpload: True
> NetworkManager.
> [main]
> NetworkingEnabl
> WirelessEnabled
> WWANEnabled=true
> WimaxEnabled=true
> ProcEnviron:
> PATH=(custom, no user)
> XDG_RUNTIME_
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> SourcePackage: network-manager
> UpgradeStatus: No upgrade log present (probably fresh install)
> nmcli-con:
> NAME UUID TYPE
> TIMESTAMP TIMESTAMP-REAL AUTOCONNECT
> READONLY DBUS-PATH
> AndroidAP 978da457-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no /org/freedeskto
> Wired connection 1 6703fabc-
> 802-3-ethernet 1359062570 Thu 24 Jan 2013 09:22:50 PM UTC yes
> no /org/freedeskto
> eduroam 00f69a95-
> 802-11-wireless 1359063171 Thu 24 Jan 2013 09:32:51 PM UTC yes
> no...
Le Gluon Du Net (legluondunet) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #83 |
Now we have a workaround but at each computer restart, you have to use the workaround again.
Because at each restart Network-Manager add the line "system-
Very annoying bug and very improductive at work.
Alexey Brodkin (alexey-brodkin) wrote : | #84 |
Disagree. In my case (fresh & updated 13.04 64-bit) I don't see configuration file changes on reboot.
I may expect it to be modified if you remove your current Wi-Fi connections from known ones in NetworkManager and then will try to connect to it again - this indeed will create a new config file in "/etc/NetworkMa
Alexey Brodkin (alexey-brodkin) wrote : | #85 |
Another note from my side - even though as I mentioned above I see configuration file stays on reboot but I cannot get my password saved. So EVERY REBOOT I have to enter my Wi-Fi password manually. Which is a bit more than inconvenient especially keeping in mind that this is a LAPTOP and I toggle its power at least twice a day when traveling to the office and back.
I'm wondering if others see the same experience or there's something I didn't do properly (I do set a checkbox "remeber my password" every time I enter password).
James Donovan (jamesdonnabhain-deactivatedaccount) wrote : | #86 |
I have a similar problem, all wireless networks (public and home) work on my current version of Ubuntu (13.04).
I've just started university and the people at IT refused to look at my linux dist and set me up in Windows7 instead. They claimed enterprise (WPA/WPA2) wasn't for Linux!! They made a weak attempt to set up in my Ubuntu OS (13.04).
When I try to set up my network from Network and wireless settings the connect button is greyed out and there are no security settings from the drop down menu so the workaround here isn't even applicable yet. In any case this will deter many a new Ubuntu user from such wireless networks.
Mathieu Trudel-Lapierre (cyphermox) wrote : | #87 |
This needs some work to be fixed -- there's an upstream bug, but it seems like the actual behavior might be slightly different. Perhaps when no cert is selected and the ignore button is pressed the settings should just be set to =false.
Changed in network-manager (Ubuntu): | |
status: | Confirmed → Triaged |
assignee: | nobody → Mathieu Trudel-Lapierre (mathieu-tl) |
Franko Burolo (fburolo) wrote : | #88 |
Finally assigned! :-)
I hope this will be solved soon, now.
@alexey-brodkin: I experienced the same, but only on WPA2 Enterprise networks. Every time I had to reenter the password when connecting to my faculty's network. WPA Personal and WEP were working fine. Not sure about it, but you could be right, the password bug could be coming from the same source as the bug reported here...
DieterVDW (dietervdw) wrote : | #89 |
Wow, 7 months to get a bug that breaks wifi for many corporate/
Try explaining that to management ...
S.O.E. Ansems (only-for-launchpad) wrote : | #90 |
For some reason this bug has worsened. Previously i could work around the issue by deleting the line that says 'system-
I'm now completely unable to connect to my corprate network, please fix this soon!
tags: | added: saucy |
Michael Heimann (michael-heimann) wrote : | #91 |
This has hit me, too.
Removing "system-
Stupid regression. This invalidates ubuntu in a corporate environment. Fix this please.
Cheers,
Michael
Changed in network-manager: | |
importance: | Unknown → High |
status: | Unknown → New |
tags: | added: regression-release |
Wayt (max-o) wrote : | #92 |
I confirm, I can't connect to my school network, and so, i can't use ubuntu to code.
Pete (lance321) wrote : | #93 |
I confirmed this is an issue for me as well. Worked fine in Ubuntu 12, Ubuntu 13 fails to connect to any WPA security.
This line does NOT exist for me in /etc/NetworkMan
"system-
Adding the line with "false" also does NOT resolve this issue for me.
"system-
So far I can only connect to networks which are not using WPA personal/
Please fix this bug.
Changed in network-manager (Ubuntu): | |
assignee: | Mathieu Trudel-Lapierre (mathieu-tl) → nobody |
Changed in network-manager (Ubuntu): | |
assignee: | nobody → Network-manager (network-manager) |
Matthew Geier (matthew-sleeper) wrote : | #94 |
I just want to add for those trying 'random' certificates - if your school can't/won't supply you the proper certificate there is little point trying random other certificates - they WON'T WORK.
That's the whole point of certificates in the first place, to verify the authenticity of the session. If it worked with random other certificates, there wouldn't be a whole lot of point would there.
Removing the system-ca-certs line and restarting network-manager worked for me, pending finding out how to get my schools certificate.
Ronak P (rkpatel7) wrote : | #95 |
There was an update for Network Manager a few days ago. It looked like that resolved the issue for me, however unfortunately I was mistaken.
My situation:
Running Xubuntu 12.04.3 LTS
[user] = my username
Trying to connect to university wifi with the same authentication - WPA2/PEAP/MSCHAPv2
I have the certificate file provided by the university located at ~/[user]
I have it currently set to hidden. I don't believe that is the problem since I was affected by the issue when it was not hidden as well.
I added system-
I also made sure the connection file has the line 'ca-cert=
1. Do you think changing that line to 'ca-cert=
2. Also, I just realized I haven't checked whether setting it to un-hidden would change anything after the recent Network Manager update. I might try that at some point.
Next time it occurs, I'll try to pull up the log file. Need to figure out how to do that first.
Le Gluon Du Net (legluondunet) wrote : | #96 |
Hello,
on Ubuntu raring 13.04, I installed this unstrusted Networkmanager PPA:
https:/
then I edit all your Wifi connection in /etc/NetworkMan
The bug is still present on saucy (system-
I filed a bug on bugzilla: https:/
description: | updated |
Pedro Nunes (nunes-p89) wrote : | #97 |
True story.
I had this problem, existed in ubuntu 13.04.
And now exists too in ubuntu 13.10, what a hell are this guys doing?
The good thing is.. the workaround is the same.
Changing the system-
Use the terminal to acess the etc/NetworkMana
Perform a "Sudo nano eduroam" and edit the file, save with ctrl + O and voilá.
Hope this help for most of the people
Regards
jjungo (j-jungo) wrote : | #98 |
Hi,
I had also this problem in Ubuntu 13.04 with NetworkManager version 0.9.8.0.
I can confirm that changing the line "system-
tags: | added: rls-s-incoming |
Rick Fowler (ricklfowler) wrote : | #99 |
I have the same issue, and is fixed the same way. However it always asks me for my wpa enterprise password at the login screen before I start my session. If I just ignore it and login it connects to the ap.
Jon-Paul Raymond (digitalattorney) wrote : | #100 |
I have a notebook running Xubuntu 13.10. Same problem. I didn't have a "system-
Vytautas Jakutis (vytautas) wrote : | #101 |
Eduroam also just stopped working for me. I heard local admins "reconfigured wifi network", and now when I connect, I get "self-signed certificate" errors.
To solve this, I had to replace the old local certificate (LITNET_CA.crt for me) to the AddTrustExterna
And I'm not even on Ubuntu. I use ArchLinux.
Eduardo Aquiles Radanovitsck (eduardoaquiles-ar) wrote : | #102 |
Same thing happened to me. I had to manually edit the file and remove the line "system-
Changed in network-manager (Ubuntu): | |
assignee: | Network-manager (network-manager) → Mathieu Trudel-Lapierre (mathieu-tl) |
tags: | removed: rls-s-incoming |
Changed in ubuntu-release-notes: | |
status: | New → In Progress |
assignee: | nobody → Andy Whitcroft (apw) |
description: | updated |
Changed in ubuntu-release-notes: | |
status: | In Progress → Fix Released |
Pritam Baral (pritambaral) wrote : | #103 |
- Lets user choose whether to use system CA certs or not. Edit (14.9 KiB, text/plain)
One sane solution would be to let the user choose whether to use the system CA certs or not. KDE's network manager applet already does this.
I have a patch ready that adds this functionality. For package network-
My university is in the process of testing out 802.1x for wired networks, but this bug is a major bottleneck right now as many people here use Ubuntu 13.04.
Ubuntu Foundations Team Bug Bot (crichton) wrote : | #104 |
The attachment "Lets user choose whether to use system CA certs or not." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]
tags: | added: patch |
Boris Hollas (borish) wrote : | #105 |
My WPA2/PEAP network doesn't work anymore with NetworkManager0
If I remove the connection and add it again, Network-Manager adds
system-
to the configuration file, which is wrong.
Before, it worked after I removed
system-
auth-alg=open
but now this doesn't help anymore.
