Eduroam - transition from Wicd to netctl

71GA · 2015-09-15 10:44:00

I reecently dropped wicd, when I found out that netctl just works and is quite simple compared to all others network managers. So I already had a working eduroam previously on wicd and now I just have to create a netctl profile which will do the same.

I first installed a package netctl-eduroam from AUR, installed it and then I created my profile based on the downloaded example:

sudo cp /etc/netctl/examples/eduroam /etc/netctl/sckr-eduroam

and I edited it to resemble files that I used with my wicd (I hid my password and user name):

Connection='wireless'
Interface=wlp2s0
Security='wpa-configsection'
Description="SC Kranj - Eduroam (dhcp)"
IP='dhcp'
TimeoutWPA=30
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    #'proto=WPA2'
    'phase2="auth=PAP"'
    'anonymous_identity="anonymous@sser.sckr.si"'
    'identity="****.*********@sser.sckr.si"'
    'ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/sc_kranj/sc_kranj.pem"'
    'password="********"'
)

But when I start netctl, it wont start because WPA association/authentication failed for interface 'wlp2s0':

[ziga@Ziga-laptop ~]$ sudo netctl start sckr-eduroam
Job for netctl@sckr\x2deduroam.service failed because the control process exited with error code. See "systemctl status "netctl@sckr\\x2deduroam.service"" and "journalctl -xe" for details.

[ziga@Ziga-laptop ~]$ systemctl status "netctl@sckr\\x2deduroam.service"
● netctl@sckr\x2deduroam.service - Networking for netctl profile sckr-eduroam
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since tor 2015-09-15 11:58:16 CEST; 14s ago
     Docs: man:netctl.profile(5)
  Process: 3742 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 3742 (code=exited, status=1/FAILURE)

sep 15 11:57:44 Ziga-laptop systemd[1]: Starting Networking for netctl profile sckr-eduroam...
sep 15 11:57:44 Ziga-laptop network[3742]: Starting network profile 'sckr-eduroam'...
sep 15 11:58:16 Ziga-laptop network[3742]: WPA association/authentication failed for interface 'wlp2s0'
sep 15 11:58:16 Ziga-laptop network[3742]: Failed to bring the network up for profile 'sckr-eduroam'
sep 15 11:58:16 Ziga-laptop systemd[1]: netctl@sckr\x2deduroam.service: Main process exited, code=exited, status=1/FAILURE
sep 15 11:58:16 Ziga-laptop systemd[1]: Failed to start Networking for netctl profile sckr-eduroam.
sep 15 11:58:16 Ziga-laptop systemd[1]: netctl@sckr\x2deduroam.service: Unit entered failed state.
sep 15 11:58:16 Ziga-laptop systemd[1]: netctl@sckr\x2deduroam.service: Failed with result 'exit-code'.
Hint: Some lines were ellipsized, use -l to show in full.

My wpa_supplicant is running:

[ziga@Ziga-laptop ~]$ systemctl | grep wpa
wpa_supplicant.service                                                                                     loaded active running   WPA supplicant

and its configuration file /etc/wpa_supplicant_wpa_supplicant.conf looks like this:

ctrl_interface=/var/run/wpa_supplicant
update_config=1

# EDUROAM SC Kranj.
network={
  ssid="eduroam"
  key_mgmt=WPA-EAP
  eap=TTLS
  ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/sc_kranj/sc_kranj.pem"
  identity="****.********@sser.sckr.si"
  phase2="auth=PAP"
  password="*******"
  anonymous_identity="anonymous@sser.sckr.si"
}

Last edited by 71GA (2015-09-15 10:59:10)

71GA · 2015-10-21 11:34:10

I allso tried using other templates on AUR, but unsucessfull still. Weird...

Alad · 2015-10-21 11:38:23

Try wpa_supplicant directly before adding abstractions. For one, it should tell you what's going on, rather than netctl's "It doesn't work".

71GA · 2015-10-21 11:39:25

Alad wrote:

Try wpa_supplicant directly before adding abstractions. For one, it should tell you what's going on, rather than netctl's "It doesn't work".

