You are not logged in.

#1 2017-03-20 21:06:48

angelo
Member
Registered: 2015-12-28
Posts: 38

[solved] eduroam connection troubles

I've been trying anything I could find to connect to eduroam, including various suggestions from other threads, with almost success.

The following netctl profile fails:

Interface=wlp58s0
Connection=wireless
Security='wpa-configsection'
ESSID=eduroam
IP=dhcp
TimeoutWPA=30
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'proto=WPA RSN'
    'identity="XXXXXX@ubc.ca"'
    'ca_cert="/usr/share/ca-certificates/trust-source/mozilla.trust.crt"'
    'password="XXXXXXX"'
    'phase2="auth=MSCHAPv2"'
)

with error

Job for netctl@wlp58s0\x2deduroam.wifi\x2dmenu.service failed because the control process exited with error code.
See "systemctl status "netctl@wlp58s0\\x2deduroam.wifi\\x2dmenu.service"" and "journalctl -xe" for details.

wpa_supplicant worked once, but most times goes into a loop of scanning and failing to connect with profile:

ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
ssid="eduroam"
proto=RSN
pairwise=CCMP
eap=PEAP
identity="XXXXXX@ubc.ca"
password="XXXXXXXX"
key_mgmt=WPA-EAP

On one occasion, it had the following seemingly successful output, but no connectivity:

# wpa_supplicant -c/tmp/w_s_eduroam -i wlp58s0 -D wext

Successfully initialized wpa_supplicant
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
wlp58s0: Trying to associate with d8:c7:c8:ac:64:a0 (SSID='eduroam' freq=2412 MHz)
ioctl[SIOCSIWFREQ]: Operation not supported
wlp58s0: Association request to the driver failed
wlp58s0: Associated with d8:c7:c8:ac:64:a0
wlp58s0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp58s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlp58s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlp58s0: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com' hash=ab70...
wlp58s0: CTRL-EVENT-EAP-PEER-CERT depth=3 subject='/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com' hash=ab70...
wlp58s0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA' hash=c991...
wlp58s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=US/O=Thawte, Inc./CN=Thawte SSL CA' hash=085...
wlp58s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=CA/ST=British Columbia/L=Vancouver/O=The University of British Columbia/CN=secure.wireless.ubc.ca' hash=d2c...
wlp58s0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:secure.wireless.ubc.ca
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlp58s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlp58s0: WPA: Key negotiation completed with d8:c7:c8:ac:64:a0 [PTK=CCMP GTK=CCMP]
wlp58s0: CTRL-EVENT-CONNECTED - Connection to d8:c7:c8:ac:64:a0 completed [id=0 id_str=]

At the time, wpa_cli was showing the following.

#sudo wpa_cli -i wlp58s0 status
bssid=d8:c7:...
freq=0
ssid=eduroam
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
address=30:52:...
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=25 (EAP-PEAP)
eap_tls_version=TLSv1
EAP TLS cipher=DHE-RSA-AES256-SHA
tls_session_reused=0
EAP-PEAPv0 Phase2 method=MSCHAPV2
eap_session_id=193c4...
uuid=e0978be5...

I confess, I have no idea what is going on. Are these two separate problems (netctl failure and wpa_supplicant failure)? or a single problem?

Last edited by angelo (2017-03-24 18:07:08)

Offline

#2 2017-03-23 12:13:07

parchd
Member
Registered: 2014-03-08
Posts: 421

Re: [solved] eduroam connection troubles

Change the ca_cert line to

ca_cert="/etc/ssl/certs/ca-certificates.crt"

and try again.
If this works, please confirm and mark as [Solved].

Offline

#3 2017-03-23 14:38:34

angelo
Member
Registered: 2015-12-28
Posts: 38

Re: [solved] eduroam connection troubles

Thanks for the suggestion.  Unfortunately, this is not sufficient to establish a connection.

% netctl stop-all
% netctl start wlp58s0-eduroam

Job for netctl@wlp58s0\x2deduroam.service failed because the control process exited with error code.
See "systemctl status "netctl@wlp58s0\\x2deduroam.service"" and "journalctl -xe" for details.

