-
-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NetworkManager fails to connect to enterprise network #193646
Comments
I had the same happen with eduroam at my institution, a quick look at how to override openssl I ended up with this workaround that does not require pulling down this patch: https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e {
systemd.services.wpa_supplicant.environment.OPENSSL_CONF = pkgs.writeText "openssl.cnf" ''
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
'';
} |
Two of my friends and I have the same issue with our university's network. We're the only NixOS users in university (as far as we know). All other students can connect normally. @Myaats workaround did not work for us. |
@AmeerTaweel: We might have different issues. Do you mind sharing the log for wpa_supplicant? |
@fee1-dead sure, but can you please tell me the exact command to run? This is the first time I deal with |
If you are using NetworkManager, then I guess |
I just tried to connect to the university's network. This is the log: Oct 25 16:17:09 fg001 dhcpcd[1008]: wlo1: old hardware address: 5e:b3:ea:7c:cb:bd
Oct 25 16:17:09 fg001 dhcpcd[1008]: wlo1: new hardware address: d0:c6:37:3e:44:c8
Oct 25 16:17:09 fg001 wpa_supplicant[1320]: wlo1: SME: Trying to authenticate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 16:17:09 fg001 kernel: wlo1: authenticate with d8:84:66:5d:7e:80
Oct 25 16:17:09 fg001 kernel: wlo1: send auth to d8:84:66:5d:7e:80 (try 1/3)
Oct 25 16:17:09 fg001 wpa_supplicant[1320]: wlo1: Trying to associate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 16:17:09 fg001 kernel: wlo1: authenticated
Oct 25 16:17:09 fg001 kernel: wlo1: associate with d8:84:66:5d:7e:80 (try 1/3)
Oct 25 16:17:09 fg001 kernel: wlo1: RX AssocResp from d8:84:66:5d:7e:80 (capab=0x411 status=0 aid=4)
Oct 25 16:17:09 fg001 wpa_supplicant[1320]: wlo1: Associated with d8:84:66:5d:7e:80
Oct 25 16:17:09 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 25 16:17:09 fg001 kernel: wlo1: associated
Oct 25 16:17:09 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Oct 25 16:17:10 fg001 kernel: wlo1: disassociated from d8:84:66:5d:7e:80 (Reason: 23=IEEE8021X_FAILED)
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-DISCONNECTED bssid=d8:84:66:5d:7e:80 reason=23
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="KU" auth_failures=1 duration=10 reason=AUTH_FAILED
Oct 25 16:17:10 fg001 wpa_supplicant[1320]: BSSID d8:84:66:5d:7e:80 ignore list count incremented to 2, ignoring for 10 seconds
Oct 25 16:17:10 fg001 dhcpcd[1008]: wlo1: carrier lost
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-SSID-REENABLED id=0 ssid="KU"
Oct 25 16:17:21 fg001 kernel: wlo1: authenticate with d8:84:66:5d:7e:80
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: SME: Trying to authenticate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 16:17:21 fg001 kernel: wlo1: send auth to d8:84:66:5d:7e:80 (try 1/3)
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: Trying to associate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 16:17:21 fg001 kernel: wlo1: authenticated
Oct 25 16:17:21 fg001 kernel: wlo1: associate with d8:84:66:5d:7e:80 (try 1/3)
Oct 25 16:17:21 fg001 kernel: wlo1: RX AssocResp from d8:84:66:5d:7e:80 (capab=0x411 status=0 aid=4)
Oct 25 16:17:21 fg001 kernel: wlo1: associated
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: Associated with d8:84:66:5d:7e:80
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Oct 25 16:17:21 fg001 kernel: wlo1: disassociated from d8:84:66:5d:7e:80 (Reason: 23=IEEE8021X_FAILED)
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-DISCONNECTED bssid=d8:84:66:5d:7e:80 reason=23
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: wlo1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="KU" auth_failures=2 duration=35 reason=AUTH_FAILED
Oct 25 16:17:21 fg001 wpa_supplicant[1320]: BSSID d8:84:66:5d:7e:80 ignore list count incremented to 3, ignoring for 60 seconds
Oct 25 16:17:22 fg001 dhcpcd[1008]: wlo1: carrier lost
Oct 25 16:17:34 fg001 NetworkManager[1085]: <warn> [1666703854.5926] device (wlo1): Activation: (wifi) association took too long
Oct 25 16:17:34 fg001 NetworkManager[1085]: <warn> [1666703854.5940] device (wlo1): Activation: (wifi) asking for new secrets
Oct 25 16:17:34 fg001 .nm-applet-wrap[76974]: No keyring secrets found for KU/802-1x; asking user.
