You are not logged in.

Pages: 1

#1 2023-01-16 03:33:06

Hammer41
Member
Registered: 2021-09-13
Posts: 8

iwd fails to work with PEAP-MSCHAPV2

Hi everyone, I recently switched to from wpa_supplicant to iwd. It fails to work with my school wifi anyhow.

I typed password by hand via `iwctl`.

#/var/lib/iwd/FSUSecure.8021x
[Security]
EAP-Method=PEAP
EAP-Identity=anonymous
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=myusername

[Setting]
AutoConnect=true

Error:

PEAP: Tunnel has disconnected with alert: decrypt_error
src/netdev.c:netdev_mlme_notify() MLME notification Control Port TX Status(139)
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
EAP completed with eapFail
4-Way handshake failed for ifindex: 8, reason: 23

Full logs:

[root@mymachine anonymous]# /usr/lib/iwd/iwd -d
Wireless daemon version 2.1
src/main.c:main() Using configuration directory /etc/iwd
Loaded configuration from /etc/iwd/main.conf
src/storage.c:storage_create_dirs() Using state directory /var/lib/iwd
src/main.c:nl80211_appeared() Found nl80211 interface
src/module.c:iwd_modules_init()
station: Network configuration is disabled.
src/wsc.c:wsc_init()
src/eap.c:__eap_method_enable()
src/eap-wsc.c:eap_wsc_init()
src/eap-pwd.c:eap_pwd_init()
src/eap-gtc.c:eap_gtc_init()
src/eap-peap.c:eap_peap_init()
src/eap-aka.c:eap_aka_prime_init()
src/eap-aka.c:eap_aka_init()
src/eap-sim.c:eap_sim_init()
src/eap-mschapv2.c:eap_mschapv2_init()
src/eap-ttls.c:eap_ttls_init()
src/eap-tls.c:eap_tls_init()
src/eap-md5.c:eap_md5_init()
rfkill id 0 can't be matched to a wiphy
src/manager.c:manager_wiphy_dump_callback() New wiphy phy0 added (0)
src/manager.c:manager_wiphy_dump_done()
src/manager.c:manager_filtered_wiphy_dump_done()
Wiphy: 0, Name: phy0
	Permanent Address: 8c:1d:96:b5:8a:6a
	2.4Ghz Band:
		Bitrates (non-HT):
			 1.0 Mbps
			 2.0 Mbps
			 5.5 Mbps
			11.0 Mbps
			 6.0 Mbps
			 9.0 Mbps
			12.0 Mbps
			18.0 Mbps
			24.0 Mbps
			36.0 Mbps
			48.0 Mbps
			54.0 Mbps
		HT Capabilities:
			HT40
			Short GI for 20Mhz
			Short GI for 40Mhz
		HT RX MCS indexes:
			0-15
		HE Capabilities
			Interface Types: ap
			Max HE RX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 80MHz MCS: 0-11 for NSS: 2
			Interface Types: station
			Max HE RX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 80MHz MCS: 0-11 for NSS: 2
	5Ghz Band:
		Bitrates (non-HT):
			 6.0 Mbps
			 9.0 Mbps
			12.0 Mbps
			18.0 Mbps
			24.0 Mbps
			36.0 Mbps
			48.0 Mbps
			54.0 Mbps
		HT Capabilities:
			HT40
			Short GI for 20Mhz
			Short GI for 40Mhz
		HT RX MCS indexes:
			0-15
		VHT Capabilities:
			160 Mhz operation
			Short GI for 80Mhz
			Short GI for 160 and 80 + 80 Mhz
			Max RX MCS: 0-9 for NSS: 2
			Max TX MCS: 0-9 for NSS: 2
		HE Capabilities
			Interface Types: ap
			Max HE RX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 80MHz MCS: 0-11 for NSS: 2
			Interface Types: station
			Max HE RX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE RX <= 160MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 160MHz MCS: 0-11 for NSS: 2
	6GHz Band:
		Bitrates (non-HT):
			 6.0 Mbps
			 9.0 Mbps
			12.0 Mbps
			18.0 Mbps
			24.0 Mbps
			36.0 Mbps
			48.0 Mbps
			54.0 Mbps
		HE Capabilities
			Interface Types: ap
			Max HE RX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 80MHz MCS: 0-11 for NSS: 2
			Interface Types: station
			Max HE RX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 80MHz MCS: 0-11 for NSS: 2
			Max HE RX <= 160MHz MCS: 0-11 for NSS: 2
			Max HE TX <= 160MHz MCS: 0-11 for NSS: 2
	Ciphers: BIP-GMAC-256 BIP-GMAC-128 GCMP-256 GCMP-128
		 BIP-CMAC-128 CCMP-128 TKIP
	Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
src/agent.c:agent_register() agent register called
src/agent.c:agent_register() agent :1.84 path /agent/2297
src/manager.c:manager_interface_dump_done()
src/manager.c:manager_create_interfaces() creating wlan0
src/manager.c:manager_create_interfaces() creating wlan0-p2p