This error I've seen on many previous attempts, and find remarkably ambiguous.
"journalctl -xe" shows nothing related (just an older message about system clock change).

% netctl status wlp58s0-eduroam

● netctl@wlp58s0\x2deduroam.service - Networking for netctl profile wlp58s0-eduroam
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2017-03-23 07:20:27 PDT; 2min 6s ago
     Docs: man:netctl.profile(5)
  Process: 23657 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 23657 (code=exited, status=1/FAILURE)

Mar 23 07:19:54 skvader systemd[1]: Starting Networking for netctl profile wlp58s0-eduroam...
Mar 23 07:19:54 skvader network[23657]: Starting network profile 'wlp58s0-eduroam'...
Mar 23 07:20:26 skvader network[23657]: WPA association/authentication failed for interface 'wlp58s0'
Mar 23 07:20:27 skvader network[23657]: Failed to bring the network up for profile 'wlp58s0-eduroam'
Mar 23 07:20:27 skvader systemd[1]: netctl@wlp58s0\x2deduroam.service: Main process exited, code=exited, status=1/FAILURE
Mar 23 07:20:27 skvader systemd[1]: Failed to start Networking for netctl profile wlp58s0-eduroam.
Mar 23 07:20:27 skvader systemd[1]: netctl@wlp58s0\x2deduroam.service: Unit entered failed state.
Mar 23 07:20:27 skvader systemd[1]: netctl@wlp58s0\x2deduroam.service: Failed with result 'exit-code'.

% systemctl status "netctl@wlp58s0\\x2deduroam.service"

● netctl@wlp58s0\x2deduroam.service - Networking for netctl profile wlp58s0-eduroam
   Loaded: loaded (/usr/lib/systemd/system/netctl@.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2017-03-23 07:20:27 PDT; 2min 38s ago
     Docs: man:netctl.profile(5)
  Process: 23657 ExecStart=/usr/lib/network/network start %I (code=exited, status=1/FAILURE)
 Main PID: 23657 (code=exited, status=1/FAILURE)

Offline

#4 2017-03-23 15:03:32

parchd
Member
Registered: 2014-03-08
Posts: 421

Re: [solved] eduroam connection troubles

Change "MSCHAPv2" to "MSCHAPV2".

If that doesn't work, try "journalctl|grep wlp58" and see if you get more useful information. Post the output.

Also, did this ever work? I assumed this was something that worked before and now doesn't, but maybe you are only just setting it up?


Edit: Just re-read the original post and realised you have never had this working. Have you checked the settings are correct? https://cat.eduroam.org/ should direct you to the correct settings for your site.

Edit edit: I'd try getting rid of RSN in the proto part of the config, too. But getting the correct settings for your site should cover this.

Last edited by parchd (2017-03-23 15:15:04)

Offline

#5 2017-03-23 15:40:27

angelo
Member
Registered: 2015-12-28
Posts: 38

Re: [solved] eduroam connection troubles

Is there a connection between the netctl failure to connect and the wpa_supplicant result? wpa_supplicant below seems good, but there is no connectivity

...
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlp58s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlp58s0: WPA: Key negotiation completed with 00:1a:1e:e8:4b:a2 [PTK=CCMP GTK=CCMP]
wlp58s0: CTRL-EVENT-CONNECTED - Connection to 00:1a:1e:e8:4b:a2 completed [id=0 id_str=]

possible clue in the output of   %ip addr show wlp58s0:
with different network (non wpa):

17: wlp58s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 30:52:cb:81:1e:99 brd ff:ff:ff:ff:ff:ff
    inet 142.157.188.11/23 brd 142.157.189.255 scope global wlp58s0
       valid_lft forever preferred_lft forever
    inet6 fe80::3252:cbff:fe81:1e99/64 scope link 
       valid_lft forever preferred_lft forever

With wpa_supplicant running as above:

17: wlp58s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 30:52:cb:81:1e:99 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3252:cbff:fe81:1e99/64 scope link 
       valid_lft forever preferred_lft forever

Offline

#6 2017-03-23 15:43:41

angelo
Member
Registered: 2015-12-28
Posts: 38

Re: [solved] eduroam connection troubles

I'll try the suggestions above and report later today (GTG very soon).