Henri Souchay (imagez) wrote : | #106 |
Same thing, happened when "upgrading" to 13.04 after using 12.10 flawlessly. Corporate network.
The system-
Colleagues can connect to wifi with their Android phones, I cannot with Ubuntu: it just looks incompetent... Arrrgh, i'll have to move back to Windows...
Boris Hollas (borish) wrote : | #107 |
Pritam Baral (pritambaral) wrote : | #108 |
PPA announce!
https:/
Considering the time it has taken, and may take, for the devs to review/accept the patch and/or release a fix, I have been driven to release a personal package archive. This was inevitable for me persoannly, since my Uni is about to launch a campus wide EAPOL and
It builds on the standard Ubuntu raring package. Saucy will be added in a few hours.
@All affected users: feel free to use it
@32-bit users: build will finish in a few minutes.
Henri Souchay (imagez) wrote : | #109 |
Chhatoi, thanks for sharing.
First thing this morning I did install your update, which clearly shows the check box "system CA certificates"; unfortunately it still failed authentication:
NetworkManager[
wpa_supplicant[
wpa_supplicant[
wpa_supplicant[
wpa_supplicant[
wpa_supplicant[
wpa_supplicant[
Hope others have more luck, maybe I'm just dealing with the wrong issue.
Pritam Baral (pritambaral) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #110 |
Henri, you are indeed facing a different issue. Most likely incorrect
credentials.
When system-ca-certs is on, wpa_supplicant complains of a self-signed
certificate and stops right there. With a proper corresponding mesage of
course. And this one definitely isn't that.
I have seen this whenever I put in the wrong credentials.
Regards,
Chhatoi Pritam Baral
On Oct 24, 2013 2:21 AM, "Henri Souchay" <email address hidden> wrote:
> Chhatoi, thanks for sharing.
> First thing this morning I did install your update, which clearly shows
> the check box "system CA certificates"; unfortunately it still failed
> authentication:
>
> NetworkManager[
> associating -> associated
> wpa_supplicant[
> method=25
> wpa_supplicant[
> (PEAP) selected
> wpa_supplicant[
> subject=
> Certificate Authority'
> wpa_supplicant[
> subject=
> Certificate Authority'
> wpa_supplicant[
> skipping info that seems proper to my business...)'
> wpa_supplicant[
>
> Hope others have more luck, maybe I'm just dealing with the wrong issue.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without
> CA_Certificate
>
> Status in NetworkManager:
> New
> Status in Release Notes for Ubuntu:
> Fix Released
> Status in “network-manager” package in Ubuntu:
> Triaged
>
> Bug description:
> === Release Notes Text ===
>
> When connecting to MPA2/PEAP/MSCHAPv2 wifi networks which do not have
> a CA Certificate network manager may incorrectly mark the CA
> certificate as needing verification and fail that verification. See
> the bug for workarounds.
>
> ===
>
> I can connect to Eduroam in 12.10 and any other previous release, but
> not in 13.04. I checked, my name and password are correct, all
> settings are the same as in 12.10.
>
> Network properties:
>
> security: WPA - WPA2 enterprise
> authentication: protected EAP (PEAP)
> CA certificate: none
> PEAP version: automatic
> inner autentication: MSCHAPv2
> username: (required)
> password: (required)
>
> ProblemType: Bug
> DistroRelease: Ubuntu 13.04
> Package: network-manager 0.9.6.0+
> ProcVersionSign
> Uname: Linux 3.8.0-1-generic i686
> ApportVersion: 2.8-0ubuntu2
> Architecture: i386
> CasperVersion: 1.330
> Date: Thu Jan 24 21:32:25 2013
> IfupdownConfig:
> # interfaces(5) file used by ifup(8) and ifdown(8)
> auto lo
> iface lo inet loopback
> IpRoute:
> default via 192.168.43.1 dev wlan0 proto static
> 169.254.0.0/16 dev wlan0 scope link metric 1000
> ...
Austin DeWolfe (austindewolfe) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #111 |
@Chhatoi Pritam Baral
Thanks for building a fix for this issue, I know I appreciate it. I do have a question though. I can't seem to get the package through apt-get. I put the ppa into my repositories, but when I do sudo apt-get install network-
Harry (harryscells) wrote : | #112 |
@Austin DeWolfe
Try using:
sudo apt-get update
sudo apt-get upgrade
should update the packages affected
Pritam Baral (pritambaral) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #113 |
>
> sudo apt-get update
> sudo apt-get upgrade
>
> should update the packages affected
Yup, that should do it!
But for people looking to upgrade this single package only, and not their
whole system, or others like Austin, the package name is:
network-
Odd. I know. Caught me off-guard when I first set out too.
Changed in network-manager (Ubuntu): | |
assignee: | Mathieu Trudel-Lapierre (mathieu-tl) → justin (justi8) |
Changed in network-manager (Ubuntu): | |
assignee: | justin (justi8) → Mathieu Trudel-Lapierre (mathieu-tl) |
Changed in network-manager: | |
status: | New → Confirmed |
Ben Lutgens (blutgens-gmail) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #114 |
This problem still persists to this day. Setting system-
Pritam Baral (pritambaral) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #115 |
@Ben: You can use the PPA I posted which does exactly that. An option in
the UI that is disabled by default.
@Ubuntu devs: Upstream is debating turning system-ca-certs off completely.
Basically, reverting the commit which started this debacle without any
regard to end-user usability. There are some very good discussions,
including from people deploying 802.1X in the field, on why system-ca-certs
is completely useless.
Changed in network-manager: | |
status: | Confirmed → Fix Released |
osmeest (osmeest) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #116 |
Added the PPA specified by @pritambaral in saucy.
When running apt-get update, it complains that it doesn't find
https:/
Any chance to get the gnome network manager update for 64b Saucy from there ?
Or from somewhere else ?
Thanks.
osmeest (osmeest) wrote : | #117 |
Forget my last comment, if you use the ppa: link, it works much better:
ppa:pritambaral/nms
Thanks again for providing this much wanted patch.
Ingo Keck (ingokeck) wrote : | #118 |
This is actually a big problem for two reasons:
(1) The user does not get the correct feedback to the problem: Instead of a notice that the certificate not trusted, he/she is just asked again and again and again for the correct username and password.
(2) Encouraging people to trust in central certificates and not in self signed ones plays in the hands of NSA and everyone how depends on man-in-the-middle attacs. People should be encouraged to trust only in certificates they know are correct and be allowed to do so, instead of forcing them to only accept 'officially' signed certificates .
(still existing in ubuntu 13.10. , btw)
Neil Broadley (scaine) wrote : | #119 |
Is there something broken in Ubuntu's update process that a PPA had to be created (many thanks for that Pritam!) for this? I've just tried a fresh 13.10, it still has this problem, despite "Fix released". So what does "Fix released" mean? Released for the next version of Ubuntu? Would I have gotten the fix if I'd turned on "Proposed"?
So yeah - thanks again for the PPA. At least that works.
Pritam Baral (pritambaral) wrote : Re: [Bug 1104476] Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #120 |
@Neil: Note that this bug is actually three bugs. More precisely, this is
tracking the status of the same bug in three different projects. And the
top one is gnome (upstream.) The most recent "Fix released" refers to
gnome. It takes a while for upstream changes to be reflected in a stable
distro (Ubuntu), especially if it has to be backported (since upstream is
usually a little ahead of stable).
Note that one of the projects is just "Release Notes".
I created the PPA because I realized Ubuntu did/would not consider this bug
to be important enough to warrant a feature-change in two stable releases.
I do not think that's wrong on their part, although I'm confident they'd
see the fix harmless (from a stability POV) if they notice it.
I think uploading packages to -proposed is only for Ubuntu maintainers.
Here's some more on that matter:
http://
C Filorux (breakfast) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #121 |
Confirmed still unfixed on 13.10 ... WPA+EAP or Linux: pick one.
Ingo Keck (ingokeck) wrote : | #122 |
just coming in: Google found french office spying with CA signed intermediate certificate: https:/
So please stop requesting CA signed certificates!
Alex Nekrasov (ennnot) wrote : | #123 |
I'm having the same problem.
I do NOT have system-ca-certs in the NetworkManager connection file. I turned off power saving and ipv6. Still get
Dec 19 23:57:06 desktop kernel: [ 110.811108] wlan0: send auth to 00:19:cb:58:f6:b9 (try 1/3)
Dec 19 23:57:06 desktop kernel: [ 110.813360] wlan0: authenticated
Dec 19 23:57:06 desktop kernel: [ 110.813531] rt2800usb 2-1.5:1.0 wlan0: disabling HT as WMM/QoS is not supported by the AP
Dec 19 23:57:06 desktop kernel: [ 110.813536] rt2800usb 2-1.5:1.0 wlan0: disabling VHT as WMM/QoS is not supported by the AP
Dec 19 23:57:06 desktop kernel: [ 110.813718] wlan0: associate with 00:19:cb:58:f6:b9 (try 1/3)
Dec 19 23:57:06 desktop NetworkManager[
Dec 19 23:57:06 desktop kernel: [ 110.829841] wlan0: RX AssocResp from 00:19:cb:58:f6:b9 (capab=0x411 status=0 aid=3)
Dec 19 23:57:06 desktop wpa_supplicant[
Dec 19 23:57:06 desktop kernel: [ 110.836913] wlan0: associated
Dec 19 23:57:06 desktop kernel: [ 110.836925] IPv6: ADDRCONF(
Dec 19 23:57:06 desktop NetworkManager[
Dec 19 23:57:07 desktop avahi-daemon[944]: Joining mDNS multicast group on interface wlan0.IPv6 with address fe80::f27d:
Dec 19 23:57:07 desktop avahi-daemon[944]: New relevant interface wlan0.IPv6 for mDNS.