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for phy0 is 00
src/manager.c:manager_config_notify() Notification of command New Interface(7)
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/manager.c:manager_new_station_interface_cb()
src/netdev.c:netdev_create_from_genl() Created interface wlan0[8 c]
src/manager.c:manager_config_notify() Notification of command New Interface(7)
src/manager.c:manager_new_p2p_interface_cb()
src/p2p.c:p2p_device_update_from_genl() Created P2P device d
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/wiphy.c:wiphy_reg_notify() Notification of command Wiphy Reg Change(113)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for phy0 is XX
src/netdev.c:netdev_set_4addr() netdev: 8 use_4addr: 0
src/netdev.c:netdev_initial_up_cb() Interface 8 initialized
src/station.c:station_enter_state() Old State: disconnected, new state: autoconnect_quick
src/station.c:station_quick_scan_trigger() regdom is updating, delaying quick scan
src/rrm.c:rrm_add_frame_watches()
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/wiphy.c:wiphy_radio_work_insert() Inserting work item 1
src/wiphy.c:wiphy_radio_work_next() Starting work item 1
src/manager.c:manager_config_notify() Notification of command Set Interface(6)
src/scan.c:scan_notify() Scan notification Trigger Scan(33)
src/scan.c:scan_request_triggered() Active scan triggered for wdev c
src/station.c:station_quick_scan_triggered() Quick scan triggered for wlan0
src/scan.c:scan_notify() Scan notification New Scan Results(34)
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_done() get_scan_done
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:02' with SSID: eduroam, freq: 2437, rank: 492, strength: -4900, data_rate: 72.2
src/station.c:station_add_seen_bss() Added new Network "eduroam" security 8021x
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:01' with SSID: FSUGuest, freq: 2437, rank: 492, strength: -5300, data_rate: 72.2
src/station.c:station_add_seen_bss() Added new Network "FSUGuest" security open
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:00' with SSID: FSUSecure, freq: 2437, rank: 492, strength: -5300, data_rate: 72.2
src/station.c:station_add_seen_bss() Added new Network "FSUSecure" security 8021x
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:c2' with SSID: eduroam, freq: 2437, rank: 49, strength: -8100, data_rate: 7.2
src/station.c:station_autoconnect_start()
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUSecure
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:00' freq: 2437, rank: 492, strength: -5300
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: Required key not available (-126)
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: eduroam
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:02' freq: 2437, rank: 492, strength: -4900
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUGuest
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:01' freq: 2437, rank: 492, strength: -5300
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
src/station.c:station_enter_state() Old State: autoconnect_quick, new state: autoconnect_full
src/scan.c:scan_periodic_start() Starting periodic scan for wdev c
src/wiphy.c:wiphy_radio_work_insert() Inserting work item 2
src/wiphy.c:wiphy_radio_work_done() Work item 1 done
src/wiphy.c:wiphy_radio_work_next() Starting work item 2
src/scan.c:scan_notify() Scan notification Trigger Scan(33)
src/scan.c:scan_request_triggered() Passive scan triggered for wdev c
src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev c
src/network.c:network_connect()
src/network.c:network_connect_8021x()
src/network.c:network_connect_8021x() supplied 0 secrets, 1 more needed for EAP
src/agent.c:agent_request_user_password() agent 0x55ac01213a20 owner :1.84 path /agent/2297
src/agent.c:agent_send_next_request() send request to :1.84 /agent/2297
src/scan.c:scan_notify() Scan notification New Scan Results(34)
