FS#24929 - [netcfg] Broken support for 802.1x in netcfg 2.5.5

Attached to Project: Arch Linux
Opened by Nicola Mori (snack) - Tuesday, 28 June 2011, 15:46 GMT
Last edited by Rémy Oudompheng (remyoudompheng) - Sunday, 21 August 2011, 12:06 GMT
Task Type Bug Report
Category Arch Projects
Status Closed
Assigned To Rémy Oudompheng (remyoudompheng)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:

Since netcfg 2.5.5 I can't connect anymore to the wireless 802.1x network in my institute. I obtain this error message:

$ sudo netcfg 6-INFN-dot1x
:: 6-INFN-dot1x up [BUSY]
> WPA Authentication/Association Failed [FAIL]

It works with netcfg 2.5.4 or manually associating to the access point by invoking wpa_supplicant from command line an then dhcpcd.

Additional info:
* package version(s)
netcfg 2.5.5-1

* config and/or log files etc.

$ cat /etc/network.d/6-INFN-dot1x

CONNECTION="wireless"
INTERFACE=wlan0
HOSTNAME="elric"
DESCRIPTION="INFN-dot1x"
ESSID="INFN-dot1x"
SCAN="yes"
TIMEOUT=20
SECURITY="wpa-config"
WPA_CONF="/etc/wpa_supplicant.conf-INFN-dot1x"
IP="dhcp"

$ cat /etc/wpa_supplicant.conf-INFN-dot1x

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=2
fast_reauth=1

network={
ssid="INFN-dot1x"
proto=WPA
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=TTLS
identity=<my identity>
password=<my password>
ca_cert=<my certificate>
phase2="auth=PAP"
priority=1
}

Steps to reproduce:
Configure netcfg to connect to a 802.1x wireless network and try to connect to it
This task depends upon

Closed by  Rémy Oudompheng (remyoudompheng)
Sunday, 21 August 2011, 12:06 GMT
Reason for closing:  Won't fix
Additional comments about closing:  Not really a bug of netcfg: wpa_supplicant had to be explicitly specificied driver "wext" with WPA_DRIVER=wext to work properly.
Comment by Arcaik (arcaik) - Friday, 01 July 2011, 15:53 GMT
I have something like this with netcfg-2.6.1-1 (it works with 2.5.5-1) :
(root) |> ~ <| netcfg Home
:: Home up [BUSY]
ok
> WPA Authentication/Association Failed [FAIL]

(root) |> ~ <| cat /etc/network.d/Home
CONNECTION='wireless'
DESCRIPTION='A simple WPA encrypted wireless connection'
INTERFACE='wlan0'
SECURITY='wpa'
ESSID='XXX'
KEY='XXX'
IP='dhcp'
Comment by Thomas Lucke (Lucky) - Sunday, 03 July 2011, 20:38 GMT
Did you reboot after the upgrade? I got the same error but after a reboot, netcfg 2.6.1 works fine.
Comment by Leonid Isaev (lisaev) - Thursday, 14 July 2011, 20:08 GMT
Please remove HOSTNAME, SCAN and ESSID from your profile. I have a very similar wireless setup at my univ. and my laptop connects just fine.
Comment by Nicola Mori (snack) - Friday, 15 July 2011, 09:33 GMT
I commented out HOSTNAME, SCAN and ESSID from my profile as suggested by lisaev, but nothing changes: netcfg 2.5.5 is unable to connect, while 2.5.4 just works.
Comment by Rémy Oudompheng (remyoudompheng) - Friday, 15 July 2011, 21:50 GMT
Hello, can you test netcfg 2.6.4 from [testing] ? I don't think I will give support for earlier versions.
Comment by Nicola Mori (snack) - Monday, 18 July 2011, 12:17 GMT
I tried netcfg 2.6.5 from [testing]. It still does not work, but this version outputs this messages:

$ sudo netcfg 6-INFN-dot1x
:: 6-INFN-dot1x up [BUSY]
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
> Wireless network "INFN-dot1x" not present. [FAIL]

I tried to comment out HOSTNAME, SCAN and ESSID from profile file as lisaev suggested a few comments above, but it doesn't help:

$ sudo netcfg 6-INFN-dot1x
:: 6-INFN-dot1x up [BUSY]
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory
Failed to connect to wpa_supplicant - wpa_ctrl_open: No such file or directory

> WPA Authentication/Association Failed [FAIL]

Again, downgrading to 2.5.4 makes everything work smoothly.
Comment by Rémy Oudompheng (remyoudompheng) - Tuesday, 19 July 2011, 05:39 GMT
The reason is that the ctrl_interface has moved to /run/wpa_supplicant by default, and that netcfg is not aware at all of people specifying their own path. There is definitely something to fix here, but previously I don't think it would work with people specifying fancy paths for this.
Comment by Rémy Oudompheng (remyoudompheng) - Saturday, 30 July 2011, 19:11 GMT
Please try netcfg 2.6.6
Comment by Nicola Mori (snack) - Wednesday, 03 August 2011, 09:27 GMT
Still broken in netcfg 2.6.6:

$ sudo netcfg 6-INFN-dot1x
:: 6-INFN-dot1x up [BUSY]
> WPA Authentication/Association Failed [FAIL]
Comment by Rémy Oudompheng (remyoudompheng) - Saturday, 20 August 2011, 10:19 GMT
try increasing the value of TIMEOUT in your profile and run netcfg with NETCFG_DEBUG=1.
Comment by Nicola Mori (snack) - Saturday, 20 August 2011, 17:30 GMT
I have been able to set up a minimal 802.1x athentication on my router at home, to identify the problem (bisecting the problem at work was not feasible...). I did a git bisect between tags 2.5.4 (good) and 2.5.5 (bad). The problem is in commit 14ce7ede9d5b494229ca902f8a7ba21f3e58de9c:

Change default wpa driver to nl80211,wext - requires wpa_supplicant 0.7

specifically in src/connections/wireless:

- [[ -z "$WPA_DRIVER" ]] && WPA_DRIVER="wext"
+ [[ -z "$WPA_DRIVER" ]] && WPA_DRIVER="nl80211,wext"

Undoing this modification is sufficient to let my laptop connect to the 802.1x network. But I don't know what does it implies...
Could it generate a timeout problem? Is it worth to try increasing timeout as you suggested in the previous message? Thanks.
Comment by Nicola Mori (snack) - Saturday, 20 August 2011, 18:59 GMT
Setting timeout to 60 (previously was 20) didn't help. I tried also to run netcfg with debug output. For 2.5.4:

# NETCFG_DEBUG="yes" netcfg 8-test
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
:: 8-test up [BUSY]
DEBUG: status reported to profile_up as:
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
DEBUG: wireless_up stop_wpa wlan0
DEBUG: wireless_up ifup
DEBUG: wireless_up scanning
DEBUG: find_essid "NETGEARSNACK"
DEBUG: wireless_up Configuration generated at /etc/wpa_supplicant.conf-test
DEBUG: wireless_up start_wpa wlan0 /etc/wpa_supplicant.conf-test wext
DEBUG: wireless_up wpa_check
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
DEBUG: ethernet_iproute_up ifup
DEBUG: ethernet_up dhcpcd -qL -t 10 wlan0
DEBUG:
DEBUG: ethernet_iproute_up hostname elric [DONE]

For 2.5.5:

# NETCFG_DEBUG="yes" netcfg 8-test
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
:: 8-test up [BUSY]
DEBUG: status reported to profile_up as:
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
DEBUG: wireless_up stop_wpa wlan0
DEBUG: wireless_up ifup
DEBUG: wireless_up scanning
DEBUG: find_essid "NETGEARSNACK"
DEBUG: wireless_up Configuration generated at /etc/wpa_supplicant.conf-test
DEBUG: wireless_up start_wpa wlan0 /etc/wpa_supplicant.conf-test nl80211,wext
DEBUG: wireless_up wpa_check

> WPA Authentication/Association Failed
DEBUG: profile_up connect failed [FAIL]

For 2.6.7:

# netcfg 8-test
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
:: 8-test up [BUSY]
DEBUG: status reported to profile_up as:
DEBUG: Loading profile 8-test
DEBUG: Configuring interface wlan0
DEBUG: wireless_up stop_wpa wlan0
DEBUG: wireless_up start_wpa wlan0 /etc/wpa_supplicant.conf-test nl80211,wext
DEBUG: wireless_up scanning
DEBUG: wpa_cli -p /var/run/wpa_supplicant -i wlan0 scan
DEBUG: wpa_find_essid "NETGEARSNACK"
DEBUG: wireless_up stop_wpa wlan0
DEBUG: wireless_up ifup
DEBUG: wireless_up start_wpa wlan0 /etc/wpa_supplicant.conf-test nl80211,wext
DEBUG: wireless_up wpa_check
DEBUG: wpa_cli -p /var/run/wpa_supplicant -i wlan0 status

> WPA Authentication/Association Failed
DEBUG: profile_up connect failed [FAIL]
Comment by Rémy Oudompheng (remyoudompheng) - Sunday, 21 August 2011, 09:52 GMT
I think the nl80211 driver interface does not work for your wireless card. The commit you mention was meant to use the newer nl80211 interface by default, and wext in case nl80211 is not available. So nl80211 is malfunctioning instead of unavailable for you, and the fix is not to revert the commit, but you need to specify WPA_DRIVER=wext in your profiles.
Comment by Nicola Mori (snack) - Sunday, 21 August 2011, 10:19 GMT
OK, I was not proposing to revert that commit, but simply pointing out that my problem is due to that. Anyway, I tried specifying WPA_DRIVER=wext and this makes 2.5.5 and 2.6.7 work. I don't know what's wrong with my wireless card, it is a very common Intel 5100 and I suppose driver is in good shape. Maybe it is not compatible with this new nl80211 interface, but anyway that commit breaks things up if no modification is done to config files; so I think it is worth mentioning the WPA_DRIVER=wext workarond in the wiki.
Thank you very much for your support!

Loading...