Oct 25 16:17:34 fg001 dbus-daemon[992]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.250' (uid=1000 pid=76974 comm="/nix/store/ifjw45vsjh07fgiyk15d93chm2nw55vf-networ" label="kernel")
Oct 25 16:17:34 fg001 systemd[1]: Starting Hostname Service...
Oct 25 16:17:34 fg001 dbus-daemon[992]: [system] Successfully activated service 'org.freedesktop.hostname1'
Oct 25 16:17:34 fg001 systemd[1]: Started Hostname Service.
Oct 25 16:17:36 fg001 NetworkManager[1085]: <warn> [1666703856.2863] device (wlo1): no secrets: User canceled the secrets request.
Oct 25 16:17:36 fg001 dhcpcd[1008]: wlo1: old hardware address: d0:c6:37:3e:44:c8
Oct 25 16:17:36 fg001 dhcpcd[1008]: wlo1: new hardware address: 1e:e9:1c:ac:33:45
Oct 25 16:17:36 fg001 NetworkManager[1085]: <warn> [1666703856.2956] device (wlo1): Activation: failed for connection 'KU'
Oct 25 16:18:04 fg001 systemd[1]: systemd-hostnamed.service: Deactivated successfully. |
You might need to decrease the minimum supported TLS version. In the openssl conf for wpa_supplicant, try adding these two lines:
|
I tried adding these lines to Oct 25 20:52:04 fg001 systemd[1]: Starting WPA supplicant...
Oct 25 20:52:04 fg001 wpa_supplicant[204780]: Successfully initialized wpa_supplicant
Oct 25 20:52:04 fg001 systemd[1]: Started WPA supplicant.
Oct 25 20:52:04 fg001 nixos[201796]: finished switching to system configuration /nix/store/l2mavv7m2brlqg7jbhzngyrz5dmgpv7y-nixos-system-fg001-22.11.20221021.93e0ac1
Oct 25 20:52:04 fg001 sudo[201795]: pam_unix(sudo:session): session closed for user root
Oct 25 20:52:04 fg001 sudo[200472]: pam_unix(sudo:session): session closed for user root
Oct 25 20:52:13 fg001 NetworkManager[1085]: <warn> [1666720333.2781] device (wlo1): re-acquiring supplicant interface (#1).