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_done() get_scan_done
src/scan.c:scan_periodic_rearm() Arming periodic scan timer: 10
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:12' with SSID: eduroam, freq: 5300, rank: 2046, strength: -6100, data_rate: 300.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:11' with SSID: FSUGuest, freq: 5300, rank: 2046, strength: -6100, data_rate: 300.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:10' with SSID: FSUSecure, freq: 5300, rank: 2046, strength: -6100, data_rate: 300.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:b2' with SSID: eduroam, freq: 5680, rank: 1227, strength: -6700, data_rate: 180.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:b1' with SSID: FSUGuest, freq: 5680, rank: 1227, strength: -6700, data_rate: 180.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:b0' with SSID: FSUSecure, freq: 5680, rank: 1227, strength: -6700, data_rate: 180.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:02' with SSID: eduroam, freq: 2437, rank: 492, strength: -5800, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:01' with SSID: FSUGuest, freq: 2437, rank: 492, strength: -6000, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:00' with SSID: FSUSecure, freq: 2437, rank: 492, strength: -6100, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:a1' with SSID: FSUGuest, freq: 2412, rank: 295, strength: -6700, data_rate: 43.3
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:a0' with SSID: FSUSecure, freq: 2412, rank: 295, strength: -6700, data_rate: 43.3
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:81:4d:82' with SSID: eduroam, freq: 2412, rank: 147, strength: -7700, data_rate: 21.7
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:c2' with SSID: eduroam, freq: 2437, rank: 49, strength: -8100, data_rate: 7.2
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:92:52' with SSID: eduroam, freq: 5805, rank: 13, strength: -8900, data_rate: 2.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:92:50' with SSID: FSUSecure, freq: 5805, rank: 13, strength: -8900, data_rate: 2.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:92:51' with SSID: FSUGuest, freq: 5805, rank: 13, strength: -9000, data_rate: 2.0
src/station.c:station_autoconnect_start()
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUSecure
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:10' freq: 5300, rank: 2046, strength: -6100
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: Operation already in progress (-114)
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: eduroam
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:12' freq: 5300, rank: 2046, strength: -6100
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUGuest
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:11' freq: 5300, rank: 2046, strength: -6100
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
src/wiphy.c:wiphy_radio_work_done() Work item 2 done
src/agent.c:agent_receive_reply() agent 0x55ac01213a20 request id 23
src/network.c:eap_secret_done() result 0
src/network.c:network_connect_8021x()
src/network.c:network_connect_8021x() supplied 1 secrets, 0 more needed for EAP
src/netdev.c:netdev_cqm_rssi_update()
src/wiphy.c:wiphy_radio_work_insert() Inserting work item 3
src/wiphy.c:wiphy_radio_work_next() Starting work item 3
src/station.c:__station_connect_network() connecting to BSS b4:5d:50:e4:93:10
src/station.c:station_enter_state() Old State: autoconnect_full, new state: connecting
src/scan.c:scan_periodic_stop() Stopping periodic scan for wdev c
src/netdev.c:netdev_mlme_notify() MLME notification New Station(19)
src/station.c:station_netdev_event() Associating
src/netdev.c:netdev_mlme_notify() MLME notification Authenticate(37)
src/netdev.c:netdev_authenticate_event()
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
src/netdev.c:netdev_mlme_notify() MLME notification Associate(38)
