Bug 1174897 - Wired connection with 802.1x PEAP/MSCHAPv2 not working
Summary: Wired connection with 802.1x PEAP/MSCHAPv2 not working
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 21
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-16 17:24 UTC by willian.oki
Modified: 2015-12-02 16:46 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-02 06:05:51 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description willian.oki 2014-12-16 17:24:29 UTC
Description of problem: I can't get my wired connection working anymore (it was ok on Fedora 20). It's the same hardware and the same network, as follows:

- Dell Latitude E6330 / NIC: 00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network Connection (rev 04)

- Network is 802.1x protected with PEAP / MSCHAPv2


Version-Release number of selected component (if applicable):


How reproducible: every time


Steps to Reproduce:
1. Create a PCI Ethernet using 802.1x + PEAP + MSCHAPv2 (no anonymous, no CA certificate, PEAP Version Auto, username, Ask for this password every time)
2. Turn PCI Ethernet On
3. journalctl -f

Actual results: keeps asking for password over and over again w/o any results; journal output:

Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) starting connection 'Wired connection 1'
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 1 of 5 (Device Prepare) scheduled...
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 1 of 5 (Device Prepare) started...
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 2 of 5 (Device Configure) scheduled...
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 1 of 5 (Device Prepare) complete.
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 2 of 5 (Device Configure) starting...
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: prepare -> config (reason 'none') [40 50 0]
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1/wired): connection 'Wired connection 1' has security, but secrets are required.
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: config -> need-auth (reason 'none') [50 60 0]
Dec 16 15:21:32 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 2 of 5 (Device Configure) complete.
Dec 16 15:21:32 ni-92488-0 gnome-session[1554]: (gnome-shell:1794): Gjs-WARNING **: JS ERROR: TypeError: this._activeConnection._connection is null
Dec 16 15:21:32 ni-92488-0 gnome-session[1554]: NMConnectionDevice<._activeConnectionChanged@resource:///org/gnome/shell/ui/status/network.js:393
Dec 16 15:21:32 ni-92488-0 gnome-session[1554]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 1 of 5 (Device Prepare) scheduled...
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 1 of 5 (Device Prepare) started...
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: need-auth -> prepare (reason 'none') [60 40 0]
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 2 of 5 (Device Configure) scheduled...
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 1 of 5 (Device Prepare) complete.
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 2 of 5 (Device Configure) starting...
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: prepare -> config (reason 'none') [40 50 0]
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1/wired): connection 'Wired connection 1' requires no security. No secrets needed.
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Activation (em1) Stage 2 of 5 (Device Configure) complete.
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1) supports 0 scan SSIDs
Dec 16 15:21:41 ni-92488-0 gnome-session[1554]: (gnome-shell:1794): GLib-GObject-CRITICAL **: g_value_get_string: assertion 'G_VALUE_HOLDS_STRING (value)' failed
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1): supplicant interface state: starting -> ready
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'password' value '<omitted>'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'key_mgmt' value 'IEEE8021X'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'eapol_flags' value '0'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'eap' value 'PEAP'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'fragment_size' value '1300'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'phase2' value 'auth=MSCHAPV2'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: added 'identity' value 'woki'
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1): supplicant interface state: ready -> disconnected
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1) supports 0 scan SSIDs
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> Config: set interface ap_scan to 0
Dec 16 15:21:41 ni-92488-0 NetworkManager[765]: <info> (em1): supplicant interface state: disconnected -> associated
Dec 16 15:21:56 ni-92488-0 NetworkManager[765]: <info> Activation (em1/wired): disconnected during authentication, asking for new key.
Dec 16 15:21:56 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: config -> need-auth (reason 'supplicant-disconnect') [50 60 8]
Dec 16 15:21:58 ni-92488-0 NetworkManager[765]: <warn> User canceled the secrets request.
Dec 16 15:21:58 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: need-auth -> failed (reason 'no-secrets') [60 120 7]
Dec 16 15:21:58 ni-92488-0 NetworkManager[765]: <warn> Activation (em1) failed for connection 'Wired connection 1'
Dec 16 15:21:58 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: failed -> disconnected (reason 'none') [120 30 0]
Dec 16 15:21:58 ni-92488-0 NetworkManager[765]: <info> (em1): deactivating device (reason 'none') [0]
Dec 16 15:21:58 ni-92488-0 gnome-session[1554]: (gnome-shell:1794): Gjs-WARNING **: JS ERROR: TypeError: this._activeConnection._connection is null
Dec 16 15:21:58 ni-92488-0 gnome-session[1554]: NMConnectionDevice<._activeConnectionChanged@resource:///org/gnome/shell/ui/status/network.js:393
Dec 16 15:21:58 ni-92488-0 gnome-session[1554]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169


Expected results:


Additional info: it keeps asking for the password withou any results; it seems a problem's been introduced affecting wpa_supplicant / dhcp (my guess).

Comment 1 Rob 2015-02-17 19:14:58 UTC
can confirm i'm also seeing this bug on my network.

Comment 2 Jason Birch 2015-02-24 06:23:01 UTC
I've seen this with PEAP/GTC as well. In my case, however, I think it's coming from wpa_supplicant not negotiating the connection because of self-signed certificates, and NetworkManager just being the messenger of failure. Is this what's happening to you, given this log line in your message?

Dec 16 15:21:56 ni-92488-0 NetworkManager[765]: <info> (em1): device state change: config -> need-auth (reason 'supplicant-disconnect') [50 60 8]

Comment 3 willian.oki 2015-03-02 20:33:09 UTC
hi guys! it's working ok since 2 months ago (sorry for not updating). i'm pretty sure it was an issue on my network.

Comment 4 Dan Williams 2015-03-02 20:40:23 UTC
If anyone could get some more information from verbose supplicant debug logs, that would be great. They may contain personal information, so don't paste them in here, but feel free to send them to my email address and I"ll extract the relevant bits.  Here's the procedure:

1) mv /usr/sbin/wpa_supplicant /
2) killall -TERM wpa_supplicant
3) /wpa_supplicant -dddtu (and redirect to a logfile if you like, or just copy & paste terminal output into an editor)
4) reconnect, and wait for the log spew and the connection to fail

If it is indeed certificate problems, you'll see that pretty clearly in the log output.

Comment 5 Jason Birch 2015-03-03 03:20:44 UTC
Hi Dan,

When I suffered from this issue, the wpa_supplicant logs clearly stated that they were rejecting the connection because the certificate was self-signed. There's some fun to be had there in terms of user experience around "If you're not going to accept the certificate, don't continue to prompt me for my password", but I think that's outside the remit of this ticket.

Since I explicitly added a path to the certificate to use, the wpa_supplicant error disappears, and the original issue here disappears also.

Comment 6 Fedora Admin XMLRPC Client 2015-08-18 14:58:07 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 7 Fedora End Of Life 2015-11-04 10:48:04 UTC
This message is a reminder that Fedora 21 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 21. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '21'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 21 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 8 Fedora End Of Life 2015-12-02 06:05:55 UTC
Fedora 21 changed to end-of-life (EOL) status on 2015-12-01. Fedora 21 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.