Thank you. I will look into the Wiki.

tsh · 2015-10-23 22:30:44

Another user had a related problem; have a loot at this: https://bbs.archlinux.org/viewtopic.php?id=201901

71GA · 2015-11-05 14:19:58

tsh wrote:

Another user had a related problem; have a loot at this: https://bbs.archlinux.org/viewtopic.php?id=201901

I tried configuring my eduroam like he did:

Description='eduroam'
Interface='wlp2s0'
Connection='wireless'
IP='dhcp'
ESSID='eduroam'
Security='wpa-configsection'
WPAConfigSection=(
   'ssid="eduroam"'
   'key_mgmt=WPA-EAP'
   'eap=PEAP'
   'proto=WPA RSN'
   'identity="USER@sser.sckr.si"'
   'anonymous_identity="anonymous@sser.sckr.si"'
   'ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/sc_kranj/sc_kranj.pem"'
   'phase2="auth=MSCHAPV2 password=PASSWORD"'
)

But this doesn't solve the problem.

respiranto · 2015-11-05 15:56:37

You should not copy and paste anything from there.
Instead, I would assume, that you simply needed to add password=PW to the phase2.
Furthermore you should keep the plain variable password.

That at least is how it works for me, although I don't use eduroam, but something that seems to be more or less equivalent to it.

All my other settings are the same as your original ones, except for scan_ssid=1, which I added because it was in either the man page or the wiki, however I can't confirm now, whether it is necessary (for me).

71GA · 2015-11-05 16:10:36

respiranto wrote:

You should not copy and paste anything from there.
Furthermore you should keep the plain variable password.

How do you mean? I don't think I understand what you wanted to tell me here.

respiranto · 2015-11-05 16:24:47

71GA wrote:

respiranto wrote:
You should not copy and paste anything from there.
Furthermore you should keep the plain variable password.
How do you mean? I don't think I understand what you wanted to tell me here.

It seemed to me that you just copied the configuration from the other thread.
I have just realized there is no such complete working configuration, but basically I wanted to say, taht you should rather adapt your own configuration than replace it completely.

This is because I assume you had a reason to choose EAP-TTLS and PAP.

The "plain" variable is maybe better to be called outer variable, it is marked in the configuration file below, that I modified in a way I assume it to work:

ctrl_interface=/var/run/wpa_supplicant
update_config=1

# EDUROAM SC Kranj.
network={
  ssid="eduroam"
  key_mgmt=WPA-EAP
  eap=TTLS
  ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/eduroam/sc_kranj/sc_kranj.pem"
  identity="****.********@sser.sckr.si"
  phase2="auth=PAP password=*******" # added inner password variable
  password="*******"                 # plain variable to be kept
  anonymous_identity="anonymous@sser.sckr.si"
}

71GA · 2016-10-10 05:46:49

Alad wrote:

Try wpa_supplicant directly before adding abstractions. For one, it should tell you what's going on, rather than netctl's "It doesn't work".

I finally got back to eduroam problem which I had in previous years. Thanks to your comment and wiki I could disect my problem a bit better by only using wpa_supplicant which I realized later is a network manager all by itself. So there is actually no need for netctl.

Ok so what I tried this year is I first went to the official eduroam site and I used their official CAT tool to download script for my organisation which is this one. Now this script is said to work only if package networkmanager is installed, but I had lots of problems with it and I perfer using wpa_supplicant which are easier to debug. So I opened the script using text editor and I found two interesting sections inside. One was a certifficate:

that I copied to /home/ziga/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/eduroam.pem. The other was this section:

network={
  ssid="eduroam"
  key_mgmt=WPA-EAP
  pairwise=CCMP
  group=CCMP TKIP
  eap=TTLS
  ca_cert="${HOME}/.cat_installer/ca.pem"
  identity="${USER_NAME}"
  domain_suffix_match="orle.arnes.si"
  phase2="auth=PAP"
  password="${PASSWORD}"
  anonymous_identity="anonymous@sckr.si"
}

which I copied in /home/ziga/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/wpa_config-eduroam.conf and edited my login name, my password and I added first two lines like instructed in the wiki. So this is what I got in the end:

ctrl_interface=/var/run/wpa_supplicant
update_config=1

network={
    ssid="eduroam"
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP TKIP
    eap=TTLS
    ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/eduroam.pem"
    identity="*******.*************@sser.sckr.si"
    domain_suffix_match="orle.arnes.si"
    phase2="auth=PAP"
    password="**********"
    anonymous_identity="anonymous@sckr.si"
}

Now when I start wpa_supplicant in the background it first looks like everything works well:

sudo wpa_supplicant -B -i wlp3s0 -c ~/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/wpa_config-eduroam.conf 
Successfully initialized wpa_supplicant

But when I execute wpa_cli as a superuser and try to connect to eduroam this happens:

wpa_cli v2.6
Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi> and contributors

This software may be distributed under the terms of the BSD license.
See README for more details.

