Can't connect to WPA2 Enterprise PEAP network

Question

I know there are about a dozen other questions like this, but so far none have helped me.

My school uses a WPA2 Enterprise PEAP/MSCHAPv2 network without a cert(which I determined from a windows laptop that connected without an issue). I'm trying to connect with my Ubuntu 16.04 LTS machine (which is pretty much a fresh installation).

Unfortunately, it is unsuccessful. It tries to connect for a while, then brings up a username/password reentry dialogue. If you hit submit on this, it simply fails again and brings it back up.

The following shows the settings and the message that keeps coming up:

The following is the /etc/NetworkManager/system-connections/ entry:

[connection]
id=tusd-students
uuid=d815af85-42ad-49b2-b207-1db6359e8c9a
type=wifi
permissions=user:ashwin:;
secondaries=

[wifi]
mac-address={my mac address}
mac-address-blacklist=
mac-address-randomization=0
mode=infrastructure
seen-bssids=
ssid=tusd-students

[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=

[802-1x]
altsubject-matches=
eap=peap;
identity={my username}
password={my password}
phase2-altsubject-matches=
phase2-auth=mschapv2

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

I've read in many places that adding system-ca-certs=false fixes it, but that didn't work. I also tried adding the domain Domain\username but that didn't work. I've tried everything here and in many other posts. Not sure what to do, I'm new to Linux. Any help is greatly apreciated, if there is some other info I should include please let me know. Thanks!

note: I can't obtain a certificate because I seriously doubt I'll be able to contact someone who'd give me one (as I am a student). Not to mention, I don't think they'd be familiar with a Linux based system as the school issued computers are Windows 10.

edit: I read a lot that the problem was caused by Wpasupplicant 2.4. So, I tried downgrading to 2.1. This actually worked* when I restarted, but after a while disconnected and I couldn't get it to connect again. I even tried reinstalling wpasupplicant 2.1 but it still wouldn't connect. I'm not sure what all that implies, but at least I know that my laptop is capable of connecting to this network and I have the correct security settings/credentials.

*= the connection lasted for aprox. 10 minutes, and was much slower then it should've been. My windows laptop got 60 mbps download while this one got only 15 mbps. Granted however, Windows laptop is 2-3 years newer.

edit 2: My network card in the Ubuntu machine is a Centrino n 1000 Condor Peak from Intel. I'll gather more information on it when I get a chance.

Here is my NetworkManager log https://drive.google.com/file/d/0Bwv36xPVuImIdHQ3bjZvc25SNjg/view?usp=sharing

Here is my /var/log/syslog log https://drive.google.com/file/d/0Bwv36xPVuImIWlRaY2xFdVl1a3M/view?usp=sharing

The relevant portion of both seems to be:

Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8128] device (wlp4s0): Activation: (wifi) association took too long
Jul  6 07:58:10 smashtop NetworkManager[928]: <info>  [1499353090.8129] device (wlp4s0): state change: config -> need-auth (reason 'none') [50 60 0]
Jul  6 07:58:10 smashtop kernel: [36118.979991] wlp4s0: deauthenticating from 64:d8:14:86:09:27 by local choice (Reason: 3=DEAUTH_LEAVING)
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8163] device (wlp4s0): Activation: (wifi) asking for new secrets
Jul  6 07:58:10 smashtop wpa_supplicant[1053]: wlp4s0: CTRL-EVENT-DISCONNECTED bssid=64:d8:14:86:09:27 reason=3 locally_generated=1
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8285] sup-iface[0x292acb0,wlp4s0]: connection disconnected (reason -3)

I can test mon-thurs since I'm near the network on those days.

score 3 · Answer 1 · answered Oct 09 '17 at 13:47

This solved my problem (from here).

[ipv6]
method=auto

[connection]
id=SSID #(e.g.EDUroam)
uuid=9e123fbc-0123-46e3-97b5-f3214e123456 #unique uuid will be created upon creation of this profile
type=802-11-wireless

[802-11-wireless-security]
key-mgmt=wpa-eap
auth-alg=open

[802-11-wireless]
ssid=SSID
mode=infrastructure
mac-address=0A:12:3C:DA:C1:A5
security=802-11-wireless-security

[802-1x]
eap=peap;
identity=studentid123123
phase2-auth=mschapv2
password=mypass123123

[ipv4]
method=auto

Remove everything else.

I also patched DNSSEC with this, but I'm not sure if it is needed.

score 0 · Answer 2 · answered Jan 27 '21 at 20:15

I was having the same problem last week, connecting my ubuntu v18 to university wifi and the solution that worked for me was through the wpa_supplicant file shown below( credentials masked ).

vi /etc/wpa_supplicant/wpa_supplicant.conf

#wireless for seattle university
update_config=1
fast_reauth=1
ap_scan=1
network={
scan_ssid=1
ssid="SU-Secure"
key_mgmt=WPA-EAP
pairwise=CCMP
eap=PEAP
identity="xxx"
password="xxxx"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}

My command was ( note the interface name wlp1s0 )

sudo wpa_supplicant -B -i wlp1s0 -c /etc/wpa_supplicant/wpa_supplicant.conf

I should also add that I upgraded my packages and installed updates on drivers by running

sudo apt-get upgrade -y

score 0 · Answer 3 · answered Jun 25 '22 at 12:09

0

I solved the issue by using this command:

sudo apt -y --allow-downgrades install wpasupplicant -y --allow-change-held-packages

answered Jun 25 '22 at 12:09

Akshat Tripathi

1

score 0 · Answer 4 · answered Jul 19 '17 at 12:26

You need to obtain the CA Certificate for the network and install it as detailed In this answer. You should be able to obtain this by asking the IT technitians at the school

You will not be able to connect to the network properly otherwise because the network requires the client machine to have the certificate for authentification reasons. The reason it does not need to be done in windows is that when it connects to the network it automatically downloads and trusts the certificate during the connection process.

jones0610 · Answer 5 · 2017-07-21T01:19:30.267

All IT organizations that are not operating at level zero (chaos mode) of the ITSM publish procedures for standard operations such as connecting to the organizations network(s). One can always take their chances and try to connect to a network without consulting this document however, if using the standard, default connection choices doesn't work, step one would be to obtain a copy of your IT's wireless network connection procedure and follow it.

