Bug 1245766

Summary: Can't connect to 802.1x WPA2 Enterprise WIFI with wpa_supplicant version 2.4
Product: [Fedora] Fedora Reporter: Andreas Petzold <andreas.petzold>
Component: wpa_supplicantAssignee: Dan Williams <dcbw>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 22CC: andreas.petzold, davebarton, dcbw, jklimes, kent, lkundrak, mdl-mailing, tore, ville.skytta, wallacehermano
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-02 16:51:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
journalctl log for NetworkManager
none
journalctl log for wpa_supplicant
none
wpa_supplicant's own log none

Description Andreas Petzold 2015-07-22 17:11:25 UTC 
Description of problem:

I can't connect to the local WPA2 Enterprise secured WIFI with wpa_supplicant 2.4. Downgrading to 2.3 fixes the problem 

Version-Release number of selected component (if applicable):

2.4-3

How reproducible:

Always

Steps to Reproduce:
1. Set up a WPA2 Enterprise WIFI connection with NetworkManager
2. Try to connect
3.

Actual results:

Connection to WIFI fails.

Expected results:

Connection to WIFI works.

Additional info:

Downgrading to 2.3-3 fixes the problem immediately.
Comment 1 Andreas Petzold 2015-07-23 12:14:01 UTC 
I've found another reference to the problem:

http://lists.opensuse.org/opensuse-factory/2015-05/msg00276.html
Comment 2 David Barton 2015-08-04 10:08:57 UTC 
As described in <http://www.fangxiang.tk/2015/05/11/gentoo-downgrade-package/> there are several possible solutions, the best one being that the wireless network operator upgrades their authentication server to a version with fewer bugs. Obviously we can't all do this so it would be nice to have a more graceful fallback...
Comment 3 Jirka Klimes 2015-08-11 09:14:22 UTC 
Would you attach logs so that we can see what was happening?
# journalctl -b 0 -u NetworkManager
# journalctl -b 0 -u wpa_supplicant
Comment 4 David Barton 2015-08-12 16:32:49 UTC 
Created attachment 1062100 [details]
journalctl log for NetworkManager
Comment 5 David Barton 2015-08-12 16:33:22 UTC 
Created attachment 1062101 [details]
journalctl log for wpa_supplicant
Comment 6 David Barton 2015-08-12 16:33:59 UTC 
Created attachment 1062102 [details]
wpa_supplicant's own log
Comment 7 David Barton 2015-08-12 16:35:57 UTC 
Logs added as requested - it's almost certainly a server side problem due to a buggy TLS 1.2 implementation (various references are available on the web, a buggy Open Radius server or something like that); it seems particularly common at universities... Sadly I'm not at liberty to change anything server side.
Comment 8 Ville Skyttä 2015-10-02 16:51:16 UTC 

*** This bug has been marked as a duplicate of bug 1241930 ***