Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
WPA2 PEAP wifi authentication problem
WPA2 PEAP wifi authentication problem
I am new to Debian and I am having a lot of trouble connecting to my school's WPA2 PEAP MSCHAPV2 wifi network.
I feel like I have tried everything including
Network Manager
Wicd
Connman
wpa_supplicant on its own
I have tried disabling TLSv1.2, setting system-ca-certs=false and a whole variety of wpa_supplicant.conf settings.
Wireshark packets show that the failure is on the client hello.
I dual boot with Windows and Windows connects immediately, so it is not hardware.
I've already spent about 30 hours on this and I'm beginning to think it's a Debian problem because none of the solutions that have worked for other people have worked for me. Can anyone help me please?
Relevant information below with full wpa_supplicant debug information and Wireshark packets provided here https://docs.google.com/document/d/1Haw ... ReGW0LiKg/.
Hardware: Intel® Dual Band Wireless-AC 8265 4.6+ iwlwifi-8265-ucode-22
OS: Linux version 4.9.0-6-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02)
Commands:
sudo wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant/wpa_supplicant.conf -Dnl80211 -f wpadebug.txt -dd
sudo wpa_cli -i wlp3s0 terminate
/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant
network={
identity="[REDACTED]"
anonymous_identity="[REDACTED]"
password="[REDACTED]"
ssid="ISM_STAFF"
key_mgmt=WPA-EAP
eap=PEAP
phase1="peapver=0"
phase2="auth=MSCHAPV2"
}
dmesg output:
[ 2423.351616] wlp3s0: authenticate with 70:3a:0e7e:92
[ 2423.359314] wlp3s0: send auth to 70:3a:0e7e:92 (try 1/3)
[ 2423.364283] wlp3s0: authenticated
[ 2423.368540] wlp3s0: associate with 70:3a:0e7e:92 (try 1/3)
[ 2423.369827] wlp3s0: RX AssocResp from 70:3a:0e7e:92 (capab=0x11 status=0 aid=1)
[ 2423.372468] wlp3s0: associated
[ 2423.384314] wlp3s0: deauthenticated from 70:3a:0e7e:92 (Reason: 3=DEAUTH_LEAVING)
[ 2442.901507] wlp3s0: authenticate with 70:3a:0e7e:92
[ 2442.908841] wlp3s0: send auth to 70:3a:0e7e:92 (try 1/3)
[ 2442.909632] wlp3s0: authenticated
[ 2442.912143] wlp3s0: associate with 70:3a:0e7e:92 (try 1/3)
[ 2442.913332] wlp3s0: RX AssocResp from 70:3a:0e7e:92 (capab=0x11 status=0 aid=1)
[ 2442.915699] wlp3s0: associated
[ 2442.927626] wlp3s0: deauthenticated from 70:3a:0e7e:92 (Reason: 3=DEAUTH_LEAVING)
[EDIT]
/var/log/daemon.log
ay 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: SME: Trying to authenticate with 70:3a:0e:df:3a:b2 (SSID='ISM_STAFF' freq=5260 MHz)
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: Trying to associate with 70:3a:0e:df:3a:b2 (SSID='ISM_STAFF' freq=5260 MHz)
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: Associated with 70:3a:0e:df:3a:b2
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=70:3a:0e:df:3a:b2 reason=3
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="ISM_STAFF" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="ISM_STAFF"
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: SME: Trying to authenticate with 70:3a:0e7e:92 (SSID='ISM_STAFF' freq=5500 MHz)
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: Trying to associate with 70:3a:0e7e:92 (SSID='ISM_STAFF' freq=5500 MHz)
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: Associated with 70:3a:0e7e:92
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=70:3a:0e7e:92 reason=3
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="ISM_STAFF" auth_failures=2 duration=23 reason=AUTH_FAILED
I feel like I have tried everything including
Network Manager
Wicd
Connman
wpa_supplicant on its own
I have tried disabling TLSv1.2, setting system-ca-certs=false and a whole variety of wpa_supplicant.conf settings.
Wireshark packets show that the failure is on the client hello.
I dual boot with Windows and Windows connects immediately, so it is not hardware.
I've already spent about 30 hours on this and I'm beginning to think it's a Debian problem because none of the solutions that have worked for other people have worked for me. Can anyone help me please?
