You are not logged in.

#1 2016-05-18 09:10:57

hencus
Member
Registered: 2016-05-18
Posts: 3

Eduroam works everywhere else, not working with Wicd ("Bad Password")

I tried configuring eduroam with Wicd and encounter the "Bad Password" error that's been posted around for a while.

I know there are a lot of issues like this on the forum, but I'm not running a wrong configuration file as far as I know (see below),
I didn't forget disabling other wireless clients while testing this (Wicd was always my default), wicd with eduroam doesn't work on other locations
(I tried two other locations, same results.)

Running with the connman configuration works.
Running with wpa_supplicant works.

Running with Ubuntu 12.04LTS and following the instructions available here works too...

Arch Linux is up-to-date. Laptop is an AsusN550JV, marked as working in the Arch Linux wiki.

I talked to the university IT department, they say that the request, when connecting with wicd, doesn't even reach them, so I'm asking:
Is this a wicd-specific bug? Is someone else experiencing the same issue?

If you need any logs I'll provide them ASAP. I'll be looking into the solution myself and post the results if I find any.

Detailed explanation and configuration is below.

After running wicd-gtk and attempting to connect to eduroam I get the "Bad password error" in the gui and this in the command line:

Has notifications support True
Loading...
Connecting to daemon...
Connected.
displaytray True
Done loading.
refreshing...
ESSID : <hidden>
ESSID : eduroam
ESSID : MEFST.HR
ESSID : MEFST.HR
ESSID : eduroam
ESSID : MEFST.HR
ESSID : eduroam
ESSID : eduroam
ESSID : eduroam
ESSID : MEFST.HR
ESSID : MEFST.HR
ESSID : eduroam
setting encryption info...
/usr/share/wicd/gtk/gui.py:583: Warning: Source ID 52 was not found when attempting to remove it
  gobject.source_remove(self.update_cb)
ERROR:dbus.connection:Exception in handler for D-Bus signal:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 230, in maybe_handle_message
    self._handler(*args, **kwargs)
  File "/usr/share/wicd/gtk/gui.py", line 281, in handle_connection_results
    error(self.window, language[results], block=False)
KeyError: dbus.String(u'bad_pass')

eduroam configuration file looks like this (/etc/wicd/encryption/eduroam.conf) with
a valid certificate at /etc/ssl/certs/eduroam.pem:

name = eduroam mefst.hr
author = eduroam_installer_mefst.hr
version = 1
require identity *Identity password *Password
ctrl_interface=/var/run/wpa_supplicant

network={
    ssid="eduroam"
    scan_ssid=$_SCAN
    proto=WPA WPA2
    key_mgmt=WPA-EAP
    group=CCMP TKIP
    pairwise=CCMP TKIP
    eap=PEAP
    ca-cert=/etc/ssl/certs/eduroam.pem
    subject_match="freeradius.mefst.hr"
    phase2="auth=PAP"
    identity="$_IDENTITY"
    password="$_PASSWORD"
}

Connman configuration:

[service_eduroam]
Type=wifi
Name=eduroam
EAP=ttls
CaCertFile=/etc/ssl/certs/eduroam.pem
Phase2=PAP
Identity=<valid identity here>
Passphrase=<valid password>

Wpa supplicant is started using:
sudo wpa_supplicant -i wlp4s0 -c wpa_supplicant_example.conf
sudo dhcpcd wlp4s0

wpa_supplicant configuration:

ctrl_interface=/var/run/wpa_supplicant

network={
      ssid="eduroam"
      proto=WPA2 WPA
      key_mgmt=WPA-EAP
      pairwise=CCMP TKIP
      group=CCMP TKIP
      ca_cert="eduroam_mefst.hr_CA.pem"
      subject_match="freeradius.mefst.hr"
      identity="identity"
      eap=TTLS
      password="password"
      phase2="auth=PAP"

     }

Ubuntu configuration (Same as shown below):

eduroam%20voor%20Ubuntu-2.jpg

And the eduroam configuration description from the university:

SSID	eduroam
key-management	WPA-EAP (WPA2 i WPA)
crypto-communication	AES i TKIP
CA root certificate         ca.mefst.hr.der
name of the radius server freeradius.mefst.hr
EAP algorhytm EAP-TTLS
authentication PAP
username	[uid]@mefst.hr (pero@mefst.hr)

Last edited by hencus (2016-05-18 09:28:44)

Offline

#2 2016-05-18 10:37:46

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Eduroam works everywhere else, not working with Wicd ("Bad Password")

I haven't used wicd in a long time but if I remember correctly it generates a temporary wpa_supplicant config file which it them passes to wpa_supplicant. Try to grab that file while wicd is trying to connect and then use it to try to connect manually with wpa_supplicant.

If it works then you have established that wicd generates a valid configuration but then breaks somewhere after that, otherwise you may have to tweak the configuration profile for wicd.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#3 2016-05-18 11:04:42

hencus
Member
Registered: 2016-05-18
Posts: 3

Re: Eduroam works everywhere else, not working with Wicd ("Bad Password")

Indeed there are some configuration files that look like wpa_supplicant .conf files in /var/lib/wicd/configurations
but not the eduroam configuration.

I'll continue searching when I have the time.

Thanks for the tip.

