Summary: | knetworkmanager fails to connect to enterprise networks with TLS/certificates | ||
---|---|---|---|
Product: | [Unmaintained] Network Management | Reporter: | Lars Scheiter <lars.scheiter> |
Component: | Wireless | Assignee: | Will Stephenson <wstephenson> |
Status: | RESOLVED DUPLICATE | ||
Severity: | normal | CC: | alberto.quattrinili, cordlandwehr, dietrichmathias, ilia-kats, sven.burmeister, wolf.behrenhoff |
Priority: | NOR | ||
Version: | 0.9 | ||
Target Milestone: | --- | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Lars Scheiter
2009-10-07 11:15:30 UTC
There are two things to consider. First, try with a clean config, e.g. a new test-user, yet that's more in regard to knm not saving settings. Regarding the certificate, check what /var/log/wpa_supplicant tells you while knm tries to connect. NM cannot handle certificate chains for example and you might have to install certificates to /etc/ssl/certs. I'm experience exactly the same. My version is nertwork-manager-kde version is 1:0.8~svn1029786-1 (installed in Debian Testing/Unstable). Although nm-applet works fine. I get the following output in /var/log/syslog on connection try: Oct 27 10:53:30 sooner wpa_supplicant[2918]: CTRL-EVENT-SCAN-RESULTS Oct 27 10:53:30 sooner wpa_supplicant[2918]: Trying to associate with 00:24:c4:d2:d8:11 (SSID='eduroam' freq=2462 MHz) Oct 27 10:53:30 sooner wpa_supplicant[2918]: Association request to the driver failed Oct 27 10:53:30 sooner NetworkManager: <info> (wlan0): supplicant connection state: scanning -> associating Oct 27 10:53:30 sooner kernel: [18714.064595] wlan0: authenticate with AP 00:24:c4:d2:d8:11 Oct 27 10:53:30 sooner kernel: [18714.202051] wlan0: authenticated Oct 27 10:53:30 sooner kernel: [18714.202058] wlan0: associate with AP 00:24:c4:d2:d8:11 Oct 27 10:53:30 sooner kernel: [18714.211121] wlan0: RX AssocResp from 00:24:c4:d2:d8:11 (capab=0x431 status=0 aid=6) Oct 27 10:53:30 sooner kernel: [18714.211127] wlan0: associated Oct 27 10:53:30 sooner wpa_supplicant[2918]: Associated with 00:24:c4:d2:d8:11 Oct 27 10:53:30 sooner NetworkManager: <info> (wlan0): supplicant connection state: associating -> associated Oct 27 10:53:30 sooner wpa_supplicant[2918]: CTRL-EVENT-EAP-STARTED EAP authentication started Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:140CA00D:SSL routines:SSL_use_PrivateKey_ASN1:ASN1 lib Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:140CA00D:SSL routines:SSL_use_PrivateKey_ASN1:ASN1 lib Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: pending error: error:140CD00D:SSL routines:SSL_use_RSAPrivateKey_ASN1:ASN1 lib Oct 27 10:53:30 sooner wpa_supplicant[2918]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected Oct 27 10:53:30 sooner wpa_supplicant[2918]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reas on(0) Oct 27 10:53:30 sooner wpa_supplicant[2918]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Oct 27 10:53:30 sooner NetworkManager: <info> (wlan0): supplicant connection state: associated -> 4-way handshake On the other side: when using nm-applet the output looks like this: Oct 27 10:53:30 sooner dhclient: Oct 27 10:53:30 sooner NetworkManager: <info> DHCP: device wlan0 state changed normal exit -> preinit Oct 27 10:53:30 sooner dhclient: Listening on LPF/wlan0/00:1b:77:8f:73:44 Oct 27 10:53:30 sooner dhclient: Sending on LPF/wlan0/00:1b:77:8f:73:44 Oct 27 10:53:30 sooner dhclient: Sending on Socket/fallback Oct 27 10:53:32 sooner dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 4 Oct 27 10:53:36 sooner dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 11 Oct 27 10:53:36 sooner dhclient: DHCPOFFER from 131.234.48.1 Oct 27 10:53:36 sooner dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Oct 27 10:53:36 sooner dhclient: DHCPACK from 131.234.48.1 Oct 27 10:53:36 sooner dhclient: bound to 131.234.52.236 -- renewal in 460 seconds. Oct 27 10:53:36 sooner NetworkManager: <info> DHCP: device wlan0 state changed preinit -> bound Oct 27 10:53:36 sooner NetworkManager: <info> Activation (wlan0) Stage 4 of 5 (IP Configure Get) scheduled... Oct 27 10:53:36 sooner NetworkManager: <info> Activation (wlan0) Stage 4 of 5 (IP Configure Get) started... Oct 27 10:53:36 sooner NetworkManager: <info> address 131.234.52.236 Oct 27 10:53:36 sooner NetworkManager: <info> prefix 21 (255.255.248.0) Oct 27 10:53:36 sooner NetworkManager: <info> gateway 131.234.48.1 Oct 27 10:53:36 sooner NetworkManager: <info> nameserver '131.234.137.23' Oct 27 