Dec 19 23:57:07 desktop avahi-daemon[944]: Registering new address record for fe80::f27d:
Dec 19 23:57:11 desktop wpa_supplicant[
Dec 19 23:57:11 desktop kernel: [ 115.755373] cfg80211: Calling CRDA to update world regulatory domain
Dec 19 23:57:11 desktop kernel: [ 115.758863] cfg80211: World regulatory domain updated:
Dec 19 23:57:11 desktop kernel: [ 115.758867] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
Dec 19 23:57:11 desktop kernel: [ 115.758869] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Dec 19 23:57:11 desktop kernel: [ 115.758872] cfg80211: (2457000 KHz - 2482000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Dec 19 23:57:11 desktop kernel: [ 115.758874] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
Dec 19 23:57:11 desktop kernel: [ 115.758876] cfg80211: (5170000 KHz - 52500...
Peter L (randomuser72) wrote : | #124 |
confirmed on 13.10. cannot connect to school eduroam network without certificate. really annoying!
In Gentoo Bugzilla #497296, Mateakos (mateakos) wrote : | #125 |
When setting up a wireless connection with PEAP and MSCHAPv2, but without CA cert, nm-applet puts system-
This ubuntu bug seems the same: https:/
Changed in gentoo: | |
importance: | Unknown → High |
status: | Unknown → New |
Changed in gentoo: | |
importance: | High → Medium |
In Gentoo Bugzilla #497296, Pacho-gentoo (pacho-gentoo) wrote : | #128 |
+*nm-applet-
+
+ 10 Jan 2014; Pacho Ramos <email address hidden>
+ +files/
+ +nm-applet-
+ -files/
+ -files/
+ -nm-applet-
+ Revert 'libnm-gtk: default to system CA certificates for validation for new
+ connections', bug #497296 by mateakos. Drop old.
+
In Novell/SUSE Bugzilla #858369, Chris Taylor (chris-taylor-t) wrote : | #126 |
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
When connecting to WPA2/PEAP/MSCHAPv2 wifi networks which do not have a CA Certificate Network Manager may incorrectly mark the CA certificate as needing verification and fail that verification.
Reproducible: Always
Steps to Reproduce:
1. Attempt to connect to WPA2/PEAP/MSCHAPv2 wifi network which does not have a CA Certificate.
Actual Results:
The line system-
Expected Results:
Connection to network should occur despite the lack of a CA Certificate (as many educational/
See also https:/
In Novell/SUSE Bugzilla #858369, Chris Taylor (chris-taylor-t) wrote : | #127 |
Changed in network-manager (openSUSE): | |
importance: | Unknown → High |
status: | Unknown → Confirmed |
Changed in gentoo: | |
status: | New → Fix Released |
Yongjin Cho (yongjin.cho) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #129 |
Is this bug really fixed?
I'm using Ubuntu 13.10 and I still cannot connect to my company network which is WPA2 enterprise PEAP without CA certificate.
Dmitry Maruschenko (yojick) wrote : | #130 |
It has been fixed almost anywhere except ubuntu. For ubuntu it's triaged =(
Blaster (holst-niels) wrote : | #131 |
@Dmitry Maruschenko (yojick) #130
Yes, it's pretty irritating. It's not really a bug in network manager though, it's "just" a glitch in the GUI.
Here's how to make it work:
1) Select a totally random certificate from /usr/share/
2) Try to connect . you'll not succeed, but don't worry.
3) This WILL create a connection file in /etc/NetworkMan
4) The name of the connection file (a text file) will be the name of the desired wifi network SSID
5) You need to edit that file as root. Do this in a terminal (ctrl-alt-t): gksu nautilus /etc/NetworkMan
6) Select the file (the name of the SSID) you just created
7) In this file there will be two lines you need to remove. One will state the requirement of a certificate the other will point to the bogus-certificate you used in step 1). Remove both lines.
8) Be sure that the line "identity=" contains BOTH your domain and username, as in identity=
Congrats, if you did the above correct you're now connected.
I totally agree that it's a joke that this isn't fixed yet. The "fix" posted by Pritam Baral (pritambaral) in #108 does NOT work anymore. It did however work when he posted it, but for 32 bit users it somehow created a connection file with "identity=
Jan Hauke Maase (h-maase+dev-deactivatedaccount) wrote : | #132 |
Thank you, Blaster!
I was able to connect to my university WIFI. But after a bit of a use I experience some kind of disconnect. My wifi keeps connected, but I'm not able ping anything or connect to the internet / local LAN. Only a reconnect to the wifi fixes this, but not for long. Tested on:
.Ubuntu 13.10
.Ubuntu 12.04.3 LTS
.openSUSE 13.1
On both HP and Lenovo Notebooks.
Have anybody had the same problem?
Blaster (holst-niels) wrote : | #133 |
@Jan Hauke Maase (h-maase+dev)
I'm glad it worked for you (I knew it would). The ridiculous thing about this is that probably 50% of the users and developers following this knows exactly how to fix it, but no suggested fix is accepted.
If you was able to connect, you're no longer affected by this bug. My guess is that what you're now experiencing is a WIFI-driver bug, and my best guess is that your WIFI card is a Broadcom. You could try the following (NOTE: this is NOT related to this bug)
1) enable the proprietary Broadcom driver
2) (lol-option) disable 1) and opt for kernel support might work
3) Upgrade kernel. You might want to try kernel 3.13. That fixed it for me.
Try this at YOUR OWN RISK:
cd /tmp
wget http://
chmod +x kernel-3.13
sudo sh kernel-3.13
sudo reboot
The above is NOT related to the bug described in this thread, and I will not provide further advise here!
Pritam Baral (pritambaral) wrote : | #134 |
@Blaster (holst-neils) #131
My patch has nothing to do with DOMAIN logins. In fact, it has nothing to do with anything other that precisely "sys-ca-cert".
It is, however, outdated (I don't use Ubuntu myself). I haven't updated it since I posted it, and it is possible that a newer edition of NM itself might have caused the DOMAIN issue you speak of.
Also, it IS a bug in NetworkManager itself. sys-ca-certs should never even exist. That is not how 802.1x is done. It is not a replica of the https model. Refer: https:/
My patch doesn't touch NM simply because NM is larger than nm-applet. I only added the gui option of sys-ca-certs because it was easier.
Blaster (holst-niels) wrote : | #135 |
Pritam Baral (pritambaral) #134
You're right, but somehow, down the line, I thought your fix produced the double " \", but it's most certainly not your fault. Just checked, and it's definitely a bug introduced by a Network Manager "update" and not by your fix. Sorry.
You're probably the only person in this unnecessary thread, that I respect for actually trying to fix the problem. Actually, you DID fix the problem for a while.
For now, the only work-around is #131
Peace, man.
bfrancom@gmail.com (bfrancom) wrote : | #136 |
I've had this problem for a long time on Debian Wheezy up to the past several releases of Ubuntu. Even running mainline kernels don't seem to fix. Currently on Ubuntu 13.10 3.14.0-
Today, I finally got some stability by adding/modifying the line to: system-
chmod -w <ssid>
Not sure how long this will work, but it's survived several suspends/
John Small (jds340) wrote : | #137 |
Still not fixed. I can connect to my company WPA2/PEAP/MSCHAPv2 network which is configured without CA_Certificate.
I can get a connection from my Ipad, Mac, Android phone, Kindle (and Google Glass but that's some else's). But I cannot connect from Ubuntu 13.10 with all the latest patches.
When is this ever going to be recognized as something that needs fixing?
12.x was Ok, 13.x has been broken since release. There seems to be a coder in charge of this that thinks not having a certificate means you shouldn't be allowed to connect. But lots of companies set things up to not use a certificate.
Please fix it.
Walter Garcia-Fontes (walter-garcia) wrote : | #138 |
Have you tried the following workaround? Assume the ssid of you network is called "mynetwork":
sudo gedit /etc/NetworkMan
eliminate a line that says:
system-
Substitute "mynetwork" by the name of your wifi network.
Albert Pool (albertpool) wrote : | #139 |
In upstream Gnome the bug has been fixed with commit: https:/
The Gnome bug report also includes some comments by Stefan Winter from Eduroam (the wifi network of many universities including mine), describing why this needs to be changed. Ubuntu developers please take a look at this comment by him: https:/
spaceriker (spaceriker) wrote : | #140 |
This is still broken in:
---
Distributor ID: Ubuntu
Description: Ubuntu 13.10
Release: 13.10
Codename: saucy
---
Note that this is a 64bit version, so I'm guessing that the 64bit version of network-manager did not get this fix?
spaceriker (spaceriker) wrote : | #141 |
FWIW, turning system-
Kai Blin (kai.blin) wrote : | #142 |
Still broken in 14.04, workaround works fine.
Albert Pool (albertpool) wrote : | #143 |
Indeed, the upstream fix did not reach debian/ubuntu yet. Even Sid does not have it yet, so I guess we'll need to be patient, until 14.10 or something like that.
