wpa_supplicant says network is disabled

Question

When trying to connect to a network (specifically a WPA2 enterprise network for a university) with wpa_supplicant on Gentoo Linux, the network is shown as disabled when the flag is not set.

My wpa_supplicant.conf :

ctrl_interface=/var/run/wpa_supplicant

network={
    ssid="TheNetwork"
    eap=PEAP
    identity="redacted"
    password="redacted"
    ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
    ca_path="/etc/ssl/certs/"
    phase1="peapver=0"
    phase2="auth=MSCHAPV2"
}

network={
    ssid="Another network that works"
    key_mgmt=NONE
    disabled=1 # This is obviously not normally disabled
}

network={
    ssid="Yet another working network"
    psk="redacted"
    disabled=1 # Likewise
}

Output of sudo wpa_supplicant -iwlp3s0 -c/etc/wpa_supplicant/wpa_supplicant.conf -d, with repetitive lines removed:

wpa_supplicant v2.6
random: Trying to read entropy from /dev/random
Successfully initialized wpa_supplicant
Initializing interface 'wlp3s0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'default' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
    Priority group 0
   id=0 ssid='TheNetwork'
   id=1 ssid='Another network that works'
   id=2 ssid='Yet another working network'
nl80211: Supported cipher 00-0f-ac:1
...
nl80211: Supported cipher 00-0f-ac:9
nl80211: Using driver-based off-channel TX
nl80211: Driver-advertised extended capabilities (default) - hexdump(len=8): 00 00 00 00 00 00 00 40
nl80211: Driver-advertised extended capabilities mask (default) - hexdump(len=8): 00 00 00 00 00 00 00 40
nl80211: interface wlp3s0 in phy phy0
nl80211: Set mode ifindex 4 iftype 2 (STATION)
nl80211: Subscribe to mgmt frames with non-AP handle 0x55701974e5f0
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x55701974e5f0 match=0104
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x55701974e5f0 match=040a
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x55701974e5f0 match=040b
...
rfkill: initial event: idx=1 type=1 op=0 soft=0 hard=0
netlink: Operstate: ifindex=4 linkmode=1 (userspace-control), operstate=5 (IF_OPER_DORMANT)
Add interface wlp3s0 to a new radio phy0
nl80211: Regulatory information - country=US (DFS-FCC)
nl80211: 2402-2472 @ 40 MHz 30 mBm
nl80211: 5170-5250 @ 80 MHz 23 mBm
nl80211: 5250-5330 @ 80 MHz 23 mBm (DFS)
nl80211: 5490-5730 @ 160 MHz 23 mBm (DFS)
nl80211: 5735-5835 @ 80 MHz 30 mBm
nl80211: 57240-63720 @ 2160 MHz 40 mBm
nl80211: Added 802.11b mode based on 802.11g information
wlp3s0: Own MAC address: [redacted]
wpa_driver_nl80211_set_key: ifindex=4 (wlp3s0) alg=0 addr=(nil) key_idx=0 set_tx=0 seq_len=0 key_len=0
...
wpa_driver_nl80211_set_key: ifindex=4 (wlp3s0) alg=0 addr=(nil) key_idx=5 set_tx=0 seq_len=0 key_len=0
wlp3s0: RSN: flushing PMKID list in the driver
nl80211: Flush PMKIDs
wlp3s0: No enabled networks (3 disabled networks)
wlp3s0: State: DISCONNECTED -> INACTIVE
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
nl80211: Skip set_supp_port(unauthorized) while not associated
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
Using existing control interface directory.
ctrl_iface bind(PF_UNIX) failed: Address already in use
ctrl_iface exists, but does not allow connections - assuming it was leftover from forced program termination
Successfully replaced leftover ctrl_iface socket '/var/run/wpa_supplicant/wlp3s0'
wlp3s0: Added interface wlp3s0
wlp3s0: State: INACTIVE -> DISCONNECTED
nl80211: Set wlp3s0 operstate 0->0 (DORMANT)
netlink: Operstate: ifindex=4 linkmode=-1 (no change), operstate=5 (IF_OPER_DORMANT)
random: Got 20/20 bytes from /dev/random
EAPOL: disable timer tick

What sticks out to me is the line wlp3s0: No enabled networks (3 disabled networks). This appears despite the fact that there are clearly only two disabled networks. Further evidence that the first network is being disabled despite the lack of a disabled=1 flag is that when running the wpa_supplement command with the other two networks enabled, a scan is performed and output, but all relevant APs are skipped as "disabled", "SSID mismatch", and "SSID mismatch", even though the SSIDs clearly do match. When running wpa_supplicant with the other two networks removed, the line wlp3s0: No enabled networks (1 disabled networks) appears.

What in the configuration is causing this to occur?

Answer 1

When you declare a network block in wpa_supplicant.conf, the default value for key_mgmt is WPA-PSK IEEE8021X (config.c sets to DEFAULT_KEY_MGMT, definition of DEFAULT_KEY_MGMT). Later on, when checking if a network is “disabled”, one of the checks is for whether the block has key_mgmt=WPA-PSK but does not have psk= set.

Thus, there are two issues with your network block.

1. wpa_supplicant will not even attempt to do PEAP authentication because you do not have key_mgmt=WPA-EAP. I was unable to test this myself, but you mentioned that setting this helped in the comments.

2. Since you are using the default value key_mgmt=WPA-PSK IEEE8021X, your block will be considered disabled because you have not set psk. Obviously, this second issue is not really something you care about because you intend to use PEAP ;-).

Based on wpa_supplicant-2.6.