src/netdev.c:netdev_associate_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
src/netdev.c:netdev_connect_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_get_oci_cb() Obtained OCI: freq: 5300, width: 2, center1: 5310, center2: 0
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_mlme_notify() MLME notification Control Port TX Status(139)
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
src/storage.c:storage_eap_tls_cache_load() No session cache loaded from /var/lib/iwd/.eap-tls-session-cache, starting with an empty cache
src/netdev.c:netdev_mlme_notify() MLME notification Notify CQM(64)
src/netdev.c:netdev_cqm_event() Signal change event (above=1 signal=-56)
src/netdev.c:netdev_mlme_notify() MLME notification Control Port TX Status(139)
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
src/netdev.c:netdev_mlme_notify() MLME notification Control Port TX Status(139)
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
src/netdev.c:netdev_mlme_notify() MLME notification Control Port TX Status(139)
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
PEAP: Tunnel has disconnected with alert: decrypt_error
src/netdev.c:netdev_mlme_notify() MLME notification Control Port TX Status(139)
src/netdev.c:netdev_unicast_notify() Unicast notification Control Port Frame(129)
src/netdev.c:netdev_control_port_frame_event()
EAP completed with eapFail
4-Way handshake failed for ifindex: 8, reason: 23
src/wiphy.c:wiphy_radio_work_done() Work item 3 done
src/netdev.c:netdev_mlme_notify() MLME notification Del Station(20)
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_mlme_notify() MLME notification Deauthenticate(39)
src/netdev.c:netdev_deauthenticate_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48)
src/netdev.c:netdev_disconnect_event()
src/station.c:station_connect_cb() 8, result: 3
src/station.c:station_reset_connection_state() 8
src/station.c:station_roam_state_clear() 8
src/station.c:station_enter_state() Old State: connecting, new state: disconnected
src/station.c:station_enter_state() Old State: disconnected, new state: autoconnect_quick
src/wiphy.c:wiphy_radio_work_insert() Inserting work item 4
src/wiphy.c:wiphy_radio_work_next() Starting work item 4
src/scan.c:scan_notify() Scan notification Trigger Scan(33)
src/scan.c:scan_request_triggered() Active scan triggered for wdev c
src/station.c:station_quick_scan_triggered() Quick scan triggered for wlan0
src/scan.c:scan_notify() Scan notification New Scan Results(34)
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_callback() get_scan_callback
src/scan.c:get_scan_done() get_scan_done
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:12' with SSID: eduroam, freq: 5300, rank: 2046, strength: -5700, data_rate: 300.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:11' with SSID: FSUGuest, freq: 5300, rank: 2046, strength: -5700, data_rate: 300.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:10' with SSID: FSUSecure, freq: 5300, rank: 2046, strength: -5800, data_rate: 300.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:b2' with SSID: eduroam, freq: 5680, rank: 818, strength: -6900, data_rate: 120.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:b1' with SSID: FSUGuest, freq: 5680, rank: 818, strength: -6900, data_rate: 120.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:b0' with SSID: FSUSecure, freq: 5680, rank: 818, strength: -6900, data_rate: 120.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:02' with SSID: eduroam, freq: 2437, rank: 492, strength: -5500, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:01' with SSID: FSUGuest, freq: 2437, rank: 492, strength: -5500, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:93:00' with SSID: FSUSecure, freq: 2437, rank: 492, strength: -5500, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:a2' with SSID: eduroam, freq: 2412, rank: 492, strength: -5900, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:a1' with SSID: FSUGuest, freq: 2412, rank: 492, strength: -6100, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:a0' with SSID: FSUSecure, freq: 2412, rank: 492, strength: -6100, data_rate: 72.2