Relevant information below with full wpa_supplicant debug information and Wireshark packets provided here https://docs.google.com/document/d/1Haw ... ReGW0LiKg/.
Hardware: Intel® Dual Band Wireless-AC 8265 4.6+ iwlwifi-8265-ucode-22
OS: Linux version 4.9.0-6-amd64 (debian-kernel@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02)
Commands:
sudo wpa_supplicant -B -i wlp3s0 -c /etc/wpa_supplicant/wpa_supplicant.conf -Dnl80211 -f wpadebug.txt -dd
sudo wpa_cli -i wlp3s0 terminate
/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant
network={
identity="[REDACTED]"
anonymous_identity="[REDACTED]"
password="[REDACTED]"
ssid="ISM_STAFF"
key_mgmt=WPA-EAP
eap=PEAP
phase1="peapver=0"
phase2="auth=MSCHAPV2"
}
dmesg output:
[ 2423.351616] wlp3s0: authenticate with 70:3a:0e7e:92
[ 2423.359314] wlp3s0: send auth to 70:3a:0e7e:92 (try 1/3)
[ 2423.364283] wlp3s0: authenticated
[ 2423.368540] wlp3s0: associate with 70:3a:0e7e:92 (try 1/3)
[ 2423.369827] wlp3s0: RX AssocResp from 70:3a:0e7e:92 (capab=0x11 status=0 aid=1)
[ 2423.372468] wlp3s0: associated
[ 2423.384314] wlp3s0: deauthenticated from 70:3a:0e7e:92 (Reason: 3=DEAUTH_LEAVING)
[ 2442.901507] wlp3s0: authenticate with 70:3a:0e7e:92
[ 2442.908841] wlp3s0: send auth to 70:3a:0e7e:92 (try 1/3)
[ 2442.909632] wlp3s0: authenticated
[ 2442.912143] wlp3s0: associate with 70:3a:0e7e:92 (try 1/3)
[ 2442.913332] wlp3s0: RX AssocResp from 70:3a:0e7e:92 (capab=0x11 status=0 aid=1)
[ 2442.915699] wlp3s0: associated
[ 2442.927626] wlp3s0: deauthenticated from 70:3a:0e7e:92 (Reason: 3=DEAUTH_LEAVING)
[EDIT]
/var/log/daemon.log
ay 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: SME: Trying to authenticate with 70:3a:0e:df:3a:b2 (SSID='ISM_STAFF' freq=5260 MHz)
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: Trying to associate with 70:3a:0e:df:3a:b2 (SSID='ISM_STAFF' freq=5260 MHz)
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: Associated with 70:3a:0e:df:3a:b2
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=70:3a:0e:df:3a:b2 reason=3
May 17 09:08:43 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="ISM_STAFF" auth_failures=1 duration=10 reason=AUTH_FAILED
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="ISM_STAFF"
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: SME: Trying to authenticate with 70:3a:0e7e:92 (SSID='ISM_STAFF' freq=5500 MHz)
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: Trying to associate with 70:3a:0e7e:92 (SSID='ISM_STAFF' freq=5500 MHz)
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: Associated with 70:3a:0e7e:92
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP authentication started
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=70:3a:0e7e:92 reason=3
May 17 09:08:56 debian wpa_supplicant[489]: wlp3s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="ISM_STAFF" auth_failures=2 duration=23 reason=AUTH_FAILED
Last edited by retrosnob on 2018-05-17 00:23, edited 1 time in total.
Re: WPA2 PEAP wifi authentication problem
Just in case you don't know, Network Manager and Wicd compete with each other so only one can be enabled. wpa-supplicant does the heavy lifting; all the GUIs are just for convenience. My favourite is wpagui.
It's very doubtful that its a Debian problem as such. It's more likely to be a configuration issue. Internet working is all about numbers which are universal regardless of OS.
WiFi How To Use From the Debian Wiki.
Setup wpa_gui and roaming on Debian I used this on a laptop and found it superior to the other GUIs. It takes a bit of getting used to.
It's very doubtful that its a Debian problem as such. It's more likely to be a configuration issue. Internet working is all about numbers which are universal regardless of OS.
WiFi How To Use From the Debian Wiki.