Selected interface 'wlp3s0'

Interactive mode

> scan
OK
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam"
<3>SME: Trying to authenticate with 2c:44:fd:4b:e7:80 (SSID='eduroam' freq=5660 MHz)
<3>Trying to associate with 2c:44:fd:4b:e7:80 (SSID='eduroam' freq=5660 MHz)
<3>Associated with 2c:44:fd:4b:e7:80
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
<3>CTRL-EVENT-EAP-STATUS status='started' parameter=''
<3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
<3>CTRL-EVENT-EAP-STATUS status='accept proposed method' parameter='TTLS'
<3>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
<3>CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=SI/O=ARNES/OU=AAI/CN=Arnes CA za streznike Eduroam/emailAddress=aaa-podpora@arnes.si' hash=3323b7732ceb8d649f61854004d45024729239f636a190d86da7237565781d1a
<3>CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=SI/O=ARNES/OU=AAI/CN=Arnes CA za streznike Eduroam/emailAddress=aaa-podpora@arnes.si' cert=3082065830820440a0030201020206124cc42dad16300d06092a864886f70d01010505003078310b3009060355040613025349310e300c060355040a130541524e4553310c300a060355040b1303414149312630240603550403131d41726e6573204341207a6120737472657a6e696b6520456475726f616d3123302106092a864886f70d01090116146161612d706f64706f72614061726e65732e7369301e170d3132303931383132323930335a170d3232303931383132323930335a3078310b3009060355040613025349310e300c060355040a130541524e4553310c300a060355040b1303414149312630240603550403131d41726e6573204341207a6120737472657a6e696b6520456475726f616d3123302106092a864886f70d01090116146161612d706f64706f72614061726e65732e736930820222300d06092a864886f70d01010105000382020f003082020a0282020100c929fa7a6ed71e06d3a5fa1fccf1100f0b7fda38d87924695e187b20d01abeabbcba56231ffea6136aba60a3940cec171044b7774d884d560968ad1bcee2486a06e5740d47aeb7e8b99bf222cdf2823452d69902792ac980e6f09f3a64153f3ff95a28779f955d7a3ba698d0f7a728ba0602a3497892569b0d0a52f961c217066e1e2133fc928f87cefcc654c56be35bbb97fb2d20ae5e6a3505d65fb24e5d84068a1a20b37b76967c6cff7272577d4bcd8bdf1ed2b4affdce76067ecfb86ac40454287107febd37447e9e194cec0ccc409528d1efa303fa51360ddb4c457272b3285f25fab04d214d67cd23cdd191795d0c176678770dd05777717808e8652b9a7efbb6a4b55324f45f3df6461a7327135dc49ee9611ba79a27798dde3ca2c530247aedeb8fdbbd1d47204e6f5435af6402b1d1f879525088c140e7ac93817387f97b778977681b195112f75603a21a8d5f6f0f272933670b3e9421d32ed7a70e6a3ff30437a9fbf0b7a116aeeaa680c7032bfe78d45216a3082b797fcb508eba919b61f8cf27125a7c6d6da0f2d5b6db1cbcb02401fbfb6b1e71d8c3307a789078bead5df560ef8ff2b69fac3169be0a83d6224c926b0487df31d302f226467a1b36b1ea1035fc946360d4aa726e518c48266db08b2e779af02181d4c48130f5839f25f704223ecbd76ad6a4686909bb8e73751c71a9943911357dd7f538570203010001a381e73081e4301d0603551d0e04160414681ed47a3a179a96f17c148fea46b66e29f98d993081a70603551