I did, however, bring this to the attention of the Linux Mint developers. Should Mint provide a fixed network-
Esteban Richmond-Salazar (ersiq) wrote : | #144 |
SOLVED
sudo gedit /etc/NetworkMan
Substitue #WIFI-NETWORK# with your config file name
Comment (add an # before) or erase the following line:
system-
Save the file and it just work. If you made any changes using network manager you must repeat this procedure.
frank (dallco) wrote : | #145 |
@ Esteban this problem is not solved! Posting a workaround does not solve the bug.
The line system-
Matthew Geier (matthew-sleeper) wrote : | #146 |
This seems to be even worse in 14.04 as removing or changing the system-ca-certs= line no longer works.
I can make the office WPA2 connection work as I have access to the root certificate for it's key, but my Uni's Eduroam is now completely unusable as removing the system-ca-certs line no longer works and the institution will not give me the root certificate for the self signed key.
("We only support Mac/Windows via the supplied installers" was the response I got).
I took apart the Mac installer hoping to get the certificate, but as far as I can figure, what they supply for the mac is a script that turns off certificate checking in OSX :-)
It's all very well saying connecting with out verifying the certificate is insecure and shouldn't be allowed, but that just isn't a realistic approach.
I ether have to connect with out certificate checking, or I can't use the service at all.
vitaly.v.ch (vitaly-v-ch) wrote : | #147 |
No of WA work in 14.04
Peter Matulis (petermatulis) wrote : | #148 |
== Poll ==
Why are people here not ensuring a secure connection by setting up certificates? That's the way TLS works.
rgrig (radugrigore) wrote : | #149 |
@Peter Matulis: Are you serious? You may as well be asking "Why are people here not ensuring that the laws of Uganda are more sensible?" Uhm ... isn't it clear from above that a *huge* number of people don't have a choice? At least not a quick choice. Yes, eventually it will get done, but it's a slow battle.
Albert Pool (albertpool) wrote : | #150 |
@ Peter Matulis
Comment #17 at https:/
Matthew Geier (matthew-sleeper) wrote : | #151 |
In my case I either have to use the connection with out the proper certificate or NOT USE IT AT ALL. The powers that set up our Eduroam refuse to distribute the certificate required. 'We support Windows and Mac only'.
The Windows installer uses some package that installs a new EAP module into Windows, and the OSX one appears to be a simple script that turns off certificate verification for the Eduroam SSID.
Yes, not using the certificate leaves me open to a man-in-the-middle attack, but institutional policy doesn't leave me any choice here.
Victor Borovik (burkans5000) wrote : | #152 |
I had the same issue on Ubuntu 14.04 and none of proposed workarounds helped.
The way I was able to solve it was by manually restarting NetworkManager:
1) open terminal
2) type in: sudo stop network-manager
3) type in: sudo NetworkManager
And that is it! Afterwards I was able to normally connect to WiFi even after restarting Ubuntu. Hope it helps and good luck!
P.S. If restarting didnt help, before that I was also unsuccessfully trying to kill NetworkManager by its PID (it relaunches automatically), maybe it had some impact. I cant really reproduce the bug because it disappeared after restarting NetworkManager.
Sera (seraphim6x7) wrote : | #153 |
@Victor Borovik
Did you do that in addition to the proposed workarounds? What you're proposing is no more than what happens on every restart.
For reference, the removal of the 'system-
Walter Garcia-Fontes (walter-garcia) wrote : | #154 |
In my case the workaround in comment #138 still works with Ubuntu 14.04.
Victor Borovik (burkans5000) wrote : | #155 |
@Sera
I tried all of proposed workarounds with and without Ubuntu restart with no effect.
After restarting NetworkManager manually ('system-
Aang (aang-aero) wrote : | #156 |
I can also confirm that workaround in comment #138 works as well. I'm also on Ubuntu 14.04.
However, I am now prompted at login (of the OS) for the WiFi password on the PEAP network, but hitting cancel, then logging in seems to work fine. All other networks don't bother me with a pop-up at login.
Will this CA Certificate bug in Network Manager be fixed in 14.04, or is 14.10 the expection?
Tronde (tronde) wrote : | #157 |
Hello.
I can confirm this Bug for Ubuntu GNOME 14.04 (Trusty) with network-manager 0.9.8.8-0ubuntu7.
enrico (enricofranceschi) wrote : | #159 |
Sorry I posted an incorrect link
this is, my workaraound for lubuntu 14.04 32bit on Acer Aspire One d150, others have not worked:
download: network-
for safety dowload also Lubuntu-
sudo stop network-manager
sudo killall nm-applet
sudo apt-get remove network-
(also removes Lubuntu-desktop)
from dowload directory:
sudo dpkg -i network-
sudo dpkg -i Lubuntu-
returns errors
sudo start network-manager
alt + f2 nm-applet
configure: right click on the network icon in systray
connect to WIFI, ignoring the certificate request
sudo apt-get-f install
(fixes the dependencies are not met due to the installation of the network manager 12:04 on 14:04)
sudo apt-get update && sudo apt-get upgrade
everything should be ok even after rebooting
BC (bc2000) wrote : | #160 |
I manage WiFi services for a University, including Eduroam. I just want to point out that this "issue" is not isolated self-signed certificate, but any certificate not signed directly by any of the 'pre-trusted' root/intermediate CAs. I wasn't actually aware that you are even 'allowed' to participate with Eduroam with a self-signed certificate?!?
I assume setting system-ca-certs to false the tells NetworkManager not to try and validate the certificate?? If that is the case, this would seem to be expected behaviour, rather than a bug, and may introduce a security risk (someone can potentially set up a bogus SSID with 'your' SSID name, using any certificate and then grab your credentials)
If you are joining a WiFi network with a self-signed certificate, you should be able to add the certificate itself to your trusted certificates. For networks with third-party signed certificates (Thawte, VeriSign etc) you should add the CA certificates (root, intermediate etc) to your list of trusted CAs.
Boris Hollas (borish) wrote : | #161 |
I confirm this bug on Ubuntu 14.04 with recent updates. The workarounds in #152, #153 don't work for me.
Also, removing the line "system-
Albert Pool (albertpool) wrote : | #162 |
The system-ca-certs problem has been fixed in Linux Mint 17.
What may remain, though, is that the right authentication type such as TTLS or PEAP is not selected automatically. For me PEAP had to be chosen to connect to Eduroam; your institution should be able to tell which of these types you need (since for example Android also asks for this). But that is unrelated to this bug, if you know which type to use you can select it yourself in the network settings.
Boris Hollas (borish) wrote : | #163 |
I doubt that https:/
has no effect. This all the patch does if no certificate is chosen.
I did choose the right authentication type (PEAP).
Neil Broadley (scaine) wrote : | #164 |
Note the comment in #144 - while removing the system-
So the current workflow for connecting to a PEAP WIFI network is currently:
1. Make the connection. It will fail, but it will create an entry in /etc/NetworkMan
2. Edit that connection as root, remove the system-
3. Never make any changes to that connection again.
One more small note - changing the line to read system-
Albert Pool (albertpool) wrote : | #165 |
Linux Mint has implemented the upstream fix for system-ca-certs in their repository packages which can be found at http://
You can install these DEBs on Ubuntu 14.04 too (since Linux Mint 17 is based on Ubuntu 14.04), then remove the connection and add it again; system-ca-certs will not appear then if you click ignore when you're asked to choose a certificate.
With Mint 17 I am able to connect to Eduroam out-of-the-box, I just have to choose PEAP as authentication method and enter my details.
Mathieu Trudel-Lapierre (cyphermox) wrote : | #166 |
This can be fixed in backporting a commit; I'll upload a fixed package to utopic shortly, then we can look into a SRU for the change.
affects: | network-manager (Ubuntu) → network-manager-applet (Ubuntu) |
Changed in network-manager-applet (Ubuntu): | |
status: | Triaged → In Progress |
Mathieu Trudel-Lapierre (cyphermox) wrote : | #167 |
Saucy will be EOL in about a month; unless somebody says otherwise, I think I'd rather spend the time to provide the fix in the other releases that are still supported -- people still on 13.10 should consider upgrading to 14.04 as soon as possible, which should generally be a good idea for all the other bug fixes that would come with it.
If it's really needed, I can provide packages in a PPA, but for now I'll just close the Saucy / 13.10 task as Won't Fix.
Other releases will still get the updates when they are tested.
Changed in network-manager-applet (Ubuntu Saucy): | |
status: | New → Won't Fix |
Changed in network-manager-applet (Ubuntu Precise): | |
status: | New → Triaged |
Changed in network-manager-applet (Ubuntu Trusty): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in network-manager-applet (Ubuntu Precise): | |
importance: | Undecided → Medium |
assignee: | nobody → Mathieu Trudel-Lapierre (mathieu-tl) |
Changed in network-manager-applet (Ubuntu Trusty): | |
assignee: | nobody → Mathieu Trudel-Lapierre (mathieu-tl) |
Launchpad Janitor (janitor) wrote : | #168 |
This bug was fixed in the package network-
---------------
network-
* debian/
certs to validate the wireless AP certs if the user chooses not to supply
a certificate. (LP: #1104476)
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 11 Jun 2014 15:29:36 -0400
Changed in network-manager-applet (Ubuntu Utopic): | |
status: | In Progress → Fix Released |
Vincent Gerris (vgerris) wrote : | #169 |
This bug still affects me with current updates.