From here. This is an old thread but well worth studying.In general...
ifconfig to enable your wireless device
iwlist to list available wireless access points
iwconfig to configure your wireless connection
dhclient to get an IP address via dhcp
something like the following for an unsecured network
ifconfig wlan0 up to be sure the interface is up
iwlist wlan0 scan to scan for networks
iwconfig wlan0 essid mynetwork to set the network you want
dhclient -v wlan0 to request network information
ping -c 2 208.67.222.222 to see if you have a connection
ping -c 2 opendns.org to see if you have a name resolution
Setup wpa_gui and roaming on Debian I used this on a laptop and found it superior to the other GUIs. It takes a bit of getting used to.
Re: WPA2 PEAP wifi authentication problem
Thanks for this. I've already seen the Debian Wifi documentation. Neither Network Manager nor Wicd are installed any more so there can't be any conflicts. I've tried wpagui but unsurprisingly it just does exactly what wpa_supplicant does when I run it from the command line, ie it associates with the AP and then immediately disconnects and resumes scanning.
Like I said, I have spent a long time trying to fix this and tried every solution I've found. This isn't going to have a simple solution I'm afraid.
Like I said, I have spent a long time trying to fix this and tried every solution I've found. This isn't going to have a simple solution I'm afraid.
Re: WPA2 PEAP wifi authentication problem
In my experience, keep wpa_supplicant.conf so short you can, meaning add only those lines you absolutely need.
I had quite similar situatation when studying, but after graduating I had deleted my wpa_supplicant.conf for school's network, I thought I never need it anymore.
Dmesg shows just what you are telling, connection dropped soon after authetication. Config issue, like Bulkley said.
wpa_supplicant has -dd option, which is good for debugging.
I had quite similar situatation when studying, but after graduating I had deleted my wpa_supplicant.conf for school's network, I thought I never need it anymore.
Dmesg shows just what you are telling, connection dropped soon after authetication. Config issue, like Bulkley said.
wpa_supplicant has -dd option, which is good for debugging.
Re: WPA2 PEAP wifi authentication problem
Yes, you will notice that the details that I have given include the -dd debug output.
Re: WPA2 PEAP wifi authentication problem
Can't get to googledocs link without javascript, why don't you just code box the errors? Maybe it will jog somebody into helping.retrosnob wrote:Yes, you will notice that the details that I have given include the -dd debug output.
Yeah here again, where's the error msg? I agree that the best way is probably start with a bare minimum wpa_supplicat.conf and only add what is necessary.I have tried disabling TLSv1.2, setting system-ca-certs=false and a whole variety of wpa_supplicant.conf settings. Wireshark packets show that the failure is on the client hello.
Well, I can't say I never spent a lot of hours on wpa_supplicant, but that is disappointing. Without notes, it's hard to say what you should do without repeating the whole trial and error again.I've already spent about 30 hours on this
Actually, it doesn't look like an auth problem from the dmesg clip. It looks like a DEauth problem, but doesn't say how soon, and REASON=3 is never helpful. What about something in /var/log/daemon.log?
resigned by AI ChatGPT
Re: WPA2 PEAP wifi authentication problem
I appreciate your reply. There's not much more detail in the Google doc in fact unless you want to get into the hex of the network packets.
/var/log/daemon.log output now given in the original post.
This post looks very relevant, but I've tried this solution -> https://unix.stackexchange.com/question ... rprise-eap
I notice that in /usr/share/dbus-1/system-services I have
fi.epitest.hostap.WPASupplicant.service
fi.w1.wpa_supplicant1.service
Should I have both of these? Could this be something to do with it?
/var/log/daemon.log output now given in the original post.
This post looks very relevant, but I've tried this solution -> https://unix.stackexchange.com/question ... rprise-eap
I notice that in /usr/share/dbus-1/system-services I have
fi.epitest.hostap.WPASupplicant.service
fi.w1.wpa_supplicant1.service
Should I have both of these? Could this be something to do with it?
Re: WPA2 PEAP wifi authentication problem
Yes, both files are part of the wpa_supplicant pkg. No, I don;t think it has anything to do with it.
...
fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
Should I have both of these? Could this be something to do with it?
You said the googledocs link doesn't have anything but hex, but your first post says that is where your wpa_supplicant output is going, as a log when you use the -dd option (wpadebug.txt)? Or you could run it without -B and copy and paste the error that way.
...