This is just being set up.  I got it connecting to eduroam exactly once, and never worked regularly. the errors are not new, but now I'm trying to resolve this issue beyond trying variations on configuration files people used elsewhere.

Offline

#7 2017-03-23 19:32:07

angelo
Member
Registered: 2015-12-28
Posts: 38

Re: [solved] eduroam connection troubles

capitalizing MSCHAPv2 and removing RSN made no difference.  Alas, UBC is not on cat.eduroam.org, but I'll try some variations from other scripts found there.

output of "journalctl|grep wlp58" after "netctl start wlp58s0-eduroam":

Mar 23 12:16:14 skvader systemd[1]: Starting Networking for netctl profile wlp58s0-eduroam...
Mar 23 12:16:14 skvader network[534]: Starting network profile 'wlp58s0-eduroam'...
Mar 23 12:16:14 skvader kernel: IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready
Mar 23 12:16:31 skvader network[534]: WPA association/authentication failed for interface 'wlp58s0'
Mar 23 12:16:31 skvader network[534]: Failed to bring the network up for profile 'wlp58s0-eduroam'
Mar 23 12:16:31 skvader systemd[1]: netctl@wlp58s0\x2deduroam.service: Main process exited, code=exited, status=1/FAILURE
Mar 23 12:16:31 skvader systemd[1]: Failed to start Networking for netctl profile wlp58s0-eduroam.
Mar 23 12:16:31 skvader systemd[1]: netctl@wlp58s0\x2deduroam.service: Unit entered failed state.
Mar 23 12:16:31 skvader systemd[1]: netctl@wlp58s0\x2deduroam.service: Failed with result 'exit-code'.

I compare this with connecting to another network:

Mar 23 12:18:14 skvader systemd[1]: Starting Networking for netctl profile wlp58s0-mcgill.ca...
Mar 23 12:18:14 skvader network[1124]: Starting network profile 'wlp58s0-mcgill.ca'...
Mar 23 12:18:14 skvader kernel: IPv6: ADDRCONF(NETDEV_UP): wlp58s0: link is not ready
Mar 23 12:18:20 skvader kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlp58s0: link becomes ready
...

I do not know whether the lack of "link becomes ready" is part of the problem, or if at that time the process already failed.

Offline

#8 2017-03-24 08:10:43

parchd
Member
Registered: 2014-03-08
Posts: 421

Re: [solved] eduroam connection troubles

It looks like the settings are wrong, so you can't authenticate - just trying settings from other networks at random might work eventually, but it certainly isn't the best way to go about it.
Your institution has its settings here. It took 30 seconds to find that.

For one, proto should be WPA2.

Try this configuration :

Interface=wlp58s0
Connection=wireless
Security='wpa-configsection'
ESSID=eduroam
IP=dhcp
TimeoutWPA=60
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'proto=WPA2'
    'identity="angelo@ubc.ca"'
    'ca_cert="/etc/ssl/certs/ca-certificates.crt"'
    'password="hunter2"'
    'phase2="auth=MSCHAPV2"'

)

Offline

#9 2017-03-24 18:06:37

angelo
Member
Registered: 2015-12-28
Posts: 38

Re: [solved] eduroam connection troubles

This seems to work, thanks! I did go through that page in the past, but did not have the knowledge to format the information there to a configuraiton file, so started looking elsewhere.

parchd wrote:

Try this configuration :

Interface=wlp58s0
Connection=wireless
Security='wpa-configsection'
ESSID=eduroam
IP=dhcp
TimeoutWPA=60
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'proto=WPA2'
    'identity="angelo@ubc.ca"'
    'ca_cert="/etc/ssl/certs/ca-certificates.crt"'
    'password="hunter2"'
    'phase2="auth=MSCHAPV2"'

)

Offline

#10 2017-03-24 18:19:58

parchd
Member
Registered: 2014-03-08
Posts: 421

Re: [solved] eduroam connection troubles

Glad to have helped smile.

Offline

Board footer

Powered by FluxBB