10:53:36 sooner NetworkManager: <info> nameserver '131.234.137.24' Oct 27 10:53:36 sooner NetworkManager: <info> domain name 'uni-paderborn.de' Oct 27 10:53:36 sooner NetworkManager: <info> Activation (wlan0) Stage 5 of 5 (IP Configure Commit) scheduled... Oct 27 10:53:36 sooner NetworkManager: <info> Activation (wlan0) Stage 4 of 5 (IP Configure Get) complete. Oct 27 10:53:36 sooner NetworkManager: <info> Activation (wlan0) Stage 5 of 5 (IP Configure Commit) started... Oct 27 10:53:36 sooner avahi-daemon[1813]: Joining mDNS multicast group on interface wlan0.IPv4 with address 131.234.52.236. Oct 27 10:53:36 sooner avahi-daemon[1813]: New relevant interface wlan0.IPv4 for mDNS. Oct 27 10:53:36 sooner avahi-daemon[1813]: Registering new address record for 131.234.52.236 on wlan0.IPv4. Oct 27 10:53:37 sooner NetworkManager: <info> (wlan0): device state change: 7 -> 8 Oct 27 10:53:37 sooner NetworkManager: <debug> [1256637217.075008] periodic_update(): Roamed from BSSID 00:24:C4:D2:D2:FE (eduroam) to 00:24:C4:D2:D8:11 (eduroam) Oct 27 10:53:37 sooner NetworkManager: <info> Policy set 'Auto eduroam' (wlan0) as default for routing and DNS. Oct 27 10:53:37 sooner NetworkManager: <info> Activation (wlan0) successful, device activated. Oct 27 10:53:37 sooner NetworkManager: <info> Activation (wlan0) Stage 5 of 5 (IP Configure Commit) complete. Failed to read possible Application Data error:00000000:lib Hints towards having some wrong password or username used for authentication. You could remove the old connection and start a new one. Whatever package version is included in openSUSE 11.2 does work for eduroam with certificate (not chain) and TTLS. You can use http://userbase.kde.org/NetworkManagement#It.27s_All_KDE.27s_Fault.21 to debug as well. Also for me is the same. I have debian (unstable) as OS with knetwork-manager version 0.7~~svn941706-2. When I try to fill the information about EAP for a WPA Enterprise encryption, in particular "private secret key", "private keyfile" and CA Certificate, network manager doesn't store this information in the config file (~/.kde/share/config/knetworkmanagerrc) and indeed when I retry to edit the connection, the informations fields, stated before, are blank. If someone can say me which variables are associated to these fields (e.g. Value_ca-path for ca certificate path; I don't know if it is correct), I can try to add them manually in the config file and see what happen. Furthermore if I choose EAP-TLS as method, in the method phase 2 it's shown no method available ("none"), and I can't choose MSchapv2, although in the config file it is reported ("Value_phase2-auth=<string>mschapv2</string>\n ") (In reply to comment #4) > Also for me is the same. I have debian (unstable) as OS with knetwork-manager > version 0.7~~svn941706-2. svn941706 is way too old. svn1040608 is a current revision. And just in case, do not use the plasmoid but the "normal" knetworkmanager which is shown in the systray. I have the last version in svn repo, and the issue is partially solved. It still cannot save CA certificate (it automatically checks "Use System CA Certs"). Private key and Private Key password now are saved. However now there isn't any field regarding "anonymous identity", while previously there was it in the information about EAP for a WPA Enterprise encryption, and I need this field to connect to my campus network (don't know if network manager manage identity and anonymous identity as same). This problem still exists, also in 4.4.0 (using Kubuntu packages), I just tried it today after upgrading KDE. I can connect to the Eduroam network using Gnome's nm-applet but it does not work with KDE's knetworkmanager. For WPA PSK networks, knetworkmanager just works fine. I would really appreciate a fix. This problem still exists in 4.5. (Kubuntu 10.04). Gnome's network manager works with WPA-Enterprise TLS or PEAP. If I create an connection for WPA-Enterprise TLS, I can fill all fields at the configuration but after this I cannot use the created configuration although it is displayed. Configuration also works for WPA-Enterpise PEAP but it fails at the connecting attemps. Seems like something must be wrong. Is this bug a dup of bug 209673? Yes it seems like it is same as bug 235541 and 209673. Thanks for the hint. Yes, seems to be the same bug. At least for me the workaround described in bug 209673 works. the same issue is still in kde 4.5.2 *** This bug has been marked as a duplicate of bug 209673 *** |