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:81:4d:81' with SSID: FSUGuest, freq: 2412, rank: 197, strength: -7400, data_rate: 28.9
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:81:4d:80' with SSID: FSUSecure, freq: 2412, rank: 147, strength: -7500, data_rate: 21.7
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:81:4d:82' with SSID: eduroam, freq: 2412, rank: 147, strength: -7600, data_rate: 21.7
src/station.c:station_add_seen_bss() Processing BSS '10:0d:7f:99:8b:f8' with SSID: , freq: 2462, rank: 98, strength: -7900, data_rate: 14.4
src/station.c:station_add_seen_bss() BSS has hidden SSID
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:92:52' with SSID: eduroam, freq: 5805, rank: 13, strength: -8500, data_rate: 2.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:92:51' with SSID: FSUGuest, freq: 5805, rank: 13, strength: -8500, data_rate: 2.0
src/station.c:station_add_seen_bss() Processing BSS 'b4:5d:50:e4:92:50' with SSID: FSUSecure, freq: 5805, rank: 13, strength: -8500, data_rate: 2.0
src/station.c:station_add_seen_bss() Processing BSS '44:48:c1:80:de:c2' with SSID: eduroam, freq: 2437, rank: 49, strength: -8100, data_rate: 7.2
src/station.c:station_autoconnect_start()
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUSecure
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:10' freq: 5300, rank: 2046, strength: -5800
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: Required key not available (-126)
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: eduroam
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:12' freq: 5300, rank: 2046, strength: -5700
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUGuest
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:11' freq: 5300, rank: 2046, strength: -5700
src/station.c:station_autoconnect_next() autoconnect: network_autoconnect: No such file or directory (-2)
src/station.c:station_enter_state() Old State: autoconnect_quick, new state: autoconnect_full
src/scan.c:scan_periodic_start() Starting periodic scan for wdev c
src/wiphy.c:wiphy_radio_work_insert() Inserting work item 5
src/wiphy.c:wiphy_radio_work_done() Work item 4 done
src/wiphy.c:wiphy_radio_work_next() Starting work item 5
src/scan.c:scan_notify() Scan notification Trigger Scan(33)
src/scan.c:scan_request_triggered() Passive scan triggered for wdev c
src/scan.c:scan_periodic_triggered() Periodic scan triggered for wdev c
^CTerminate
src/agent.c:release_agent() send Release to :1.84 /agent/2297
src/agent.c:agent_free() agent free 0x55ac01213a20
src/netdev.c:netdev_free() Freeing netdev wlan0[8]
src/device.c:device_free()
src/station.c:station_free()
src/scan.c:scan_periodic_stop() Stopping periodic scan for wdev c
src/scan.c:scan_cancel() Trying to cancel scan id 5 for wdev c
src/scan.c:scan_cancel() Scan has been triggered, wait for it to complete
src/station.c:station_roam_state_clear() 8
Removing scan context for wdev c
src/scan.c:scan_context_free() sc: 0x55ac0121cb30
src/wiphy.c:wiphy_radio_work_done() Work item 5 done
src/netdev.c:netdev_link_notify() event 16 on ifindex 8
src/scan.c:scan_retry_pending()
src/module.c:iwd_modules_exit()
src/eap.c:__eap_method_disable()
src/eap-wsc.c:eap_wsc_exit()
src/eap-pwd.c:eap_pwd_exit()
src/eap-gtc.c:eap_gtc_exit()
src/eap-peap.c:eap_peap_exit()
src/eap-aka.c:eap_aka_prime_exit()
src/eap-aka.c:eap_aka_exit()
src/eap-sim.c:eap_sim_exit()
src/eap-mschapv2.c:eap_mschapv2_exit()
src/eap-ttls.c:eap_ttls_exit()
src/eap-tls.c:eap_tls_exit()
src/eap-md5.c:eap_md5_exit()
src/offchannel.c:offchannel_exit()
src/dpp.c:dpp_exit()
Removing scan context for wdev d
src/scan.c:scan_context_free() sc: 0x55ac0121a910
src/wsc.c:wsc_exit()
src/wiphy.c:wiphy_free() Freeing wiphy phy0[0]
D-Bus disconnected, quitting...

But when I include CACert and ServerDomainMask in the .8021x config file, I receive bad_certificate error. (My school's certificate expired, I think)

Appreciate for your generous help!

Last edited by Hammer41 (2023-01-16 03:36:16)

Offline

#2 2023-01-16 09:34:34

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,403

Re: iwd fails to work with PEAP-MSCHAPV2

I recently switched to from wpa_supplicant to iwd

Why and does wpa_supplicant still work? (And on what config)
Does https://wiki.archlinux.org/title/Iwd#EAP-PWD work?

My school's certificate expired, I think

Get an updated cert?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Online

#3 2023-01-16 18:02:49

Hammer41
Member
Registered: 2021-09-13
Posts: 8

Re: iwd fails to work with PEAP-MSCHAPV2

Hi seth. Both standalone wpa_supplicant and networkmanager+wpa_supplicant works for me.

wpa_supplicant:

network={
  ssid="FSUSecure"
  key_mgmt=WPA-EAP
  eap=PEAP
  phase2="autheap=MSCHAPV2"
  identity="myusername"
  password="mypassword"
  priority=1
}

Accompanied log:

[root@archinpocket anonymous]# wpa_supplicant -Dnl80211 -iwlan0 -c wpa.conf
Successfully initialized wpa_supplicant
wlan0: CTRL-EVENT-REGDOM-CHANGE init=DRIVER type=WORLD
wlan0: SME: Trying to authenticate with b4:5d:50:e4:93:10 (SSID='FSUSecure' freq=5300 MHz)
wlan0: Trying to associate with b4:5d:50:e4:93:10 (SSID='FSUSecure' freq=5300 MHz)
wlan0: Associated with b4:5d:50:e4:93:10
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo ECC Organization Validation Secure Server CA' hash=3457106752400212903a3545ca3b2ef384a456972bd951d8d840c1b0a379efa1
wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=Florida/O=Florida State University/CN=fsu-wireless-auth-ecc.its.fsu.edu' hash=ae9257336123c7c2c1141e6d2eb0b67b98de1555bd454c239778915cf0a71927
wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:fsu-wireless-auth-ecc.its.fsu.edu
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
wlan0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
wlan0: PMKSA-CACHE-ADDED b4:5d:50:e4:93:10 0
wlan0: WPA: Key negotiation completed with b4:5d:50:e4:93:10 [PTK=CCMP GTK=CCMP]
wlan0: CTRL-EVENT-CONNECTED - Connection to b4:5d:50:e4:93:10 completed [id=0 id_str=]

networkmanager+wpa_supplicant:

#/etc/NetworkManager/system-connections/FSUSecure.nmconnection
[connection]
id=FSUSecure
uuid=6b5b7fb4-de5f-43e8-a8e2-3c8e2f62e26d
type=wifi
permissions=user:anonymous:;

[wifi]
mode=infrastructure
ssid=FSUSecure

[wifi-security]
key-mgmt=wpa-eap

[802-1x]
domain-suffix-match=fsu-wireless-auth-ecc.its.fsu.edu
eap=peap;
identity=myusername
password-flags=1
phase2-auth=mschapv2

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

I also did the networkmanager configuration conversion as described in https://iwd.wiki.kernel.org/networkmanager, but it also doesn't work.
-----

seth wrote:

No it doesn't work. I got:

EAP server tried method 25 while client was configured for method 52

-----

seth wrote:

Get an updated cert?

I don't think so. On iOS I have to manually trust the certificate, and on android to select not verify certificate

Last edited by Hammer41 (2023-01-16 18:13:37)

Offline

#4 2023-01-16 18:32:18

Cbhihe
Member
Registered: 2017-04-09
Posts: 244

Re: iwd fails to work with PEAP-MSCHAPV2

What is your NIC name? as well as the name of the SSID you want to connect to ?

If the answers are not "phy0" and "FSUSecure", please show us the output of:

iwctl
[iwd]# device list
[iwd]# station your_device scan
[iwd]# station your_device get-networks

Last edited by Cbhihe (2023-01-16 21:46:05)

I like strawberries, therefore I'm not a bot.

Offline

#5 2023-01-16 18:45:29

Hammer41
Member
Registered: 2021-09-13
Posts: 8

Re: iwd fails to work with PEAP-MSCHAPV2

Cbhihe wrote:

What is your NIC name? as weel as the name of the SSID you want to connect to ?

If the answers are not "phy0" and "FSUSecure", please show us the output of:

iwctl
[iwd]# device list
[iwd]# station your_device scan
[iwd]# station your_device get-networks

Hi Cbhihe. I don't see any roles played by NIC name and SSID in this problem. Here is the output:

[iwd]# device list
                                    Devices
--------------------------------------------------------------------------------
  Name                  Address               Powered     Adapter     Mode
--------------------------------------------------------------------------------
  wlan0                 8c:1d:96:b5:8a:6a     on          phy0        station

[iwd]# station wlan0 scan
[iwd]# station wlan0 get-networks
                               Available networks                             *
--------------------------------------------------------------------------------
      Network name                      Security            Signal
--------------------------------------------------------------------------------
      FSUSecure                         8021x               ****
      FSUGuest                          open                ****
      eduroam                           8021x               ****

Last edited by Hammer41 (2023-01-16 18:46:26)

Offline

#6 2023-01-16 19:21:09

progandy
Member
Registered: 2012-05-17
Posts: 5,318

Re: iwd fails to work with PEAP-MSCHAPV2

Your wpa_supplicant configuration does not include an anonymous identity.
If your username looks like an email-address, then try to use the domain part in your anonymous identity as well. The error message does not indicate that this could be the problem, but you never know what software they have running.

EAP-Identity=anonymous@realm.example
EAP-PEAP-Phase2-Identity=myusername@realm.example

If that does not work, try to use your real identity for both. wpa_supplicant falls back to use the real identity if no anonymous one is provided.

Last edited by progandy (2023-01-16 19:23:51)

| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |

Offline

#7 2023-01-16 19:34:46

Hammer41
Member
Registered: 2021-09-13
Posts: 8

Re: iwd fails to work with PEAP-MSCHAPV2

progandy wrote:

Your wpa_supplicant configuration does not include an anonymous identity.
If your username looks like an email-address, then try to use the domain part in your anonymous identity as well. The error message does not indicate that this could be the problem, but you never know what software they have running.

EAP-Identity=anonymous@realm.example
EAP-PEAP-Phase2-Identity=myusername@realm.example

If that does not work, try to use your real identity for both. wpa_supplicant falls back to use the real identity if no anonymous one is provided.

Hi progandy, I tried every possible combination of EAP-Identity and EAP-PEAP-Phase2-Identity, (realname or anonymous) [@realm.example]. None of them work. I think 4-Way handshake failed for ifindex: 8, reason: 23 already prove it's a connection problem

Offline

#8 2023-01-16 21:57:05

Cbhihe
Member
Registered: 2017-04-09
Posts: 244

Re: iwd fails to work with PEAP-MSCHAPV2

Hammer41 wrote:

I don't see any roles played by NIC name and SSID in this problem. Here is the output:

[iwd]# device list
                                    Devices
--------------------------------------------------------------------------------
  Name                  Address               Powered     Adapter     Mode
--------------------------------------------------------------------------------
  wlan0                 8c:1d:96:b5:8a:6a     on          phy0        station

[iwd]# station wlan0 scan
[iwd]# station wlan0 get-networks
                               Available networks                             *
--------------------------------------------------------------------------------
      Network name                      Security            Signal
--------------------------------------------------------------------------------
      FSUSecure                         8021x               ****
      FSUGuest                          open                ****
      eduroam                           8021x               ****

I just wanted to be absolutely certain that your SSID was the correct one (and it is). The way to check that "in a vacuum", i.e. in the absence of any other way to raise a connection, is to issue the commands I mentioned, as you did. The result you got confirm what information you gave in relation to wpa_supplicant and NetworkManager. Tomorrow, I will check that your FSUSecure.8021x profile is correctly formed with complete settings. One question though:  Is there any reason for not wanting to hard-code your hashed password inside your iwd profile file ?

Last edited by Cbhihe (2023-01-16 21:57:36)

I like strawberries, therefore I'm not a bot.

Offline

#9 2023-01-16 23:28:19

Hammer41
Member
Registered: 2021-09-13
Posts: 8

Re: iwd fails to work with PEAP-MSCHAPV2

One question though:  Is there any reason for not wanting to hard-code your hashed password inside your iwd profile file ?

That's for debug consideration. I commented out the password and type it manually in order not to print the same log many times (iwd repeatedly try to connect and then fail. smile

Last edited by Hammer41 (2023-01-16 23:29:57)

Offline

#10 2023-01-17 08:42:42

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,403

Re: iwd fails to work with PEAP-MSCHAPV2

4-Way handshake failed for ifindex: 8, reason: 23 already prove it's an

… authentication problem and the error is pretty generic.

The more interesting token is

PEAP: Tunnel has disconnected with alert: decrypt_error

See whether https://wiki.archlinux.org/title/Iwd#Ve … _debugging extracts more info about the problem.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Online

#11 2023-01-17 08:50:20

Cbhihe
Member
Registered: 2017-04-09
Posts: 244

Re: iwd fails to work with PEAP-MSCHAPV2

Your /var/lib/iwd/FSUSecure.8021x iwd profile is:

[Security]
EAP-Method=PEAP
EAP-Identity=anonymous
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=myusername

[Setting]
AutoConnect=true

I don't know what the standard connection protocol is in terms of PEAP identity at Florida State,  but following @progandy's comment in #6, I would try sticking to "EAP-Identity=myusername" in the [Security] block, and also add /var/lib/iwd/main.conf:

# cat /var/lib/iwd/main.conf
[General]
EnableNetworkConfiguration=true

Can you experiment with that and let us know how/if things go wrong with the corresponding log ? Go Gators.

Last edited by Cbhihe (2023-01-17 08:54:30)

I like strawberries, therefore I'm not a bot.

Offline

#12 2023-01-17 15:17:29

Hammer41
Member
Registered: 2021-09-13
Posts: 8

Re: iwd fails to work with PEAP-MSCHAPV2

seth wrote:

See whether https://wiki.archlinux.org/title/Iwd#Ve … _debugging extracts more info about the problem.

iwd still tried to verify the certificate:

[root@archinpocket iwd-cert]# IWD_TLS_DEBUG=TRUE IWD_WSC_DEBUG_KEYS=1 /usr/lib/iwd/iwd
Wireless daemon version 2.1
Loaded configuration from /etc/iwd/main.conf
rfkill id 0 can't be matched to a wiphy
Wiphy: 0, Name: phy0
	......
PEAP: tls_tx_handshake:1256 Sending a TLS_CLIENT_HELLO of 140 bytes
PEAP: l_tls_start:3621 New state TLS_HANDSHAKE_WAIT_HELLO
PEAP: tls_handle_handshake:3085 Handling a TLS_SERVER_HELLO of 77 bytes
PEAP: tls_handle_server_hello:2431 Negotiated TLS 1.2
PEAP: tls_handle_server_hello:2467 Negotiated TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
PEAP: tls_handle_server_hello:2478 Negotiated CompressionMethod.null
PEAP: tls_handle_server_hello:2504 New state TLS_HANDSHAKE_WAIT_CERTIFICATE
PEAP: tls_handle_handshake:3085 Handling a TLS_CERTIFICATE of 2346 bytes
PEAP: tls_handle_certificate:2574 Peer certchain written to /tmp/iwd-tls-debug-server-cert.pem
PEAP: tls_handle_certificate:2678 New state TLS_HANDSHAKE_WAIT_KEY_EXCHANGE
PEAP: tls_handle_handshake:3085 Handling a TLS_SERVER_KEY_EXCHANGE of 144 bytes
PEAP: tls_handle_handshake:3183 New state TLS_HANDSHAKE_WAIT_HELLO_DONE
PEAP: tls_handle_ecdhe_server_key_xchg:621 Negotiated secp256r1
PEAP: tls_ecdsa_verify:326 Disconnect desc=decrypt_error local-desc=close_notify reason=Peer signature verification failed
PEAP: tls_send_alert:1187 Sending a Fatal Alert: decrypt_error
PEAP: tls_reset_handshake:208 New state TLS_HANDSHAKE_WAIT_START
PEAP: Tunnel has disconnected with alert: decrypt_error
EAP completed with eapFail
PEAP: tls_reset_handshake:208 New state TLS_HANDSHAKE_WAIT_START
PEAP: tls_reset_handshake:208 New state TLS_HANDSHAKE_WAIT_START
4-Way handshake failed for ifindex: 23, reason: 23
^CTerminate
Removing scan context for wdev 2b
Removing scan context for wdev 2c
D-Bus disconnected, quitting...

/tmp/iwd-tls-debug-server-cert.pem contains two consecutive certificates. I also dumped all the packets by iwmon --write /path/to/file.pcap, and downloaded two crt files mentioned in file.pcap. Converted to pem and put in the same .pem file. It also doesn't help.
-----

Cbhihe wrote:
# cat /var/lib/iwd/main.conf
[General]
EnableNetworkConfiguration=true

Can you experiment with that and let us know how/if things go wrong with the corresponding log ? Go Gators.

Thanks for your investigations, Cbhihe. I have that file and it still doesn't work.

Offline

#13 2023-01-17 15:40:17

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,403

Re: iwd fails to work with PEAP-MSCHAPV2

What if you explicitly set

EAP-TLS-CACert=
EAP-TTLS-CACert=
EAP-PEAP-CACert=

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Online

#14 2023-01-17 16:21:24

Hammer41
Member
Registered: 2021-09-13
Posts: 8

Re: iwd fails to work with PEAP-MSCHAPV2

seth wrote:

What if you explicitly set

EAP-TLS-CACert=
EAP-TTLS-CACert=
EAP-PEAP-CACert=

EAP-PEAP-CACert= gives

src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUSecure
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:10' freq: 5300, rank: 2046, strength: -5700
Failed to load

EAP-PEAP-CACert=; gives

src/station.c:station_autoconnect_next() autoconnect: Trying SSID: FSUSecure
src/station.c:station_autoconnect_next() autoconnect: 'b4:5d:50:e4:93:10' freq: 5300, rank: 2046, strength: -5700
Failed to load ;

Offline

Pages: 1

Board footer

Powered by FluxBB