There's not much more detail in the Google doc in fact unless you want to get into the hex of the network packets.
People on here probably can't help you without the error msgs from the wpa_supplicant and just trying random setups and solutions from the internet isn't really a practical way to solve the problem.
paste.debian.net is a free service, for posting info, works without javascript. The board has code boxes, why use an external link for posting the relevant info? Just code box the errors.
resigned by AI ChatGPT
Re: WPA2 PEAP wifi authentication problem
Thanks for your persistence. I don't know what you mean by code boxes, but I've pasted the wpa_supplicant -dd output here: http://paste.debian.net/1025188/. It's not too long.
The relevant bit seems to be right at the bottom:
TDLS: TDLS operation supported by driver
TDLS: Driver uses external link setup
TDLS: Driver supports TDLS channel switching
wlp3s0: WPS: UUID based on MAC address: c873c0f2-be8c-540f-96a3-8033f16910c4
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
nl80211: Skip set_supp_port(unauthorized) while not associated
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
wlp3s0: Added interface wlp3s0
wlp3s0: State: DISCONNECTED -> DISCONNECTED
nl80211: Set wlp3s0 operstate 0->0 (DORMANT)
netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=5 (IF_OPER_DORMANT)
nl80211: Create interface iftype 10 (P2P_DEVICE)
nl80211: New P2P Device interface p2p-dev-wlp3s0 (0x4) created
Initializing interface 'p2p-dev-wlp3s0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'nl80211' ctrl_interface '/run/wpa_supplicant' bridge 'N/A'
The relevant bit seems to be right at the bottom:
TDLS: TDLS operation supported by driver
TDLS: Driver uses external link setup
TDLS: Driver supports TDLS channel switching
wlp3s0: WPS: UUID based on MAC address: c873c0f2-be8c-540f-96a3-8033f16910c4
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
nl80211: Skip set_supp_port(unauthorized) while not associated
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
wlp3s0: Added interface wlp3s0
wlp3s0: State: DISCONNECTED -> DISCONNECTED
nl80211: Set wlp3s0 operstate 0->0 (DORMANT)
netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=5 (IF_OPER_DORMANT)
nl80211: Create interface iftype 10 (P2P_DEVICE)
nl80211: New P2P Device interface p2p-dev-wlp3s0 (0x4) created
Initializing interface 'p2p-dev-wlp3s0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'nl80211' ctrl_interface '/run/wpa_supplicant' bridge 'N/A'
Re: WPA2 PEAP wifi authentication problem
Yeah it is short. Just for kicks, I copied your .conf and used commandretrosnob wrote:Thanks for your persistence. I don't know what you mean by code boxes, but I've pasted the wpa_supplicant -dd output here: http://paste.debian.net/1025188/. It's not too long.
The relevant bit seems to be right at the bottom:
<snip>
# wpa_supplicant -i wlan0 -c ./wpa.conf -Dnl80211 -d
substituting my own AP here. I get a similar output, but after the netlink: msg the device starts scanning, and continues to do so for a very long time. Listing all the nearby ssid it finds and discards, etc. There was quite a lot of output, even with one -d in the command.
I did notice a msg about "random: Got 20/20 bytes from /dev/random" and I know there were some problems with entropy lately on a kernel. I'm using this:
Linux 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux
I wish I could help, but if it's a driver problem or a kernel problem I can't tell. Maybe some others will post when they have time, I hope there's enough info for a solution.
resigned by AI ChatGPT
Re: WPA2 PEAP wifi authentication problem
You are not alone. Try plugging debian WPA2 PEAP MSCHAPV2 into a search engine. (I use Startpage) My first hit was this: How to connect to WPA2/PEAP/MSCHAPv2 enterprise wifi networks that don't use a CA_Certificate, like Eduroam
Check this bug report: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 enterprise wifi networks without CA_Certificate, like Eduroam
And this: Setting up connection to WPA2 Enterprise (PEAP/MSCHAPv2) with two-level certificate
You have probably seen some of this. However a lot of users are having this problem and some of them are finding solutions.
Do you have any live-USB Linux distros available? It might help to see if one of them can connect and then dig in to see how it is configured.
Check this bug report: Network manager cannot connect to WPA2/PEAP/MSCHAPv2 enterprise wifi networks without CA_Certificate, like Eduroam
And this: Setting up connection to WPA2 Enterprise (PEAP/MSCHAPv2) with two-level certificate
You have probably seen some of this. However a lot of users are having this problem and some of them are finding solutions.