I had to change /etc/NetworkMan
the line system-ca-cert=true
to system-
Then restart the network and it works.
Mathieu Trudel-Lapierre (cyphermox) wrote : | #170 |
Yes, this fix will not change connections that have already been created, it will only not set system-ca-cert for new connections.
Adolfo Jayme Barrientos (fitojb) wrote : | #171 |
This bug appeared in Raring, Precise is not affected by it.
no longer affects: | network-manager-applet (Ubuntu Precise) |
Felix (felix-daniel-perez) wrote : | #172 |
Hi All:
Same bug in 14.04 .Is a headache the network manager with this type of authentication!!
My organization dont use a cert to authenticate to the network, use password, so, is a big problem to connect!
Br
Felix
Boris Hollas (borish) wrote : | #173 |
Eduroam works for me with Ubuntu 14.04 as of today if I use the installer provided by Eduroam. Your institution should provide a link to this installer, which retrieves and stores the appropriate CA-certs and creates an entry for network-manager.
Chris J Arges (arges) wrote : Please test proposed package | #174 |
Hello zsolt.ruszinyák, or anyone else affected,
Accepted network-
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
description: | updated |
Changed in network-manager-applet (Ubuntu Trusty): | |
status: | Triaged → Fix Committed |
tags: | added: verification-needed |
Launchpad Janitor (janitor) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #175 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in network-manager-applet (Ubuntu Raring): | |
status: | New → Confirmed |
no longer affects: | network-manager-applet (Ubuntu Raring) |
Adolfo Jayme Barrientos (fitojb) wrote : | #176 |
Version 0.9.8.8-0ubuntu4.3 in trusty-proposed works here.
tags: |
added: verification-done removed: verification-needed |
Launchpad Janitor (janitor) wrote : | #177 |
This bug was fixed in the package network-
---------------
network-
* debian/
certs to validate the wireless AP certs if the user chooses not to supply
a certificate. (LP: #1104476)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 07 Jul 2014 11:11:52 -0400
Changed in network-manager-applet (Ubuntu Trusty): | |
status: | Fix Committed → Fix Released |
Chris Halse Rogers (raof) wrote : Update Released | #178 |
The verification of the Stable Release Update for network-
Aang (aang-aero) wrote : Re: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate | #179 |
Downloaded latest gnome-network-
Franko Burolo (fburolo) wrote : | #180 |
Except that this bug report is about the impossibility to connect WITHOUT a CA certificate...
Aang (aang-aero) wrote : | #181 |
My apologies for the typo, I meant "without" - so the corrected version:
Downloaded latest gnome-network-
Update:
I am being prompted for the WiFi password on the network without the CA Certificate every time I power on the computer, but once I enter the password it connects. This behavior only occurs on boot up; recovering from suspend has no issues.
Once again, my apologies for the typo on post #179 :-\
Aravind Pogu (aravind-pogu) wrote : | #182 |
Hi All,
I have installed Ubuntu 14.04 in my system recently on Oct 7th. I still have this problem to connect to my University network.
I have tried the work around mentioned in the thread to remove system-ca-cert=true from the my connection SSID. But, I could not even find that line. I even restarted the Network Manager several times.
Please help !!
Thanks,
Aravind
Albert Pool (albertpool) wrote : | #183 |
Aravind,
That line is already deleted if you add the connection with the latest updates to NetworkManager installed.
If you're still having trouble, probably the wrong authentication type is set in the wifi security settings. Default is TTLS, but at least my university (Utrecht University, NL) needs PEAP here for its Eduroam network. The inner authentication is MSCHAPv2 but I think that was right by default.
Settings may be different at your university but I think it's certainly worth giving it a try.
When you are asked for the certificate, choose to ignore it (unless you know which one to specify).
Future questions about this are better asked on a forum instead. This is a closed bug.
Pablo Cabrera (pablo-rocka) wrote : | #184 |
@Aang (aang-aero)
I managed to get rid of the password prompt by adding the password in the [802-1x] section of the connection file:
in the /etc/NetworkMan
Edit the section:
[802-1x]
eap=peap;
identity=
phase2-
password=
and it worked for me. No more accept certificate or password prompty dialog.
Alex Luecke (alex-james-luecke) wrote : | #185 |
This bug is still persistent for me in 14.10.
Albert Pool (albertpool) wrote : | #186 |
As I said already, 14.10 has another problem.
Go to Network Settings or Network Connections, edit the Eduroam connection, and go to the WiFi Security tab.
Here set the authentication type to Protected EAP instead of the default Tunneled TLS which is wrong for eduroam, at least on my university.
It is unrelated to this bug so feel free to open a new bug for it, if you did not need to do this in past releases of Ubuntu.
natheo (natheo) wrote : | #187 |
I have the bug since yesterday, just after I reinstall Ubuntu 14.04. Before it has never happened.
Juliano Fischer Naves (julianofischer) wrote : | #188 |
I have the bug too.
Maybe is related to the network interface.
Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE 802.11b/g/n WiFi Adapter (rev 01)
philipballew (philipballew) wrote : | #189 |
Is there a bug report for this issue happening in 14.10 as well? I see that as #186 pointed out, this is a different problem, is there a bug report for it? If not, I will go ahead and create one.
Albert Pool (albertpool) wrote : | #190 |
@philipballew I'm not aware of another bug report, and don't have time to look for one at present. I'm a Linux Mint user myself; Cinnamon has its own issues with Eduroam. besides, there is no 14.10 based Linux Mint at present, so the 14.10 problems don't really affect me.
What I said in #186 was how a friend with Ubuntu on a Mac, got eduroam working.
Vincent Gerris (vgerris) wrote : | #191 |
since a few days I suddenly have issues again connecting to PEAP based wifi again.
Keep having a popup. Above options did not work.
Intel 7260 card.
not only that, but the ignore option still does not work in the GUI.
Franko Burolo (fburolo) wrote : | #192 |
A few days ago, I couln't connect to my faculty's PAP network, either... I thought it was a problem on their side, as they tend to have them every so often. But now with Vincent's message... I don't know. It may be a new bug in NetworkManager?
I haven't been to my faculty with my laptop since then to see if the problem still persists... I'll probably be there again on Monday, so I can re-check.
Vincent Gerris (vgerris) wrote : | #193 |
I thought for me it was a password change, but I tested another laptop with Fedora and that just works.
So it seems like a bug in Ubuntu at least.
Not sure if it is the same, but I hope someone will pick this up and fix it.
This is another big risk for losing users.
Happy to test any fixed packages....
Franko Burolo (fburolo) wrote : | #194 |
I was today at the faculty again, and I still couldn't connect to the network with my Ubuntu Vivid laptop, but my Android phone could. As this is only happening since very recently, it sounds like a bug in Ubuntu to me, too. And it is probably a regression, since this was working perfectly before, always on Vivid. I have recently got this laptop, and Vivid is the first, and still the only OS ever used on it.
Except that in my case, nothing ever pops up. It is just trying to connect forever. But if it is a new bug, we should open a new report.
Franko Burolo (fburolo) wrote : | #195 |
Today I tried to delete that connection and set it up again. Still no dice, but now the issue looks exactly as Vincent describes it. :-D After some seconds of not being able to connect, a window pops up asking my username and password. Both Are correct, I multi-checked it, but it just won't connect.
Martin (w-martin-h) wrote : | #196 |
Wow, ... 15.04 and I face the problem again.
One can also work around this with a wpa_supplicant.
It actually works like a charm, i.e. https:/
Zacharias Steinmetz (zsteinmetz) wrote : | #197 |
Same on my PC running Vivid (3.19.0-22, BCM4313), both with certificate added and ignored. Thanks for the workaround, though.
Steve (dday246) wrote : | #198 |
I can't connect to my campus WiFi either on Ubuntu 14.04 I can connect on my iPhone, home, and coffee shop networks but not at school. My IT guy at school couldn't fix it and he runs Ubuntu. I don't want any workarounds or some Micky Mouse bullshit. I want a simple one click update that resolves the issue. I can't even add a printer at home and now this. I'm about to go back to windows if this isn't resolved with an update. I'm glad I decided not to donate any money to this company. I suppose my dad was right when he said despise the free lunch.
Vincent Gerris (vgerris) wrote : | #199 |
Hi Steve,
Ubuntu is a project mostly led by people in their free time.
While I agree that this is an annoying bug, your remarks are a bit blunt when it comes to respecting people's hard work.
How about you be happy with what IS working and try to contribute to a solution?
Feel free to code yourself, after all it is open source.
If you like to go back to a proprietary operating systems that has closed source drivers that crash and cannot be fixed it all, why not go for it?
If you don't like Ubuntu, try something else. I do not have the issue on Fedora.
Can't add a printer? Look in the fora, I never had any problem for the last 8 years with any printer and like with Windows some (most not) need a driver.
Last but not least, I agree with Steve that this issue should be fixed.
Can anyone suggest what we should to ?
Walter Garcia-Fontes (walter-garcia) wrote : | #200 |
I would suggest people having this bug to open new bug reports with as much details of their systems as they can provide. If the issue are really duplicates of this one, the new bug reports can be duplicated to this one later. I'm connecting with Eduroam networks with 3 different laptops (two with Ubuntu 14.04 and one with Ubuntu 15.10) with no issues, so I think people being hit by this bug are being affected by a combination of software and own hardware particularities.
