2

Yesterday I updated my thinkpad with fedora 32 to a thinkpad with fedora 33. Soon I noticed something was amiss, I could no longer connect to eduroam. Eduroam uses WPA and WPA2 Enterprise and fedora 33 updated wpa_supplicant 2.9-3 to wpa_supplicant 2.9-6.

Other things of intrest:

journalctl -f gives this error a lot:

wpa_supplicant[969]: dbus: wpa_dbus_property_changed: no property SessionLength in object /fi/w1/wpa_supplicant1/Interfaces/0

and this warning:

<warn>  [1603972716.1890] device (wlp4s0): Deactivation failed: GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected.

While trying to connect to eduroam dmesg -wL says this:

[  234.221111] wlp4s0: authenticate with 20:a6:cd:91:52:90
[  234.231722] wlp4s0: send auth to 20:a6:cd:91:52:90 (try 1/3)
[  234.237706] wlp4s0: authenticated
[  234.240025] wlp4s0: associate with 20:a6:cd:91:52:90 (try 1/3)
[  234.241312] wlp4s0: RX AssocResp from 20:a6:cd:91:52:90 (capab=0x411 status=0 aid=1)
[  234.242458] wlp4s0: associated
[  235.139929] wlp4s0: deauthenticated from 20:a6:cd:91:52:90 (Reason: 23=IEEE8021X_FAILED)

I have tried googling a lot of these errors bur I have not found a sollution yet.

Other things I tried:

  • Downgrade wpa_supplicant to a previous version. (didn't do anything)
  • Downgrade fedora back to 32 (it couldn't).
  • Submit a bug to bugzilla.
  • Cry

I am a networking noob so if I missed something obvious please be kind .-.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
PDek
  • 23
  • 1
  • 3
  • Just wondering, if you start over again with the [eduroam installer](https://cat.eduroam.org/), do you have better luck? Maybe some config file somewhere needs to be rewritten/updated? – rickhg12hs Oct 30 '20 at 20:35

1 Answers1

3

I don't use eduroam, but 802.1x problems apply to you as well, I believe. Look for this:

Oct 30 17:17:42 gandalf.lightspeed.com.sg wpa_supplicant[953]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
Oct 30 17:17:42 gandalf.lightspeed.com.sg wpa_supplicant[953]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Oct 30 17:17:43 gandalf.lightspeed.com.sg wpa_supplicant[953]: wlp4s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed

If so, the fix is found here: https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 - this will allow TLS1.0 connections. Meraki and other broken radius servers still insist on SSLv3/TLS1.0, but asking your network admin to fix will take a long time. From the command line, type the line below, then reboot your ThinkPad -

update-crypto-policies --set DEFAULT:FEDORA32

Lightspeed Technologies
  • 46
  • 3