Oct 25 20:52:42 fg001 sxhkd[77951]: [77987:78003:1025/205242.080055:ERROR:ssl_client_socket_impl.cc(983)] handshake failed; returned -1, SSL error code 1, net_error -107
Oct 25 20:52:42 fg001 sxhkd[77951]: [77987:78003:1025/205242.088870:ERROR:ssl_client_socket_impl.cc(983)] handshake failed; returned -1, SSL error code 1, net_error -107
Oct 25 20:52:42 fg001 sxhkd[77951]: [77987:78003:1025/205242.107725:ERROR:ssl_client_socket_impl.cc(983)] handshake failed; returned -1, SSL error code 1, net_error -107
Oct 25 20:52:42 fg001 sxhkd[77951]: [77987:78003:1025/205242.118589:ERROR:ssl_client_socket_impl.cc(983)] handshake failed; returned -1, SSL error code 1, net_error -107
Oct 25 20:52:48 fg001 dhcpcd[1008]: wlo1: old hardware address: 7e:02:5a:13:77:0d
Oct 25 20:52:48 fg001 dhcpcd[1008]: wlo1: new hardware address: d0:c6:37:3e:44:c8
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: SME: Trying to authenticate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 20:52:48 fg001 kernel: wlo1: authenticate with d8:84:66:5d:7e:80
Oct 25 20:52:48 fg001 kernel: wlo1: send auth to d8:84:66:5d:7e:80 (try 1/3)
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: Trying to associate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 20:52:48 fg001 kernel: wlo1: authenticated
Oct 25 20:52:48 fg001 kernel: wlo1: associate with d8:84:66:5d:7e:80 (try 1/3)
Oct 25 20:52:48 fg001 kernel: wlo1: RX AssocResp from d8:84:66:5d:7e:80 (capab=0x411 status=0 aid=5)
Oct 25 20:52:48 fg001 kernel: wlo1: associated
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: Associated with d8:84:66:5d:7e:80
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Oct 25 20:52:48 fg001 kernel: wlo1: disassociated from d8:84:66:5d:7e:80 (Reason: 23=IEEE8021X_FAILED)
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-DISCONNECTED bssid=d8:84:66:5d:7e:80 reason=23
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="KU" auth_failures=1 duration=10 reason=AUTH_FAILED
Oct 25 20:52:48 fg001 wpa_supplicant[204780]: BSSID d8:84:66:5d:7e:80 ignore list count incremented to 2, ignoring for 10 seconds
Oct 25 20:52:49 fg001 dhcpcd[1008]: wlo1: carrier lost
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-SSID-REENABLED id=0 ssid="KU"
Oct 25 20:52:59 fg001 kernel: wlo1: authenticate with d8:84:66:5d:7e:80
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: SME: Trying to authenticate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 20:52:59 fg001 kernel: wlo1: send auth to d8:84:66:5d:7e:80 (try 1/3)
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: Trying to associate with d8:84:66:5d:7e:80 (SSID='KU' freq=5220 MHz)
Oct 25 20:52:59 fg001 kernel: wlo1: authenticated
Oct 25 20:52:59 fg001 kernel: wlo1: associate with d8:84:66:5d:7e:80 (try 1/3)
Oct 25 20:52:59 fg001 kernel: wlo1: RX AssocResp from d8:84:66:5d:7e:80 (capab=0x411 status=0 aid=5)
Oct 25 20:52:59 fg001 kernel: wlo1: associated
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: Associated with d8:84:66:5d:7e:80
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=KUADRAD01.kocun.dslocal' hash=8bd1292d3828a5d6fbb08741ff15f8b7688fe7e53ad27a0ea88a8fac99696d27
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:KUADRAD01.kocun.dslocal
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Oct 25 20:52:59 fg001 kernel: wlo1: disassociated from d8:84:66:5d:7e:80 (Reason: 23=IEEE8021X_FAILED)
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-DISCONNECTED bssid=d8:84:66:5d:7e:80 reason=23
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: wlo1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="KU" auth_failures=2 duration=36 reason=AUTH_FAILED
Oct 25 20:52:59 fg001 wpa_supplicant[204780]: BSSID d8:84:66:5d:7e:80 ignore list count incremented to 3, ignoring for 60 seconds
Oct 25 20:53:00 fg001 dhcpcd[1008]: wlo1: carrier lost
Oct 25 20:53:13 fg001 NetworkManager[1085]: <warn> [1666720393.2713] device (wlo1): Activation: (wifi) association took too long
Oct 25 20:53:13 fg001 NetworkManager[1085]: <warn> [1666720393.2729] device (wlo1): Activation: (wifi) asking for new secrets
Oct 25 20:53:13 fg001 .nm-applet-wrap[76974]: No keyring secrets found for KU/802-1x; asking user.
Oct 25 20:53:13 fg001 dbus-daemon[992]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.250' (uid=1000 pid=76974 comm="/nix/store/ifjw45vsjh07fgiyk15d93chm2nw55vf-networ" label="kernel")
Oct 25 20:53:13 fg001 systemd[1]: Starting Hostname Service...