Franko Burolo (fburolo) wrote : | #201 |
As I said before, on my Toshiba laptop with Qualcomm Atheros WiFi and Ubuntu Vivid 64 it worked brilliantly at first (and still it does on a non-updated live media), but it stopped working, probably after who-knows what update, which is why I don't believe it is a hardware issue.
That said, I do agree with Walter, we should open a new bug report for this one. I would do it myself, but for now the only place where I can test this is my university, which, if everything goes well, I am finishing next week, when I'll be giving my MA thesis presentation. So, ATM I am kinda busy preparing for that, and once that's done, my access credentials for the uni network will soon be cancelled, and I won't be able to contribute any test reports. So I concluded it would be pretty useless for me to open it.
And then about Steve... :-D I have worked in hotels and restaurants, and I know very well what special extra spices some customers get, including those who "despise the free lunch". So go on, enjoy your expensive all-served meal. It certainly does have that something extra. ;-)
Vincent Gerris (vgerris) wrote : | #202 |
Created a new bug : https:/
Please put your info there, thank you.
In Red Hat Bugzilla #1241930, Kevin (kevin-redhat-bugs) wrote : | #210 |
Description of problem: After updating to wpa_supplicant 2.4-3 on July 1, was unable to connect to my corporate wifi access point. Subsequent downgrade to wpa_supplicant 2.3-3 fixed access problem, so I think this is a wpa_supplicant bug
Version-Release number of selected component (if applicable): wpa_supplicant 2.4-3
How reproducible: Upgrade to 2.4-3 try to access wpa/wpa2 wifi with TTLS authentication that has been working for well over a year now. Fails. Downgrade to 2.3-3 and it works again.
Steps to Reproduce: See above
1. Select network in NetworkManager
2. Does not connect
3. Keeps asking for password
Actual results:
From /etc/wpa_
wlp12s0: SME: Trying to authenticate with e0:1c:41:34:19:e9 (SSID='CICS' freq=5220 MHz)
wlp12s0: Trying to associate with e0:1c:41:34:19:e9 (SSID='CICS' freq=5220 MHz)
wlp12s0: Associated with e0:1c:41:34:19:e9
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
ty' hash=c3846bf24b
wlp12s0: CTRL-EVENT-
ty' hash=c3846bf24b
wlp12s0: CTRL-EVENT-
odaddy.
1861973549cfa6e
wlp12s0: CTRL-EVENT-
dfed5372381b7ae
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: openssl_handshake - SSL_connect error:14082174:SSL routines:
wlp12s0: CTRL-EVENT-
wlp12s0: Authentication with e0:1c:41:34:19:e9 timed out.
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
After downgrade:
wlp12s0: Trying to associate with e0:1c:41:34:19:e9 (SSID='CICS' freq=5220 MHz)
wlp12s0: Associated with e0:1c:41:34:19:e9
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: CTRL-EVENT-
wlp12s0: ...
In Red Hat Bugzilla #1241930, Wallace (wallace-redhat-bugs) wrote : | #211 |
I'm using Fedora 22.
After updating the package wpa_supplicant 2.3 to 2.4 can not connect to the wireless network (PEAP-MSCHAPv2, no CA Certificate).
Please see this thead http://
After downgrade to 2.3 it works again.
In Red Hat Bugzilla #1241930, Major (major-redhat-bugs) wrote : | #212 |
I ran through a git bisect this morning and found that once this patch was applied, I couldn't hop on my corporate Aruba wifi network:
https:/
_______
commit 674f6c073f6f7cd
Author: Eliad Peller <email address hidden>
Date: Wed Oct 22 08:03:56 2014 -0400
WMM AC: Add basic ADDTS/DELTS sending functions
Add basic implementation for ADDTS and DELTS sending
functions.
wpas_
containing TSPEC (traffic stream specification) with
the given params.
wpas_
the given tid, and send DELTS public action for it.
(Handling of ADDTS response and actually configuring the admission
control params will be added in following patches.)
Signed-off-by: Moshe Benji <email address hidden>
Signed-off-by: Eliad Peller <email address hidden>
_______
A simple 'git revert' was insufficient as additional patches have piled into these same files afterwards. :/
In Red Hat Bugzilla #1241930, Dan (dan-redhat-bugs) wrote : | #213 |
(In reply to Kevin Havener from comment #0)
> Description of problem: After updating to wpa_supplicant 2.4-3 on July 1,
> was unable to connect to my corporate wifi access point. Subsequent
> downgrade to wpa_supplicant 2.3-3 fixed access problem, so I think this is a
> wpa_supplicant bug
>
>
> Version-Release number of selected component (if applicable): wpa_supplicant
> 2.4-3
>
>
> How reproducible: Upgrade to 2.4-3 try to access wpa/wpa2 wifi with TTLS
> authentication that has been working for well over a year now. Fails.
> Downgrade to 2.3-3 and it works again.
This appears to be an OpenSSL issue, not a wpa_supplicant one:
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: openssl_handshake - SSL_connect error:14082174:SSL routines:
wlp12s0: CTRL-EVENT-
for exmaple, see:
https:/
http://
In Red Hat Bugzilla #1241930, Dan (dan-redhat-bugs) wrote : | #214 |
(In reply to Wallace Hermano from comment #1)
> I'm using Fedora 22.
> After updating the package wpa_supplicant 2.3 to 2.4 can not connect to the
> wireless network (PEAP-MSCHAPv2, no CA Certificate).
>
> Please see this thead
> http://
> radius-
>
> After downgrade to 2.3 it works again.
Your issue is likely due to wpa_supplicant enabling TLSv1.2 support (in response to recent attacks against SSLv3, TLSv1.0, and TLSv1.1, like the recent Firefox updates that disabled SSLv3 and TLSv1.0 negotiation). Unfortunately, not all RADIUS servers are prepared for that, and they accept the TLSv1.2 connection but generate a mismatching key than the supplicant does. That bug is in the RADIUS server...
There are some patches floating around that will detect this condition and fall back to the less-secure TLSv1.1 automatically, and we'll probably have to add those to Fedora until the RADIUS server vendors like Cisco, Aruba, etc catch up and fix their products.
In Red Hat Bugzilla #1241930, Dan (dan-redhat-bugs) wrote : | #215 |
(In reply to Dan Williams from comment #3)
> (In reply to Kevin Havener from comment #0)
> > Description of problem: After updating to wpa_supplicant 2.4-3 on July 1,
> > was unable to connect to my corporate wifi access point. Subsequent
> > downgrade to wpa_supplicant 2.3-3 fixed access problem, so I think this is a
> > wpa_supplicant bug
> >
> >
> > Version-Release number of selected component (if applicable): wpa_supplicant
> > 2.4-3
> >
> >
> > How reproducible: Upgrade to 2.4-3 try to access wpa/wpa2 wifi with TTLS
> > authentication that has been working for well over a year now. Fails.
> > Downgrade to 2.3-3 and it works again.
>
> This appears to be an OpenSSL issue, not a wpa_supplicant one:
>
> SSL: SSL3 alert: write (local SSL3 detected an error):
> OpenSSL: openssl_handshake - SSL_connect error:14082174:SSL
> routines:
> wlp12s0: CTRL-EVENT-
>
> for exmaple, see:
>
> https:/
> http://
More info: wpa_supplicant 2.4 may trigger this where 2.3 would not, becuase 2.4 enables some new ciphers for use with TLSv1.2, and the server may have enabled DH only for those ciphers that are now enabled.
The options are to either get your network admins to fix the DH key issue by using something > 768 bits, or to disable TLSv1.2 for now until they fix it.
But as a test, here's a wpa_supplicant with TLSv1.2 disabled by default. If you could test it on your network where you get the "dh key too small" error to see if that fixes the issue, then great, we can proceed with a more general solution. But if it doesn't fix the issue, then we'll need to dig a bit deeper and there may not be a general fix.
In Red Hat Bugzilla #1241930, Major (major-redhat-bugs) wrote : | #216 |
I tried the koji build from the last comment and I'm unable to connect. With debug wpa_supplicant logs, I get:
SSL: SSL_connect:error in SSLv2/v3 read server hello A
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect:error in SSLv3 read finished A
In Red Hat Bugzilla #1241930, Kevin (kevin-redhat-bugs) wrote : | #217 |
I also tried the Koji build. Got the same error as I originally submitted:
SSL: SSL3 alert: write (local SSL3 detected an error):
OpenSSL: openssl_handshake - SSL_connect error:14082174:SSL routines:
wlp12s0: CTRL-EVENT-
I
Martin (w-martin-h) wrote : | #203 |
Jiminy crickets, kernel upgrade to 3.19.0-23 and EDUROAM is picking up again!
Geir Ola (geir-f) wrote : | #204 |
Have anyone found a functional workaround? Other than the one described above? I don't have the proper knowledge to implement the one above.
Are able to create files and edit with nano if told exactly where to do so.
Running Ubuntu Mate 15.04 - 3.18.0-25rpi2 - Mate 1.8.2 on a Raspberry Pi 2.