Last edited by hencus (2016-05-18 11:06:03)

Offline

#4 2016-05-18 12:42:54

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Eduroam works everywhere else, not working with Wicd ("Bad Password")

Those should be the template files, you will want to look for temporary files. Try 'ps uxa | grep wpa_supplicant' while wicd is trying to connect to find out where the temporary configuration file is stored.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#5 2016-05-18 15:11:35

hencus
Member
Registered: 2016-05-18
Posts: 3

Re: Eduroam works everywhere else, not working with Wicd ("Bad Password")

OK running 'ps uxa | grep wpa_supplicant' with wicd trying to connect gets me to this:

 [troponim@sela ~]$ ps uxa | grep wpa_supplicantroot       416  0.4  0.0  43480  5948 ?        Ss   16:52   0:00 /usr/bin/wpa_supplicant -u
root       708  0.1  0.0  43476  3140 ?        SNs  16:53   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
root       799  0.1  0.0  43476  3104 ?        SNs  16:53   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
[troponim@sela ~]$ ps uxa | grep wpa_supplicant
root       416  0.4  0.0  43480  5948 ?        Ss   16:52   0:00 /usr/bin/wpa_supplicant -u
root       708  0.1  0.0  43476  3140 ?        SNs  16:53   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
root       799  0.1  0.0  43476  3104 ?        SNs  16:53   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
root      1185  0.0  0.0  43476  3196 ?        SNs  16:54   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
troponim  1214  0.0  0.0  10764  2304 pts/2    SN+  16:54   0:00 grep wpa_supplicant
[troponim@sela ~]$ ps uxa | grep wpa_supplicant
root       416  0.5  0.0  43480  5948 ?        Ss   16:52   0:00 /usr/bin/wpa_supplicant -u
root       708  0.1  0.0  43476  3140 ?        SNs  16:53   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
root       799  0.1  0.0  43476  3104 ?        SNs  16:53   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
root      1185  0.0  0.0  43476  3196 ?        SNs  16:54   0:00 wpa_supplicant -B -i wlp4s0 -c /var/lib/wicd/configurations/a02bb8434250 -Dwext
troponim  1228  0.0  0.0  10764  2244 pts/2    SN+  16:54   0:00 grep wpa_supplicant

So the config files are generated and loaded at /var/lib/wicd/configurations.  The ' a02bb8434250 ' file is 1 line long:

ap_scan=1

I'll try tweaking the configuration file and I'll try running wicd on Ubuntu (it's the only thing on hand, I'm trying to port something from Ubuntu) just to see if it works there with the same config file.
https://apps.ubuntu.com/cat/application … /wicd-gtk/

EDIT: Same result with Ubuntu: 1 line ' a02bb8434250 ' file.

EDIT2: OK this is silly, compare wpa_supplicant configuration:

ctrl_interface=/var/run/wpa_supplicant

network={
      ssid="eduroam"
      proto=WPA2 WPA
      key_mgmt=WPA-EAP
      pairwise=CCMP TKIP
      group=CCMP TKIP
      identity="identity"
      eap=TTLS
      password="password"
      phase2="auth=PAP"

     }

with the eduroam configuration that is not working(updated from opening post):

name = eduroam mefst.hr
author = eduroam_installer_mefst.hr
version = 1
require identity *Identity password *Password
ctrl_interface=/var/run/wpa_supplicant

network={
      ssid="eduroam"
      proto=WPA2 WPA
      key_mgmt=WPA-EAP
      pairwise=CCMP TKIP
      group=CCMP TKIP
      eap=TTLS
      identity="$_USERNAME"
      password="$_PASSWORD"
     }

Here's the last entry of /var/log/wicd/wicd.log :

2016/05/18 18:10:51 :: eduroam has no never connect value
2016/05/18 18:10:51 :: trying to automatically connect to...eduroam
2016/05/18 18:10:51 :: Connecting to wireless network eduroam
2016/05/18 18:10:52 :: Putting interface down
2016/05/18 18:10:52 :: Releasing DHCP leases...
2016/05/18 18:10:52 :: Setting false IP...
2016/05/18 18:10:52 :: Stopping wpa_supplicant
2016/05/18 18:10:52 :: Flushing the routing table...
2016/05/18 18:10:53 :: Putting interface up...
2016/05/18 18:10:55 :: Attempting to authenticate...
2016/05/18 18:10:56 :: connect result is failed
2016/05/18 18:10:56 :: exiting connection thread
2016/05/18 18:10:58 :: Sending connection attempt result bad_pass
2016/05/18 18:10:58 :: Autoconnecting...
2016/05/18 18:10:58 :: No wired connection present, attempting to autoconnect to wireless network

Since the configuration files are identical except for the parts required by wicd, it's got to be wicd, who fails to fetch the password or something and
then write the configuration file and start wpa_supplicant.

Might as well dig into the source code and see what causes KeyError: dbus.String(u'bad_pass'). I don't know when I'll have the time to do that though.

Last edited by hencus (2016-05-18 16:28:47)

Offline

#6 2016-05-18 17:08:05

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: Eduroam works everywhere else, not working with Wicd ("Bad Password")

You should take a look at how other wicd templates define where/how input fields are fetched/used, it's probably something simple that is borking the configuration.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

Board footer

Powered by FluxBB