Oct 25 20:53:13 fg001 dbus-daemon[992]: [system] Successfully activated service 'org.freedesktop.hostname1'
Oct 25 20:53:13 fg001 systemd[1]: Started Hostname Service.
Oct 25 20:53:15 fg001 NetworkManager[1085]: <warn> [1666720395.3063] device (wlo1): no secrets: User canceled the secrets request.
Oct 25 20:53:15 fg001 dhcpcd[1008]: wlo1: old hardware address: d0:c6:37:3e:44:c8
Oct 25 20:53:15 fg001 dhcpcd[1008]: wlo1: new hardware address: 0e:bc:05:ef:1b:3f
Oct 25 20:53:15 fg001 NetworkManager[1085]: <warn> [1666720395.3153] device (wlo1): Activation: failed for connection 'KU' |
Nvm, my problem is solved. |
I am also affected by this one using
These are the relevant logs:
Thanks to @Myaats , their workaround did the trick. |
I tried to dig around myself what the issue actually was and I think it might be a NetworkManager bug, as it is IMPOSSIBLE to set 802-1x.phase1-auth-flags to anything (although in theory you could enable older TLS support with it). Setting it manually in the |
The flags are undocumented, however if you take a look at their repo they look like: |
It's not. The same issue occurs when using wpa_supplicant without NetworkManager. |
So I'm guessing the real cause is OpenSSL raising the minimum TLS version? |
The flags to enable legacy TLS versions were commited to the main branch after the release of NetworkManager currently in nixpkgs. It has also not been backported to the 1.40 release series and there are no stable releases with it unless I missed something. I think the easiest way to solve it for now is just to override the openssl config manually as I previously showed. |
Unfortunately it didn't work for me, it still kept TLSv1.0 disabled even with the custom OpenSSL version. (Maybe something in my config broke it) But THANKFULLY there is yet another solution. For those reading, please try @Myaats solution first, then mine:
Thank you and have a nice day. |
I have added the below lines to my config:
However, I still get the error:
I am not willing to use iwd. How can we fix this issue? |
I found this as the solution implemented in Ubuntu https://launchpadlibrarian.net/605188576/wpa_2%3A2.10-6ubuntu1_2%3A2.10-6ubuntu2.diff.gz |
@Zahrun that TLS version is really low and doesn't seem to be secure. It is unrelated to this issue though. |
Well it is somewhat related since my issue is "NetworkManager fails to connect to enterprise network" and it is due to OpenSSL security (or rather my university WiFi using unsecure protocols, but that is harder to change).
Now I can connect to WiFi. EDIT: If anyone runs into the same situation, below is the solution I use for my own configuration. Please be aware that this will remove all security check on all wifi interfaces and set the security level to 0. I think a better solution would be to implement Ubuntu’s patch to wpa_supplicant. However if you decide that you want to be able to connect to unsafe network even though you understand the security concern, here is my local workaround:
wpa_supplicant.sh
wpa_supplicant.conf
EDIT2: a better solution is already in the wpa_supplicant upstream repo #219390 |
Upstream, being aware of the issue you faced, implemented an option in wpa_supplicant.conf Debian bookworm uses this patch to fix the issue https://sources.debian.org/patches/wpa/2:2.10-11/allow-legacy-renegotiation.patch/ |
Describe the bug
There is more information on the Red Hat issue but the wpa_supplicant used by NetworkManager fails due to OpenSSL "unsafe legacy renegotiation disabled" error. This happens on networks from aruba on the unstable channel.
Steps To Reproduce
Steps to reproduce the behavior:
Expected behavior
successfully connect to the enterprise network
Additional context
This might be an upstream issue, but there should at least be a configuration option that should change the openssl config used by wpa_supplicant used by networkmanager so that it is possible to connect to these networks.
Notify maintainers
@domenkozar @obadz @maxeaubrey
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.This is the metadata on the version that works (22.05)
The text was updated successfully, but these errors were encountered: