1

I'm looking for help trying to connect to my work's wifi. I'm currently on Kubuntu 18.04 and cannot connect to my work's WPA2 enterprise wifi on my laptop but my android phone works just fine. The android settings are EAP method PEAP, Phase 2 authentication none, no CA certificate. I don't think the issue is specific to Kubuntu though.

Here's what I've done so far. I've disabled network-manager and have been using wpa_supplicant as root for testing various configurations in the /etc/wpa_supplicant.conf file. I can connect to my home wifi just fine using this method so the card and driver work.

When I scan my work's wifi using:

ip link set wlp3s0 up
iw wlp3s0 scan

I get the following output:

ERP: <no flags>
RSN: *Version: 1
 *Group cipher: TKIP
 *Pairwise ciphers: CCMP
 *Authentication suites: IEEE 802.1X
 *Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
WPA: *Version 1
 *Group cipher: TKIP
 *Pairwise ciphers: TKIP
 *Authentication suites: IEEE 802.1X

So I've tried a number of different configuration parameters to try to get it to work. Here is my /etc/wpa_supplicant.conf file

ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=root
update_config=1

network={
        ssid="MYWORK"
        scan_ssid=1
        proto=RSN #Have also tried WPA here, as well as leaving blank
        key_mgmt=WPA-EAP #Have also tried IEEE8021X here as well as leaving blank
        pairwise=CCMP #when trying proto=WPA, changed this to TKIP, have also left blank before
        group=TKIP #have tried leaving blank
        eap=PEAP #have tried leaving blank
        phase1="peaplabel=auto tls_disable_tlsv1_2=1" #tried this after reading another article on this site where some people's work's wifis were not tls 1.2. Neither blank nor disabled works.
        phase2="autheap=MSCHAPV2" #have tried leaving this out
        identity="MYID"
        password="MYPASSWORD"
}

I've tried a number of combinations of the above to no avail. Here is the output from wpa_supplicant -Dnl80211 -i wlp3s0 -c /etc/wpa_supplicant.conf when I tried first with key_mgmt=WPA-EAP:

Successfully initialized wpa_supplicant
wlp3s0: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX (SSID='MYWORK' freq=2462 MHz)
wlp3s0: Trying to associate with XX:XX:XX:XX:XX:XX (SSID='MYWORK' freq=2462 MHz)
wlp3s0: Associated with XX:XX:XX:XX:XX:XX
wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp3s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlp3s0: CTRL-EVENT-DISCONNECTED bssid=00:0b:86:0a:b8:c1 reason=3
wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="MWORK" auth_failures=1 duration=10 reason=AUTH_FAILED
nl80211: deinit ifname=p2p-dev-wlp3s0 disabled_11b_rates=0
p2p-dev-wlp3s0: CTRL-EVENT-TERMINATING 
nl80211: deinit ifname=wlp3s0 disabled_11b_rates=0
wlp3s0: CTRL-EVENT-TERMINATING

When trying with key-mgmt=IEEE8021X the output is a little different:

Successfully initialized wpa_supplicant
wlp3s0: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX (SSID='MYWORK' freq=2462 MHz)
wlp3s0: Trying to associate with XX:XX:XX:XX:XX:XX (SSID='MWORK' freq=2462 MHz)
wlp3s0: CTRL-EVENT-ASSOC-REJECT bssid=XX:XX:XX:XX:XX:XX status_code=10
wlp3s0: SME: Deauth request to the driver failed

I have also tried using the -Dwext driver but didn't work either.

Any ideas what I'm missing or things I should try? Is there a compatibility mode that both windows and android are using that linux isn't by default? I was not given any certificates nor do i need to specify them on either windows or android for it to connect. I appreciate any help!

FrostedCookies
  • 111
  • 2
  • Have you tried `key_mgmt=IEEE8021X` ? – Rui F Ribeiro Jul 11 '18 at 17:56
  • Thanks for the suggestion. Yeah I did and it didn't work. The output is listed in the last code box. It seems like it works less well. – FrostedCookies Jul 11 '18 at 19:49
  • Btw, in your previous log the error seems to be because of wrong password. – Rui F Ribeiro Jul 11 '18 at 19:51
  • Well I think that's part of the problem. My password is definitely correct. I've triple checked it and it's the same one that works on Windows and Android. Somehow the password is getting transmitted in a wrong fashion or encryption perhaps so it's not registering correctly. Is there a different method of transmitting it or encrypting it? My understanding from reading is that's the purpose of the phase 2 tunnel and perhaps there's an issue there? – FrostedCookies Jul 11 '18 at 19:55
  • see this https://unix.stackexchange.com/questions/278946/hiding-passwords-in-wpa-supplicant-conf-with-wpa-eap-and-mschap-v2 – Rui F Ribeiro Jul 11 '18 at 20:01
  • Thank you for the link. So it looks like the user is asking how to avoid the passwd as plaintext. But it should still work with the password in plaintext in the config, right? At any rate, I tried generating a hash using `wpa_passphrase MYWORK MYPASSWORD` and using that instead. It also had an authentication error. That changed the `password="MYPASSWORD"` to `psk=`. I think the issue is with the authentication protocol. Perhaps I'm not somehow using the right one but there's no option for "none" like there is in android and I think it's defaulting to MSCHAPV2 there too. – FrostedCookies Jul 11 '18 at 21:51
  • I have since found that simply using Fedora distro version 29 (rawhide as of the date of this comment) solved the issue. Arch updated as of today also works immediately out-of-the-box. Ubuntu 18.04, 18.10, and even today's 19.04 snapshot do not work and I get the repeated error. I tried copying Fedora 29's NetworkManager .nmconnection file to Fedora 28 and Ubuntu and they didn't work. So it's not as simple as a configuration setting. – FrostedCookies Mar 15 '19 at 05:58

0 Answers0