Do you have any live-USB Linux distros available? It might help to see if one of them can connect and then dig in to see how it is configured.
Re: WPA2 PEAP wifi authentication problem
That's a thought! I've seen all of these links of course. My situation is very like the Eduroam case. The best known solutions are setting system-ca-certs=false and disabling TLS v1.2, neither of which work for me. I haven't tried looking at another distro and that is a fair idea, although I don't really want to leave Debian. My other laptop -- Ubuntu -- connects fine with this network manager configuration. Needless to say I've tried it on Debian and it doesn't work.Try plugging debian WPA2 PEAP MSCHAPV2 into a search engine.
\\[connection]
id=ISM_STAFF
uuid=a0e41a60-5d0d-494a-8ce4-1af07bf7b57d
type=wifi
permissions=user:fred:;
secondaries=
timestamp=1502162851
[wifi]
mac-address=78:0C:B8:A1:77:D7
mac-address-blacklist=
mac-address-randomization=0
mode=infrastructure
seen-bssids=D8:C7:C8:72:31:FA;04:BD:88:3E:5B:92;B4:5D:50:34:74:72;D8:C7:C8:2C:55:62;04:BD:88:A3:B4:92;D8:C7:C8:2C:55:0A;04:BD:88:3E:5D:52;70:3A:0E:DE:7F:C2;04:BD:88:3E:5D:D3;04:BD:88:3E:68:22;04:BD:88:3E:5D:92;04:BD:88:3E:69:02;B4:5D:50:31:BC:52;04:BD:88:3E:6A:F2;70:3A:0E:DE:7E:92;70:3A:0E:19:AD:B2;D8:C7:C8:2D:8C:B2;D8:C7:C8:2C:54:D2;70:3A:0E:DF:3A:B2;70:3A:0E:DF:3B:32;D8:C7:C8:2D:97:DA;70:3A:0E:19:6D:12;04:BD:88:3E:5D:42;70:3A:0E:DF:3A:D2;D8:C7:C8:2C:93:72;00:24:6C:5B:83:A3;04:BD:88:3E:5D:C3;B4:5D:50:31:C0:C2;04:BD:88:3E:5D:82;D8:C7:C8:2C:52:C3;D8:C7:C8:72:31:F2;04:BD:88:3E:68:32;70:3A:0E:19:6B:72;D8:C7:C8:2C:55:02;70:3A:0E:DE:7E:82;04:BD:88:3E:6A:E2;04:BD:88:A3:D2:C2;D8:C7:C8:2C:93:7A;04:BD:88:A3:D2:82;04:BD:88:3E:69:32;18:64:72:6B:01:2A;D8:C7:C8:2C:52:CB;D8:C7:C8:2D:CB:53;04:BD:88:3E:68:72;00:24:6C:5B:6F:33;
ssid=ISM_STAFF
[wifi-security]
group=
key-mgmt=wpa-eap
pairwise=
proto=
[802-1x]
altsubject-matches=
eap=peap;
identity=USERNAME
password=PASSWORD
phase2-altsubject-matches=
phase2-auth=mschapv2
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto
Re: WPA2 PEAP wifi authentication problem
I don't want to chase you away but you might try MX Linux. It's based on Debian but with slightly newer bits. Which makes me wonder if age of software is an issue with your WPA2 PEAP server. Can you try the Debian Stable backport for a newer kernel and wpa-supplicant. Maybe there's a newer Network-Manager.I don't really want to leave Debian.
Re: WPA2 PEAP wifi authentication problem
MX Linux seems nice, but it has exactly the same problem with the WPA2 PEAP connection. Network manager just asks for the password over and over. I'm not sure what you mean about trying a new wpa_supplicant. I am using the most up-to-date network manager.
Thanks again for your attention to this.
Thanks again for your attention to this.
