Bug 465022
Summary: | Unable to connect to WPA WLAN using PEAP authentification | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sascha Zorn <Sascha.Zorn> | ||||
Component: | wpa_supplicant | Assignee: | Dan Williams <dcbw> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 10 | CC: | cra, dcbw, sriram.rajan | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 0.6.4-3.fc10 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-02-24 21:00:44 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Maybe this helps as well: EAP-PEAP: Invalid Compound_MAC in cryptobinding TLV EAP-TLV: Result TLV - hexdump(len=2): 00 01 EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed EAP-TLV: Earlier failure - force failed Phase 2 EAP-PEAP: Compound_MAC CMK - hexdump(len=20): d0 ea ae b7 c4 25 a8 5b 01 4e 67 46 eb 51 a6 14 91 2f e3 7e EAP-PEAP: Compound_MAC data 1 - hexdump(len=60): 00 0c 00 38 00 00 00 01 1a 55 7c aa ac 0f 3a b2 91 9b d0 90 5a 53 63 26 c3 0c 1c 71 3d d3 ba a4 e0 fd e1 15 44 66 7d b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAP-PEAP: Compound_MAC data 2 - hexdump(len=1): 19 EAP-PEAP: Compound_MAC - hexdump(len=20): b5 bc c1 e1 c5 a2 4f 62 47 49 38 f1 99 ad dd a2 51 52 7e ae I've played arround a bit and found out that this config works perfect with wpa_supplicant-0.6.3-5.fc9.i386.rpm In wpa_supplicant-0.6.3-6.fc9.i386.rpm will not be established. So Fedora 9 is also affected. I therefore set version to 9 and severity to high. Does this still happen with wpa_supplicant-0.6.4-2.fc9 ? http://koji.fedoraproject.org/koji/search?terms=wpa_supplicant-0.6.4-2.fc9&type=build&match=glob Yes, it still fails! Associated with 00:12:cf:19:db:40 CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) EAP-MSCHAPV2: Authentication succeeded EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed EAP-TLV: Earlier failure - force failed Phase 2 CTRL-EVENT-EAP-FAILURE EAP authentication failed CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys This bug still exists in FC9 AND FC10! Apparently fixed in wpa_supplicant 0.6.7. Will do a testing package. Please test out: Rawhide: http://koji.fedoraproject.org/koji/taskinfo?taskID=1094347 F-10: http://koji.fedoraproject.org/koji/taskinfo?taskID=1094401 F-9: http://koji.fedoraproject.org/koji/taskinfo?taskID=1094414 The f10 and f9 ones will get pushed to updates-testing in the next updates push, but you can get them from the links if you'd like to test more quickly. wpa_supplicant-0.6.4-3.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update wpa_supplicant'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-1333 wpa_supplicant-0.6.4-3.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update wpa_supplicant'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-1359 Just installed package wpa_supplicant.i386 0.6.4-3.fc10 and still getting: CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) EAP-MSCHAPV2: Authentication succeeded EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed EAP-TLV: Earlier failure - force failed Phase 2 CTRL-EVENT-EAP-FAILURE EAP authentication failed I'm trying WPA2 with PEAP and no luck yet. TRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected EAP-PEAP: Failed to select forced PEAP version 1 OS: Fedora 9 Kernel: 2.6.26.3-29.fc9.x86_64 #1 SMP wpa_supplicant-0.6.4-2.fc9.x86_64 Hardware : HP DV9700, Broadcom Corporation BCM4328 802.11a/b/g/n Card Try adding "eapol_version=2" to your config. This should be an simple misconfiguration. (In reply to comment #11) > I'm trying WPA2 with PEAP and no luck yet. > > TRL-EVENT-EAP-STARTED EAP authentication started > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected > EAP-PEAP: Failed to select forced PEAP version 1 Do you have "peapver=1" in your config? Looks like your authenticator may not support peap v1, but instead use peap v0. EAP-PEAP: Failed to select forced PEAP version 1 that means the server does not like or support PEAP v1. Try PEAP v0 instead. wpa_supplicant-0.6.4-3.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. wpa_supplicant-0.6.4-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 318599 [details] Detailed log from wpa_supplicant Description of problem: I'm trying to connect to a WPA/WPA2 encrypted WLAN using PEAP authentification. CA certificate check is disabled, PEAP version is 0 and I'm using MSCHAPv2 for handshake(tunnelled MSCHAPv2). Connection is not established because of the following error: EAP-TLV: Earlier failure - force failed Phase 2. For more details, I have attached an verbose dump. Version-Release number of selected component (if applicable): wpa_supplicant.i386 1:0.6.4-1.fc10 How reproducible: Config looks like network={ ssid="BAKA-KEY" key_mgmt=WPA-EAP eap=PEAP identity="DOMAIN\USERNAME" password="xxx" phase2="auth=MSCHAPV2" } Steps to Reproduce: 1. Try to connect to the WLAN that needs PEAP/MSCHAPv2 2. Wait until it fails Actual results: No connection Expected results: Successful connection