In Red Hat Bugzilla #1241930, Virgilio (virgilio-redhat-bugs) wrote : | #218 |
I can also confirm that a downgrade of the wpa_supplicant package to version 2.3.3 on Fedora 22 x86_64 makes it possible again to connect to a WPA2 Enterprise/
In Red Hat Bugzilla #1241930, Hannes (hannes-redhat-bugs) wrote : | #219 |
I can further confirm that downgrading wpa_supplicant to 2.3.3 allowed me to immediately connect to eduroam.
In Red Hat Bugzilla #1241930, Gregor (gregor-redhat-bugs) wrote : | #220 |
I can confirm the same behavior. Immediately after downgrading the wpa_supplicant to 2.3.3 allowed me to connect to our company WIFI.
In Red Hat Bugzilla #1241930, Luiz (luiz-redhat-bugs) wrote : | #221 |
I can confirm the same behavior.
I downgraded to 2.3.3 and I was able to connect successfully to connect to the wifi, but then I upgraded the kernel to 4.1.6 and it installed an wpa_supplicant-gui and some other wpa packages, and it stopped working again.
Can I get some help identifying if the issue is from the same root cause?
Because the wpa_supplicant-gui has the same 2.4.4 version of the wpa_supplicant and I tried to downgrade the *-gui one and it failed, due to not having package available.
In Red Hat Bugzilla #1241930, Kent (kent-redhat-bugs) wrote : | #222 |
FYI: I have seen the same (or at least very similar problems). Upgrading to 2.4-3 or 2.4-4 broke my eduroam connection. Downgrading to 2.3-3 again made it work.
I talked to the people running the authentication server (Radiator) used when I log in to eduroam. They upgraded OpenSSL and a related Perl module on the server. After that, eduroam survived an upgrade to 2.4-4 on my laptop.
In Red Hat Bugzilla #1241930, Luiz (luiz-redhat-bugs) wrote : | #223 |
Solved the issue removing the wpa_supplicant, and it removed anaconda and anaconda-gui. Then I re-installed the wpa_supplicant, NetworkManager-
If someday has a fix I would be very happy to un-block wpa_supplicant packages from my dnf exceptions.
In Red Hat Bugzilla #1241930, Germano (germano-redhat-bugs) wrote : | #224 |
*** Bug 1244188 has been marked as a duplicate of this bug. ***
In Red Hat Bugzilla #1241930, Germano (germano-redhat-bugs) wrote : | #225 |
Lastest wpa supplicant working with WPA Enterprise connections:
wpa_supplicant-
In Red Hat Bugzilla #1241930, David (david-redhat-bugs) wrote : | #226 |
(In reply to Germano Massullo from comment #15)
> Lastest wpa supplicant working with WPA Enterprise connections:
> wpa_supplicant-
Just to avoid confusion:
The lastest wpa supplicant that works with WPA Enterprise connections is
wpa_supplicant-
In Red Hat Bugzilla #1241930, Ville (ville-redhat-bugs) wrote : | #227 |
eduroam broke for me with 2.4 as well. I tried upgrading to 2.5 locally but it remained similarly broken. Works with 2.3-3.
In Red Hat Bugzilla #1241930, Ville (ville-redhat-bugs) wrote : | #228 |
*** Bug 1245766 has been marked as a duplicate of this bug. ***
In Red Hat Bugzilla #1241930, Michael (michael-redhat-bugs) wrote : | #229 |
(In reply to Gregor Fuis from comment #10)
> I can confirm the same behavior. Immediately after downgrading the
> wpa_supplicant to 2.3.3 allowed me to connect to our company WIFI.
I had the same issue. The workaround with version 2.3.3 did the trick for me as well.
(In reply to Dan Williams from comment #4)
> Your issue is likely due to wpa_supplicant enabling TLSv1.2 support (in
> response to recent attacks against SSLv3, TLSv1.0, and TLSv1.1, like the
> recent Firefox updates that disabled SSLv3 and TLSv1.0 negotiation).
> Unfortunately, not all RADIUS servers are prepared for that, and they accept
> the TLSv1.2 connection but generate a mismatching key than the supplicant
> does. That bug is in the RADIUS server...
I can confirm that updating FreeRADIUS (server/network infrastructure) to version freeradius-
I am now running wpa_supplicant-
In Red Hat Bugzilla #1241930, Fedora (fedora-redhat-bugs) wrote : | #230 |
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
In Red Hat Bugzilla #1241930, Wallace (wallace-redhat-bugs) wrote : | #231 |
I'm testing Fedora 23 beta but i can't downgrade the wpa_supplicant.
In Red Hat Bugzilla #1241930, Nick (nick-redhat-bugs) wrote : | #232 |
I wouldn't bother degrading client security by forcing TLS 1.1
The fact that Google have shipped with TLS 1.2 in Android 6.0 (Marshmallow) is quickly identifying and mopping up broken authentication servers.
In Red Hat Bugzilla #1241930, Nick (nick-redhat-bugs) wrote : | #233 |
I posted in the Google issue tracker:
" suspect that you all are hitting this issue because the new version of Android is now negotiating, correctly, with TLS 1.2 and you have a broken backend.
If so, this issue should be marked as being invalid.
This applies to anybody with WPA2-Enterprise
These unfortunately experience a critical bug where they miscalculate session keying material, the MPPE keys, when the TLS 1.2 protocol is negotiated by EAP clients (supplicant).
Clients that negotiate with the TLS 1.2 protocol version in the TLS Client Hello will not be able to get a usable association to affected wireless networks.
Two MPPE keys, the MS-MPPE-Recv-Key (MasterReceiveKey) and MS-MPPE-Send-Key (MasterSendKey), are used to derive the Master Session Key (MSK). This is absolutely essential to get a usable association.
The mismatch occurs because the client derives the correct MSK and the AP derives a different, incorrect MSK due to the incorrectly calculated MPPE keys supplied in the RADIUS Access-Accept.
This is more of an acute issue as Red Hat ship with a broken FreeRADIUS 2.2.6 package in RHEL 6.7. There is an update now to address this: https:/
CentOS 6.7 is similarly affected as it derives from Red Hat's sources.
I should also mention that there is a difference between implementing/
The issue above, loosely, concerns intolerance because the subsequent MPPE keys generated are miscalculated.
Deployments that continue to offer just TLS 1.0 will continue to function correctly as TLS 1.0 will be negotiated by EAP clients (supplicants) despite it offering TLS 1.2 in the client hello in their default configuration. (TLS has a version negotiation mechanism, you just need an intersection of supported versions and cipher suites.)"
In Red Hat Bugzilla #1241930, Nick (nick-redhat-bugs) wrote : | #234 |
This bug needs to be closed as NOTABUG.
In Red Hat Bugzilla #1241930, Luiz (luiz-redhat-bugs) wrote : | #235 |
Hey Nick,
I am not using Android, I am using the Fedora 23 as an SO and this error is really annoying, I tried to check which TLS version I am using and still dont have any clue.
Can you help checking or to use the TLS that doesnt error out?
In Red Hat Bugzilla #1241930, Nick (nick-redhat-bugs) wrote : | #236 |
Anywhere that is using wpa_supplicant 2.4 or later without specific configuration to disable TLS 1.2 will hit this issue with affected RADIUS servers. TLS 1.2 is rightly enabled by default.
(Android Marshmallow uses such a version of wpa_supplicant).
You can certainly disable TLS 1.2 in the configuration for wpa_supplicant if you absolutely must get a usable connection.
Do so with phase1=
Ideally though you would seek to get the RADIUS server updates to a version that isn't broken.
In Red Hat Bugzilla #1241930, Luiz (luiz-redhat-bugs) wrote : | #237 |
I am trying to understand better the last choice, I could connect with the command line, but its kind of annoying still. My version of the freeradius is this
[~] $ sudo dnf info freeradius
Last metadata expiration check performed 3:05:10 ago on Tue Nov 24 12:08:27 2015.
Pacotes instalados
Name : freeradius
Arq. : x86_64
Epoch : 0
Versão : 3.0.8
Release : 3.fc23
Tam. : 3.4 M
Repo : @System
From repo : fedora
In Red Hat Bugzilla #1241930, Michael (michael-redhat-bugs) wrote : | #238 |
I'm not sure if I get you right. Are you using Fedora as a server operating system to provide radius authentication for your network infrastructure?
TLS1.2 is the currently newest and (hopefully) most secure version of the TLS protocol and therefore it is a good choice using it. So disabling TLS1.2 is a bad idea as stated in comment #26. Use a radius server version that implements TLS1.2 correctly instead.
Version 3.0.8 is affected when using EAP-TTLS as mentioned in comment #23 so if you have trouble use a different server version or a different EAP type.
If I've got you totally wrong and you are not the network operator ask your network operator to fix the problem and remove freeradius from your notebook/
In Red Hat Bugzilla #1241930, Luiz (luiz-redhat-bugs) wrote : | #239 |
Yeah, I am a software developer using Fedora as a workstation. Unfortunately my network administrators like Windows, the solution they provided me is to use Ubuntu. If I want to use Linux. I prefer Fedora because I use it since version 13.
I removed the freeradius. The command line is not connecting anymore.
Here is my log. Any thoughts?