As an aside, it's very rare for non DOD/DOE environments to be especially rigid in their network connection protocols. This is especially true of academic environments, in my experience.

The OP posted a painfully long syslog file that turned out to be a log of a home network connection (which worked). That sort of information is obviously useless in troubleshooting this problem. You would need to look at

/var/log/syslog

after you try to connect to the school network and fail to succeed. It should be fairly obvious looking at syslog what is rejecting the connection and the solution may be obvious.

Likely suspects:

Incorrect/invalid username and/or password
Incorrect authentication type/settings
Attempting to connect to the wrong WiFi

Failing that, you are already aware of other relevant log files and tools that can help quickly zero in on your problem source.

I think the cert issue is a red herring. Your problem is likely to have a far less exotic cause.

Here's what seems to be the relevant log dialog:

Jul  6 07:57:45 smashtop wpa_supplicant[1053]: wlp4s0: SME: Trying to authenticate with 64:d8:14:86:09:27 (SSID='tusd-students' freq=2412 MHz)
Jul  6 07:57:45 smashtop kernel: [36094.105988] wlp4s0: authenticate with 64:d8:14:86:09:27
Jul  6 07:57:45 smashtop kernel: [36094.109190] wlp4s0: send auth to 64:d8:14:86:09:27 (try 1/3)
Jul  6 07:57:45 smashtop wpa_supplicant[1053]: wlp4s0: Trying to associate with 64:d8:14:86:09:27 (SSID='tusd-students' freq=2412 MHz)
Jul  6 07:57:45 smashtop kernel: [36094.126523] wlp4s0: authenticated
Jul  6 07:57:45 smashtop NetworkManager[928]: <info>  [1499353065.9681] device (wlp4s0): supplicant interface state: scanning -> authenticating
Jul  6 07:57:45 smashtop kernel: [36094.133417] wlp4s0: associate with 64:d8:14:86:09:27 (try 1/3)
Jul  6 07:57:45 smashtop NetworkManager[928]: <info>  [1499353065.9731] device (wlp4s0): supplicant interface state: authenticating -> associating
Jul  6 07:57:46 smashtop kernel: [36094.233907] wlp4s0: RX AssocResp from 64:d8:14:86:09:27 (capab=0x431 status=0 aid=19)
Jul  6 07:57:46 smashtop wpa_supplicant[1053]: wlp4s0: Associated with 64:d8:14:86:09:27
Jul  6 07:57:46 smashtop kernel: [36094.239782] wlp4s0: associated
Jul  6 07:57:46 smashtop kernel: [36094.239849] IPv6: ADDRCONF(NETDEV_CHANGE): wlp4s0: link becomes ready
Jul  6 07:57:46 smashtop wpa_supplicant[1053]: wlp4s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US
Jul  6 07:57:46 smashtop wpa_supplicant[1053]: wlp4s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Jul  6 07:57:46 smashtop NetworkManager[928]: <info>  [1499353066.0795] device (wlp4s0): supplicant interface state: associating -> associated
Jul  6 07:57:46 smashtop kernel: [36094.298099] wlp4s0: Limiting TX power to 11 dBm as advertised by 64:d8:14:86:09:27
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8128] device (wlp4s0): Activation: (wifi) association took too long
Jul  6 07:58:10 smashtop NetworkManager[928]: <info>  [1499353090.8129] device (wlp4s0): state change: config -> need-auth (reason 'none') [50 60 0]
Jul  6 07:58:10 smashtop kernel: [36118.979991] wlp4s0: deauthenticating from 64:d8:14:86:09:27 by local choice (Reason: 3=DEAUTH_LEAVING)
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8163] device (wlp4s0): Activation: (wifi) asking for new secrets
Jul  6 07:58:10 smashtop wpa_supplicant[1053]: wlp4s0: CTRL-EVENT-DISCONNECTED bssid=64:d8:14:86:09:27 reason=3 locally_generated=1
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8285] sup-iface[0x292acb0,wlp4s0]: connection disconnected (reason -3)
Jul  6 07:58:10 smashtop NetworkManager[928]: <info>  [1499353090.8287] device (wlp4s0): supplicant interface state: associated -> disconnected
Jul  6 07:58:10 smashtop wpa_supplicant[1053]: wlp4s0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Jul  6 07:58:10 smashtop gnome-session[1691]: nm-applet-Message: No keyring secrets found for tusd-students 1/802-1x; asking user

Right after the wireless transmit power is reduced your machine seems to "forget" that it just successfully authenticated. You're never given a DHCP lease and the client never asks for one.

Based on what I'm seeing in your logs I'd be looking for a wifi hardware or a wifi driver problem.

Can't connect to WPA2 Enterprise PEAP network

5 Answers5

Linked