Re: WPA2 PEAP wifi authentication problem
As I write I am using a live cd of Bodhi Linux. I won't be long because I hate it. However.... we are connected to the WPA2 PEAP wifi network that was giving me so much trouble in Debian (and didn't work in MX Linux). Not that it really helps but here is the dmesg output from Bodhi:
[ 86.983524] wlp3s0: authenticate with 70:3a:0e7e:92
[ 87.027057] wlp3s0: send auth to 70:3a:0e7e:92 (try 1/3)
[ 87.033185] wlp3s0: authenticated
[ 87.036120] wlp3s0: associate with 70:3a:0e7e:92 (try 1/3)
[ 87.037190] wlp3s0: RX AssocResp from 70:3a:0e7e:92 (capab=0x11 status=0 aid=1)
[ 87.038903] wlp3s0: associated
[ 87.038927] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
[ 87.170687] wlp3s0: Limiting TX power to 26 (26 - 0) dBm as advertised by 70:3a:0e7e:92
The network manager config for the connection is:
[connection]
id=ISM_STAFF
uuid=cab7cc85-71ed-4e9c-acbc-ad1adacfc128
type=wifi
permissions=user:bodhi:;
secondaries=
[wifi]
mac-address=[MAC ADDRESS]
mac-address-blacklist=
mac-address-randomization=0
mode=infrastructure
seen-bssids=
ssid=ISM_STAFF
[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=
[802-1x]
altsubject-matches=
anonymous-identity=robertsonj
eap=peap;
identity=[IDENTITY]
password=[PASSWORD]
phase2-altsubject-matches=
phase2-auth=mschapv2
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
[ 86.983524] wlp3s0: authenticate with 70:3a:0e7e:92
[ 87.027057] wlp3s0: send auth to 70:3a:0e7e:92 (try 1/3)
[ 87.033185] wlp3s0: authenticated
[ 87.036120] wlp3s0: associate with 70:3a:0e7e:92 (try 1/3)
[ 87.037190] wlp3s0: RX AssocResp from 70:3a:0e7e:92 (capab=0x11 status=0 aid=1)
[ 87.038903] wlp3s0: associated
[ 87.038927] IPv6: ADDRCONF(NETDEV_CHANGE): wlp3s0: link becomes ready
[ 87.170687] wlp3s0: Limiting TX power to 26 (26 - 0) dBm as advertised by 70:3a:0e7e:92
The network manager config for the connection is:
[connection]
id=ISM_STAFF
uuid=cab7cc85-71ed-4e9c-acbc-ad1adacfc128
type=wifi
permissions=user:bodhi:;
secondaries=
[wifi]
mac-address=[MAC ADDRESS]
mac-address-blacklist=
mac-address-randomization=0
mode=infrastructure
seen-bssids=
ssid=ISM_STAFF
[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=
[802-1x]
altsubject-matches=
anonymous-identity=robertsonj
eap=peap;
identity=[IDENTITY]
password=[PASSWORD]
phase2-altsubject-matches=
phase2-auth=mschapv2
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
Re: WPA2 PEAP wifi authentication problem
Exploring using different live usb distributions:
Debian doesn't work
MX Linux doesn't work
Fedora doesn't work
Bodhi Linux (basically Ubuntu I think) works
Manjaro works
I'll leave this post here for a while in case anyone can give me some idea of how to find out what's going right/wrong, otherwise in a week or so I'll switch distribution.
Thank you.
Debian doesn't work
MX Linux doesn't work
Fedora doesn't work
Bodhi Linux (basically Ubuntu I think) works
Manjaro works
I'll leave this post here for a while in case anyone can give me some idea of how to find out what's going right/wrong, otherwise in a week or so I'll switch distribution.
Thank you.
Re: WPA2 PEAP wifi authentication problem
That's fascinating. I wonder if Debian Sid would work. What I'm thinking is that there is some minor package that needs updating. Firmware? Non-free firmware?
In your situation you have to do what you have to do. I am curious, though, as to what the problem is. If you ever figure it out let us know.
In your situation you have to do what you have to do. I am curious, though, as to what the problem is. If you ever figure it out let us know.
Re: WPA2 PEAP wifi authentication problem
Right. I've bailed and installed Manjaro. I have a life to lead after all. Thanks for all your help.
Re: WPA2 PEAP wifi authentication problem
I think that was the right move for you, having a life and all, I mean geez, congratulations?retrosnob wrote:Right. I've bailed and installed Manjaro. I have a life to lead after all. Thanks for all your help.
For anyone else with a similar issue, comparing the wpa_supplicant output using the exact same setup on each might offer a clue.
resigned by AI ChatGPT