Successfully initialized wpa_supplicant
wlp6s0: SME: Trying to authenticate with 94:b4:0f:1b:bc:c5 (SSID='
wlp6s0: Trying to associate with 94:b4:0f:1b:bc:c5 (SSID='
wlp6s0: Associated with 94:b4:0f:1b:bc:c5
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: SME: Trying to authenticate with 94:b4:0f:1b:bc:c5 (SSID='
wlp6s0: Trying to associate with 94:b4:0f:1b:bc:c5 (SSID='
wlp6s0: Associated with 94:b4:0f:1b:bc:c5
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: CTRL-EVENT-
wlp6s0: SME: Trying to authenticat...
In Red Hat Bugzilla #1241930, Vincent (vincent-redhat-bugs) wrote : | #240 |
(In reply to Luiz Pegoraro from comment #29)
> I am still wondering if the issue is on wpa_supplicant or on the hardware,
> because I know a guy who has another PC using Fedora 22 with wpa_supplicant
> 2.4 that connects in the network via NetworkManager.
For F22 with wpa_supplicant 2.4 check this bug too, it seems the openssl library version matters: https:/
> Also that configuration of the phase1, Can I set somewhere in the
> NetworkManager so I don't have to run command lines to connect to the
> network?
I got it working (F23/wpa_
network={
ssid="corpwifi"
key_mgmt=WPA-EAP
eap=PEAP
phase1=
phase2=
identity="***"
password="***"
}
Unfortunately, I couldn't get the above working with the Networkmanager (/etc/wpa_
In Red Hat Bugzilla #1241930, Eran (eran-redhat-bugs) wrote : | #241 |
(In reply to Vincent P. from comment #30)
Sorry for the rookie questions, but:
1. Did you change /etc/wpa_
2. After the change in /etc/wpa_
Thanks
> (In reply to Luiz Pegoraro from comment #29)
> > I am still wondering if the issue is on wpa_supplicant or on the hardware,
> > because I know a guy who has another PC using Fedora 22 with wpa_supplicant
> > 2.4 that connects in the network via NetworkManager.
>
> For F22 with wpa_supplicant 2.4 check this bug too, it seems the openssl
> library version matters: https:/
>
> > Also that configuration of the phase1, Can I set somewhere in the
> > NetworkManager so I don't have to run command lines to connect to the
> > network?
>
> I got it working (F23/wpa_
> wpa_supplicant config and some manual steps:
> network={
> ssid="corpwifi"
> key_mgmt=WPA-EAP
> eap=PEAP
> phase1=
> phase2=
> identity="***"
> password="***"
> }
> Unfortunately, I couldn't get the above working with the Networkmanager
> (/etc/wpa_
> in /etc/wpa_
In Red Hat Bugzilla #1241930, Vincent (vincent-redhat-bugs) wrote : | #242 |
I'm not sure if this is the right place te respond, but hey..wth.
(In reply to Eran B. from comment #31)
> (In reply to Vincent P. from comment #30)
>
> Sorry for the rookie questions, but:
> 1. Did you change /etc/wpa_
> it?
After I did some manual testing (see next answer), I tried to update /etc/wpa_
> 2. After the change in /etc/wpa_
> connect if not by the Networkmanager?
I turned off wifi via the Networkmanager. I created a new wpa_supplicant.conf in /root/ and rand some manual commands:
1. Connect to wifi:
# wpa_supplicant -f /var/log/
2. Get an IP:
# dhclient wlp3s0
After this you should get an IP.
During my tests I fiddled with 'rfkill list all', 'rfkill unblock wifi' and 'ip l set wlp3s0 up' too, but if you get an IP with the above steps, you don't need too.
In Red Hat Bugzilla #1241930, Alberto (alberto-redhat-bugs) wrote : | #243 |
Also reported in <https:/
In Red Hat Bugzilla #1241930, Luiz (luiz-redhat-bugs) wrote : | #244 |
SOLVED TODAY!!! BY NETWORKMANAGER!! Just dnf update -y
I am so thrilled! Thanks you guys!
I guess it was a problem in firmwares, I looked into the logs and there were a lot of new packages for firmwares.
Thanks a lot, I guess saying by using Fedora 23, this can be closed now.
In Red Hat Bugzilla #1241930, Kevin (kevin-redhat-bugs) wrote : | #245 |
As the opener of this bug, I think it can be closed now. While other folks seem to have wireless problems, I don't think they are related to my problem which was fixed for me by an upgrade to our corporate wireless access points. It has continued to work after upgrading from F22 to F23 and a couple of iterations of wpa_supplicant as well.
In Red Hat Bugzilla #1241930, Dan (dan-redhat-bugs) wrote : | #246 |
Yeah, for TLSv1.2 issues updating the RADIUS server or corporate network is obviously the best choice. If that's not possible then the workaround with the supplicant config must be used, but the problem is at the RADIUS server.
Launchpad Janitor (janitor) wrote : | #205 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in wpasupplicant (Ubuntu Saucy): | |
status: | New → Confirmed |
Changed in wpasupplicant (Ubuntu Trusty): | |
status: | New → Confirmed |
Changed in wpasupplicant (Ubuntu Utopic): | |
status: | New → Confirmed |
Changed in wpasupplicant (Ubuntu): | |
status: | New → Confirmed |
Changed in network-manager (Debian): | |
status: | Unknown → New |
tags: | added: trusty xenial |
no longer affects: | network-manager-applet (Ubuntu Saucy) |
no longer affects: | network-manager-applet (Ubuntu Utopic) |
no longer affects: | wpasupplicant (Ubuntu Saucy) |
no longer affects: | wpasupplicant (Ubuntu Utopic) |
Changed in wpasupplicant (Ubuntu): | |
importance: | Undecided → High |
Changed in wpasupplicant (Ubuntu Trusty): | |
importance: | Undecided → High |
tags: | removed: raring regression-release saucy verification-done |
Changed in network-manager-applet (Ubuntu): | |
assignee: | Mathieu Trudel-Lapierre (cyphermox) → nobody |
Changed in network-manager-applet (Ubuntu Trusty): | |
assignee: | Mathieu Trudel-Lapierre (cyphermox) → nobody |
Changed in network-manager-applet (Ubuntu): | |
status: | Fix Released → Triaged |
Changed in network-manager-applet (Ubuntu Trusty): | |
status: | Fix Released → Triaged |
Changed in wpasupplicant (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in wpasupplicant (Ubuntu Trusty): | |
status: | Confirmed → Triaged |
Alberto Salvia Novella (es20490446e) wrote : | #209 |
The bug is still there, and happens despite the network adaptor being used.
description: | updated |
summary: |
- Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without - CA_Certificate + Network manager cannot connect to WPA2/PEAP/MSCHAPv2 enterprise networks + without CA_Certificate, like Eduroam |
summary: |
- Network manager cannot connect to WPA2/PEAP/MSCHAPv2 enterprise networks - without CA_Certificate, like Eduroam + Network manager cannot connect to WPA2/PEAP/MSCHAPv2 wifi enterprise + networks without CA_Certificate, like Eduroam |
summary: |
- Network manager cannot connect to WPA2/PEAP/MSCHAPv2 wifi enterprise + Network manager cannot connect to WPA2/PEAP/MSCHAPv2 enterprise wifi networks without CA_Certificate, like Eduroam |
Changed in fedora: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
In Novell/SUSE Bugzilla #858369, Tchvatal (tchvatal) wrote : | #247 |
This version of openSUSE changed to end-of-life (EOL [1]) status. As such
it is no longer maintained, which means that it will not receive any
further security or bug fix updates.
As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
openSUSE, or consider the bug still valid, please feel free to reopen this
bug against that version, or open a new ticket.
Thank you for reporting this bug and we are sorry it could not be fixed
during the lifetime of the release.
Changed in network-manager (openSUSE): | |
status: | Confirmed → Won't Fix |
Jarurote Tippayachai (jarurote) wrote : | #248 |
This is also appeared on Ubuntu 18.04.1 TLE (64-bit).
After upgrading 64-bit OS from Ubuntu 16.04 TLE to Ubuntu 18.04.1TLE, my pc cannot authenticate with WPA/PEAP/
I try to do following URL; however, it could not help me anyway.
My PC is HP Compaq Pro 4300, CPU: Intel® Core™ i3-3220 CPU @ 3.30GHz × 4, OS: Ubuntu 18.04.1 (64-bit).
Thanks.
Adrián Arroyo Calle (adrian-arroyocalle) wrote : | #249 |
@jarurote check this bug https:/
Chaoqi Zhang (prncoprs) wrote : | #250 |
OMG! It still exists on 2021-12-27, Ubuntu 20.02 LTS 64-bits.
Allan W. Macdonald (allan-w-macdonald) wrote : | #251 |
Still happening on Ubuntu 20.04LTS:
uname -a
Linux nodename 5.15.15-
The workaround suggested in original bug description worked for me but I needed to use someone else's computer in order to find the solution.
Ali Tolga Özbaş (eroniss55) wrote (last edit ): | #252 |
I can confirm the existence of this bug in Ubuntu 22.04 Beta. Everything is up to date. I've tried many things. Still won't work.
Oddly enough, everything was working fine on Arch Linux. I think some patch distros do in this package breaks WPA2 Enterprise.
Ali Tolga Özbaş (eroniss55) wrote : | #253 |
22.04 stable version has been released yesterday, and it still doesn't work on Ubuntu 22.04.
Status changed to 'Confirmed' because the bug affects multiple users.