d2304819f30819c8014681ed47a3a179a96f17c148fea46b66e29f98d99a17ca47a3078310b3009060355040613025349310e300c060355040a130541524e4553310c300a060355040b1303414149312630240603550403131d41726e6573204341207a6120737472657a6e696b6520456475726f616d3123302106092a864886f70d01090116146161612d706f64706f72614061726e65732e73698206124cc42dad16300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010505000382020100850a93f777872f64c2d922550ed0bfb677628e89f03a495555c911e20410d10a0260b0f75bd655287884c93519d4c289e984b096257a273caf8174ddf0352bf988500fcf4ae8f6a9f8e10e6cd161d95f4e0699b7680829ba65171f6588262201a34cf574bac3a8a915645c7a0556f8b20e6fd093352ab74a9a2b750997f128159a303f2468c2f8a754bb42c29181020c22e4925b0b53421e5c5135bdcc651ee1110797717729e7a32125fb917a7ffe721fb24db1375a329b5542c0706f76bd1d3d814d5e378ec146279216114bcb76868fc4d46b2fde5f00715308caeb2411a8a83f607fa60d3985c65c50ea3c667ad603a2b8f3f7398316375bd762e31dc69401e3eda33937fa95d2926a766a1237faec81f846b6c6afa80f4a4d5061b706781b251bf74ce81a393c079542ea16bd3355e7afe4081755372bce32c5ed95209a08b318b25683d2e70b73fe87f6536182447ede16f2822c2d1255f5f9a5ce4037e24a6d2cbf7cc459af04c08da8e5e88476f2ce2a4b7b83b7e9d967f2ce94e975096db70f24218c33852dabe1d40d43bc9713355d37dfc403abd393b4eed8716803945263c078a7a4bfb637d63d3240fb6145713c72309743538605838b5da5260a171538be4e783d1677e90e5e93bdee65c2b20afe8d2da9d8222d80ee677d66f3536a7d3f5b9305b9cdb49850b6bf6ed3d409a67d88f9eaba35685f4ec5b317
<3>CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=SI/L=Ljubljana/O=Arnes/CN=orle.arnes.si' hash=3bcc359d3e94646eef522d99b6dc0568158378fcc55eda90b8f7fe1f097ae10e
<3>CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=SI/L=Ljubljana/O=Arnes/CN=orle.arnes.si' cert=3082062b30820413a00302010202090117a6c6bdd4e00fb9300d06092a864886f70d01010b05003078310b3009060355040613025349310e300c060355040a130541524e4553310c300a060355040b1303414149312630240603550403131d41726e6573204341207a6120737472657a6e696b6520456475726f616d3123302106092a864886f70d01090116146161612d706f64706f72614061726e65732e7369301e170d3135313031323038313333385a170d3137313031313038313333385a3049310b300906035504061302534931123010060355040713094c6a75626c6a616e61310e300c060355040a130541726e6573311630140603550403130d6f726c652e61726e65732e736930820222300d06092a864886f70d01010105000382020f003082020a0282020100ddcc98211783c553b5063c736c5b7af5e0fb48c9565e6dd0f01c60c9575062b1cd9438b6641b371afaddeb65d5729c4025efe444d05d6eb0d7e2d0c9183ab159c6e2506fe0f0336913588fbe77e3458d5591b6fcff07a24574e3303082fce07344e5aa9bf8e23377385f9a7f7f6b0b32b835183f8c8e43d535b36b45ecdd8daf3664ed7b3166ad10a889c38a5d06a3f806ba4949372555efe4ee749c353060f1a33a020ef3b8efe68f629ca657046c09129a7994f5cbe86c8a380bd57273a8c58eeb8d8cf46a736fc4fb92b8498a99ed8be8c50cb7d180baaf08be0d5fa65bbec7d322081e6a1e4bb16ae79ab3cf0fbfb514ba296cd5cdc055638cfad04be82e0ee13784c5d62334200ce05cce6fbecf04c1ad1005baec360fe060281084b312ddf4cdc407a0f5b9d2a55dd4da73962f69edb648089d52d380b195d86b187b765eb1c3a08b650a5c31579f6a45f698962f55247f217b586d5b27db8cf65febf4fa06e441cd8dfeaa195d819f7db4da5b78262acfd6e3ff633f068ece6ee69a7b0567e9980ab9e46e970cc80efa95252a03600fa4fb587c6a37f473cc254ab58ecd92898402969482374b15dad276b1c0c232f562ed9ea6068d23b61eb3a2da1b6dbeff07d1d4fa8426c0c325e873499d300b77d6b079b7531543e98e10821a5c9a3dee6ea9a8dc2d51fa957925135149defcb4e69bc064d5190a72abd4d9b31f0203010001a381e63081e330320603551d1f042b30293027a025a0238621687474703a2f2f7777772e656475726f616d2e73692f656475726f616d2e63726c30130603551d25040c300a06082b0601050507030130818c0603551d11048184308181820d6f726c652e61726e65732e7369820e6f726c65312e61726e65732e7369820e6f726c65322e61726e65732e7369820e6f726c65332e61726e65732e73698704c1021282871020011470800000aa00000000000000028704c1021283871020011470800000aa0000000000000003871020011470800000aa000000000000003330090603551d1304023000300d06092a864886f70d01010b050003820201006e04a20fd7dc6636d8dc0cbddb63aaa89ad83ef6c2266d88711350c93c2b8deb6b727e0fe142a63a809c7042b9dd163de9d3cf4d809de974f48901285d261d6ba15e8677b16c300a5108b7767810a8df15fe685c967bb8123cde5272d6fb96373bb037b42f81ac5a8b080605e5ede8e3705333f19cdcbe809b10ff6ca26f9c9e8570a2534d5d4f21bd01012208469230aa202b57f84ab63dce5e1ad518b1801d4d3d3b8c278c3827da2b16d1eb67329772f63ac3fdcf38c181e0a75a220578404a1f7fb035c638b102f5a860f60ab74e44d65a04bbf00fbd6ead8c3c37c34dc2e736bb4b8f47b2a62ba587892cd5d901f104fcef1a87f4b3fe3cc79423cc470feb3312b4a4108b2256713c7a8742db25e03296d0fa6652c499cddd8ec38c04cff4775faee2d68c798ee9b35802f6148930ff49de5eb30f9b6f8d9d9f1d0525a27ac2b5112f57ec505ff547b997fed12c37f97a2826366ca9881fc70fc252f205ef097d98b33386b22cf8ecc409aed331651109308946216784091fb511cecd43da5a641dff5a41f0e221286dede829408f6a19a44ccbae69efedfe1592b8cf67e38a9c2aec5885e1b326d970f9c83cc8a4147c08fd556beaf08136a5d3c0ecd09513579d5977056aabffee5389b58450176bb3091b91b56917c58b676886e931489bd9b6ec6544866aa38b4d803d4b7bc296d332ede3a9baeaaa7abf3b3e6c63
<3>CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:orle.arnes.si
<3>CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:orle1.arnes.si
<3>CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:orle2.arnes.si
<3>CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:orle3.arnes.si
<3>CTRL-EVENT-EAP-STATUS status='remote certificate verification' parameter='success'
<3>CTRL-EVENT-EAP-STATUS status='completion' parameter='failure'
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed
<3>CTRL-EVENT-DISCONNECTED bssid=2c:44:fd:4b:e7:80 reason=6
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=2 duration=23 reason=AUTH_FAILED
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS

What is interesting to me are these three lines of code where it somehow verifies certificate:

<3>CTRL-EVENT-EAP-STATUS status='remote certificate verification' parameter='success'

and fails right after:

<3>CTRL-EVENT-EAP-STATUS status='completion' parameter='failure'
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed

Any ideas?

Last edited by 71GA (2016-10-10 05:50:30)

Alad · 2016-10-10 11:13:06

I'm not sure; the few similar cases I've found suggest changing either the eap or phase1/phase2 parameters. I'd file a daily complaint to the local IT departement (with the information above) until it gets fixed...

Last edited by Alad (2016-10-10 11:23:48)

71GA · 2016-10-19 11:04:26

Alad wrote:

I'm not sure; the few similar cases I've found suggest changing either the eap or phase1/phase2 parameters. I'd file a daily complaint to the local IT departement (with the information above) until it gets fixed...

I contacted our administrator end we figured out that he accidently deleted my account and didn't inform me about the changes. Now my eduroam is working perfectly this is the configuration file:

ctrl_interface=/var/run/wpa_supplicant
update_config=1

network={
    ssid="eduroam"
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP TKIP
    eap=TTLS
    ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/certifikati/eduroam.pem"
    identity="**********@sckr.si"
    domain_suffix_match="orle.arnes.si"
    phase2="auth=PAP"
    password="**********"
    anonymous_identity="anonymous@sckr.si"
}

The procedure I described to write your own wpa_supplicant configuration file should work for all eduroam users. But before I start wpa_supplicant I usualy execute commands below to set everything ready for connecting - pay attention that wpa_supplicant musn't already run and that dhcpcd must be running in the background when you start wpa_supplican't:

sudo killall wpa_supplicant
sudo dhcpcd -k
sudo dhcpcd wlp3s0 -k

When I start wpa_supplicant with this command:

sudo wpa_supplicant -B -i wlp3s0 -c ~/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/wpa_config.conf

I usually don't get an IP but I get the signal so now I use dhcpcd on my wireless card and I get the IP as well:

sudo dhcpcd wlp3s0

While wpa_supplicant now works my netctl profile still does not. If I include same options as in my wpa configuration file in the netctl configuration file and use this configuration file to try and connect, I get an error. This is the netctl configuration file:

Connection='wireless'
Interface=wlp3s0
Security='wpa-configsection' 
Description="eduroam network"
IP='dhcp'    
TimeoutWPA=30
WPAConfigSection=(  
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'pairwise=CCMP'
    'group=CCMP TKIP'
    'eap=TTLS'
    'ca_cert="/home/ziga/Dropbox/workspace/operacijski/archlinux/certifikati/eduroam.pem"'
    'identity="**********@sckr.si"'
    'domain_suffix_match="orle.arnes.si"'
    'phase2="auth=PAP"'
    'password="**********"'
    'anonymous_identity="anonymous@sckr.si"'
)

and this is the error and my debug attempt:

[ziga@ziga-laptop ~]$ sudo netctl start eduroam_w
Job for netctl@eduroam_w.service failed because the control process exited with error code.
See "systemctl status netctl@eduroam_w.service" and "journalctl -xe" for details.
[ziga@ziga-laptop ~]$ sudo systemctl status netctl@eduroam_w.service
● netctl@eduroam_w.service - Networking for netctl profile eduroam_w
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2016-10-19 12:57:29 CEST; 9s ago
     Docs: man:netctl.profile(5)
  Process: 26709 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 26709 (code=exited, status=1/FAILURE)

Oct 19 12:57:29 ziga-laptop systemd[1]: Starting Networking for netctl profile eduroam_w...
Oct 19 12:57:29 ziga-laptop network[26709]: Starting network profile 'eduroam_w'...
Oct 19 12:57:29 ziga-laptop network[26709]: The interface of network profile 'eduroam_w' is already up
Oct 19 12:57:29 ziga-laptop systemd[1]: netctl@eduroam_w.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:57:29 ziga-laptop systemd[1]: Failed to start Networking for netctl profile eduroam_w.
Oct 19 12:57:29 ziga-laptop systemd[1]: netctl@eduroam_w.service: Unit entered failed state.
Oct 19 12:57:29 ziga-laptop systemd[1]: netctl@eduroam_w.service: Failed with result 'exit-code'.
[ziga@ziga-laptop ~]$ sudo killall wpa_supplicant
wpa_supplicant: no process found
[ziga@ziga-laptop ~]$ sudo dhcpcd -k
dhcpcd not running
[ziga@ziga-laptop ~]$ sudo killall netctl
netctl: no process found
[ziga@ziga-laptop ~]$ sudo netctl stop-all
[ziga@ziga-laptop ~]$ sudo netctl start eduroam_w
Job for netctl@eduroam_w.service failed because the control process exited with error code.
See "systemctl status netctl@eduroam_w.service" and "journalctl -xe" for details.
[ziga@ziga-laptop ~]$ sudo systemctl status netctl@eduroam_w.service
● netctl@eduroam_w.service - Networking for netctl profile eduroam_w
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2016-10-19 12:59:01 CEST; 3s ago
     Docs: man:netctl.profile(5)
  Process: 28691 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 28691 (code=exited, status=1/FAILURE)

Oct 19 12:59:01 ziga-laptop systemd[1]: Starting Networking for netctl profile eduroam_w...
Oct 19 12:59:01 ziga-laptop network[28691]: Starting network profile 'eduroam_w'...
Oct 19 12:59:01 ziga-laptop network[28691]: The interface of network profile 'eduroam_w' is already up
Oct 19 12:59:01 ziga-laptop systemd[1]: netctl@eduroam_w.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 12:59:01 ziga-laptop systemd[1]: Failed to start Networking for netctl profile eduroam_w.
Oct 19 12:59:01 ziga-laptop systemd[1]: netctl@eduroam_w.service: Unit entered failed state.
Oct 19 12:59:01 ziga-laptop systemd[1]: netctl@eduroam_w.service: Failed with result 'exit-code'.

It is weird that netctl claims the interface is already running... Any ideas?

Alad · 2016-10-19 12:09:09

I contacted our administrator end we figured out that he accidently deleted my account and didn't inform me about the changes.

Heh, nice one.

For netctl, maybe try this section:

https://wiki.archlinux.org/index.php/Ne … ice_failed

71GA · 2016-10-19 12:25:37

Alad wrote:

I contacted our administrator end we figured out that he accidently deleted my account and didn't inform me about the changes.
Heh, nice one.
For netctl, maybe try this section:
https://wiki.archlinux.org/index.php/Ne … ice_failed

I did try this and netctl first strugles for a while (I can even see in my tray that I get a signal from router) and then fails:

[ziga@ziga-laptop ~]$ sudo ip link set wlp3s0 down
[ziga@ziga-laptop ~]$ ip addr 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether c4:85:08:3c:1a:59 brd ff:ff:ff:ff:ff:ff
[ziga@ziga-laptop ~]$ sudo netctl start eduroam_w
Job for netctl@eduroam_w.service failed because the control process exited with error code.
See "systemctl status netctl@eduroam_w.service" and "journalctl -xe" for details.
[ziga@ziga-laptop ~]$ sudo systemctl status netctl@eduroam_w.service
● netctl@eduroam_w.service - Networking for netctl profile eduroam_w
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2016-10-19 14:21:57 CEST; 11s ago
     Docs: man:netctl.profile(5)
  Process: 13327 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 13327 (code=exited, status=1/FAILURE)

Oct 19 14:21:24 ziga-laptop systemd[1]: Starting Networking for netctl profile eduroam_w...
Oct 19 14:21:24 ziga-laptop network[13327]: Starting network profile 'eduroam_w'...
Oct 19 14:21:56 ziga-laptop network[13327]: WPA association/authentication failed for interface 'wlp3s0'
Oct 19 14:21:57 ziga-laptop network[13327]: Failed to bring the network up for profile 'eduroam_w'
Oct 19 14:21:57 ziga-laptop systemd[1]: netctl@eduroam_w.service: Main process exited, code=exited, status=1/FAILURE
Oct 19 14:21:57 ziga-laptop systemd[1]: Failed to start Networking for netctl profile eduroam_w.
Oct 19 14:21:57 ziga-laptop systemd[1]: netctl@eduroam_w.service: Unit entered failed state.
Oct 19 14:21:57 ziga-laptop systemd[1]: netctl@eduroam_w.service: Failed with result 'exit-code'.
[ziga@ziga-laptop ~]$ sudo wpa_supplicant -B -i wlp3s0 -c ~/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/wpa_config.conf 
Successfully initialized wpa_supplicant

In what state does dhcpcd has to be at the time of executing:

sudo netctl start eduroam_w

?

Alad · 2016-10-19 12:56:42

Usually netctl should take care of dhcpcd by itself. Try stopping it beforehand.

Last edited by Alad (2016-10-19 12:56:47)

71GA · 2016-10-24 08:32:36

Alad wrote:

Usually netctl should take care of dhcpcd by itself. Try stopping it beforehand.

Ok so I first stopped dhcpcd with:

sudo dhcpcd -k
sudo dhcpcd wlp3s0 -k

and put my wireless card in a down state with:

sudo ip link set wlp3s0 down

and then I first opened dmesg with:

sudo dmesg -w

so that I could monitor what is going on... Now that I was ready I started the netctl profile with:

sudo netctl start eduroam_w

and it returned an error again:

Job for netctl@eduroam_w.service failed because the control process exited with error code.
See "systemctl status netctl@eduroam_w.service" and "journalctl -xe" for details.

while dmesg printed out this:

[12004.805463] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12004.812492] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12004.812585] iwlwifi 0000:03:00.0: Radio type=0x2-0x1-0x0
[12005.101437] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12005.108491] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12005.108587] iwlwifi 0000:03:00.0: Radio type=0x2-0x1-0x0
[12005.186759] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[12008.428812] wlp3s0: authenticate with 2c:44:fd:50:d2:40
[12008.431777] wlp3s0: send auth to 2c:44:fd:50:d2:40 (try 1/3)
[12008.448735] wlp3s0: authenticated
[12008.452029] wlp3s0: associate with 2c:44:fd:50:d2:40 (try 1/3)
[12008.453350] wlp3s0: RX AssocResp from 2c:44:fd:50:d2:40 (capab=0x411 status=0 aid=3)
[12008.456539] wlp3s0: associated
[12008.456618] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
[12011.558792] wlp3s0: deauthenticated from 2c:44:fd:50:d2:40 (Reason: 6=CLASS2_FRAME_FROM_NONAUTH_STA)
[12024.863333] wlp3s0: authenticate with 2c:44:fd:50:d2:40
[12024.865716] wlp3s0: send auth to 2c:44:fd:50:d2:40 (try 1/3)
[12024.935749] wlp3s0: authenticated
[12024.937677] wlp3s0: associate with 2c:44:fd:50:d2:40 (try 1/3)
[12024.939152] wlp3s0: RX AssocResp from 2c:44:fd:50:d2:40 (capab=0x411 status=0 aid=3)
[12024.943195] wlp3s0: associated
[12027.553713] wlp3s0: deauthenticated from 2c:44:fd:50:d2:40 (Reason: 6=CLASS2_FRAME_FROM_NONAUTH_STA)

If I use my working wpa supplicant directly with:

sudo wpa_supplicant -B -i wlp3s0 -c ~/Dropbox/workspace/operacijski/archlinux/wpa_supplicant/wpa_config.conf

I get this a bit different output on dmesg:

[12773.639460] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12773.646503] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12773.646594] iwlwifi 0000:03:00.0: Radio type=0x2-0x1-0x0
[12773.926309] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12773.933337] iwlwifi 0000:03:00.0: L1 Enabled - LTR Disabled
[12773.933432] iwlwifi 0000:03:00.0: Radio type=0x2-0x1-0x0
[12774.011829] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[12777.256816] wlp3s0: authenticate with 2c:44:fd:50:d2:40
[12777.260165] wlp3s0: send auth to 2c:44:fd:50:d2:40 (try 1/3)
[12777.327123] wlp3s0: authenticated
[12777.329782] wlp3s0: associate with 2c:44:fd:50:d2:40 (try 1/3)
[12777.331194] wlp3s0: RX AssocResp from 2c:44:fd:50:d2:40 (capab=0x411 status=0 aid=3)
[12777.335173] wlp3s0: associated
[12777.335282] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready

If I compare dmesg lines 12008.456618 and 12777.335282 I can see that here is a problem after the authentification has already suceeded... Any ideas?

Oh and I had to wait a whole weekend to continue debugging, because I have eduroam available only at work.

Last edited by 71GA (2016-10-24 08:33:51)

Arch Linux

#1 2015-09-15 10:44:00

Eduroam - transition from Wicd to netctl

#2 2015-10-21 11:34:10

Re: Eduroam - transition from Wicd to netctl

#3 2015-10-21 11:38:23

Re: Eduroam - transition from Wicd to netctl

#4 2015-10-21 11:39:25

Re: Eduroam - transition from Wicd to netctl

#5 2015-10-23 22:30:44

Re: Eduroam - transition from Wicd to netctl

#6 2015-11-05 14:19:58

Re: Eduroam - transition from Wicd to netctl

#7 2015-11-05 15:56:37

Re: Eduroam - transition from Wicd to netctl

#8 2015-11-05 16:10:36

Re: Eduroam - transition from Wicd to netctl

#9 2015-11-05 16:24:47

Re: Eduroam - transition from Wicd to netctl

#10 2016-10-10 05:46:49

Re: Eduroam - transition from Wicd to netctl

#11 2016-10-10 11:13:06

Re: Eduroam - transition from Wicd to netctl

#12 2016-10-19 11:04:26

Re: Eduroam - transition from Wicd to netctl

#13 2016-10-19 12:09:09

Re: Eduroam - transition from Wicd to netctl

#14 2016-10-19 12:25:37

Re: Eduroam - transition from Wicd to netctl

#15 2016-10-19 12:56:42

Re: Eduroam - transition from Wicd to netctl

#16 2016-10-24 08:32:36

Re: Eduroam - transition from Wicd to netctl

Board footer