# WPA2-Enterprise on MacBook Pro

## eNca

Hi,

I have gentoo on MacBook Pro installed. I'm using wl kernel driver (installed from net-wireless/broadcom-sta package).

It works well on my home network with WPA2-Personal and on few other networks but I'm not able to connect at work to the WPA2-Enterprise network.

Everytime when I try to connect via wpa_supplicant then these lines appears in /var/log/messages:

```

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830212] WARNING: CPU: 5 PID: 7262 at net/wireless/sme.c:850 cfg80211_roamed+0x86/0xa0 [cfg80211]()

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830214] Modules linked in: wl(POE) hidp ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack nf_nat nf_conntrack br_netfilter bridge stp llc dm_thin_pool dm_persistent_data dm_bio_prison cfg80211 cmac ecb bnep iTCO_wdt iTCO_vendor_support snd_hda_codec_cirrus snd_hda_codec_generic snd_hda_codec_hdmi x86_pkg_temp_thermal coretemp snd_usb_audio snd_hda_intel snd_hda_codec snd_usbmidi_lib btusb snd_hwdep kvm_intel kvm btrtl btbcm btintel bluetooth snd_rawmidi snd_hda_core irqbypass snd_seq_device crc32c_intel cryptd snd_pcm rfkill lpc_ich pcspkr snd_timer i2c_i801 mfd_core firewire_ohci xts gf128mul cbc sha256_generic iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi vmxnet3 virtio_net virtio_ring virtio tg3 libphy sky2 r8169 pcnet32 mii igb ptp pps_core dca e1000 bnx2 atl1c fuse xfs nfs lockd grace sunrpc fscache jfs reiserfs btrfs ext4 jbd2 ext2 mbcache linear raid10 raid1 raid0 dm

Jan 16 09:45:30 vvotipka-gentoo kernel: raid raid456 async_raid6_recov async_memcpy libcrc32c async_pq async_xor xor async_tx raid6_pq dm_snapshot dm_bufio dm_crypt dm_mirror dm_region_hash dm_log dm_mod firewire_core crc_itu_t sl811_hcd usb_storage aic94xx libsas lpfc qla2xxx megaraid_sas megaraid_mbox megaraid_mm aacraid sx8 hpsa cciss 3w_9xxx 3w_xxxx 3w_sas mptsas scsi_transport_sas mptfc scsi_transport_fc mptspi mptscsih mptbase imm parport sym53c8xx initio arcmsr aic7xxx aic79xx scsi_transport_spi sr_mod cdrom sg sd_mod pdc_adma sata_inic162x sata_mv ata_piix ahci libahci sata_qstor sata_vsc sata_uli sata_sis sata_sx4 sata_nv sata_via sata_svw sata_sil24 sata_sil sata_promise pata_via pata_jmicron pata_marvell pata_sis pata_netcell pata_pdc202xx_old pata_atiixp pata_amd pata_ali pata_it8213 pata_pcmcia pata_serverworks pata_oldpiix pata_artop pata_it821x pata_hpt3x2n pata_hpt3x3 pata_hpt37x pata_hpt366 pata_cmd64x pata_sil680 pata_pdc2027x

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830326] CPU: 5 PID: 7262 Comm: wl_event_handle Tainted: P        W  OE   4.4.39-gentoomac #1

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830328] Hardware name: Apple Inc. MacBookPro11,2/Mac-3CBD00234E554E41, BIOS MBP112.88Z.0138.B18.1610201654 10/20/2016

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830330]  0000000000000000 ffff880271823dd0 ffffffff8129e292 0000000000000000

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830333]  ffffffffa0efa11b ffff880271823e08 ffffffff810592e6 ffff880077803000

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830335]  ffff880273f794c0 000000000000008a ffff8801f07277c0 ffff880076059b08

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830337] Call Trace:

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830344]  [<ffffffff8129e292>] dump_stack+0x67/0x95

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830351]  [<ffffffff810592e6>] warn_slowpath_common+0x86/0xc0

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830356]  [<ffffffff810593da>] warn_slowpath_null+0x1a/0x20

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830377]  [<ffffffffa0ed9ee6>] cfg80211_roamed+0x86/0xa0 [cfg80211]

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830416]  [<ffffffffa10be3e5>] wl_pcie_bar1+0x3875/0x5910 [wl]

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830444]  [<ffffffffa10bad10>] wl_pcie_bar1+0x1a0/0x5910 [wl]

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830474]  [<ffffffffa10bacb0>] ? wl_pcie_bar1+0x140/0x5910 [wl]

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830477]  [<ffffffff810752c9>] kthread+0xc9/0xe0

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830480]  [<ffffffff81075200>] ? kthread_create_on_node+0x170/0x170

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830484]  [<ffffffff817666bf>] ret_from_fork+0x3f/0x70

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830487]  [<ffffffff81075200>] ? kthread_create_on_node+0x170/0x170

Jan 16 09:45:30 vvotipka-gentoo kernel: [ 4610.830488] ---[ end trace 998ad7115e9c4a64 ]---

```

My wpa_supplicant.conf file looks like this:

```

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel

update_config=1

network={

   ssid="home"

   psk="some_secret_pass"

   proto=RSN

   key_mgmt=WPA-PSK

   pairwise=CCMP

   auth_alg=OPEN

}

network={

   ssid="WORK"

   proto=RSN

   key_mgmt=WPA-EAP

   pairwise=CCMP

   auth_alg=OPEN

   eap=MD5

   identity="correct_identity"

   password="correct_password"

}

```

Home network works well, work network doesn't. Fields ssid, psk, identity and password was changed in the listing above. 

Where is to correct place to report this problem? Is it gentoo bugzilla or broadcom suppoort? Unfortunatelly the home page from ebuild (http://www.broadcom.com/support/802.11/) returns 404 error.

Some info about my computer and configuration:

```

# lspci -s 2:0 -nn -k

02:00.0 Network controller [0280]: Broadcom Corporation BCM4360 802.11ac Wireless Network Adapter [14e4:43a0] (rev 03)

   Subsystem: Apple Inc. BCM4360 802.11ac Wireless Network Adapter [106b:0134]

   Kernel driver in use: wl

   Kernel modules: wl

```

```

# equery l broadcom-sta 

 * Searching for broadcom-sta ...

[IP-] [  ] net-wireless/broadcom-sta-6.30.223.271-r4:0

```

```

# zgrep 'CONFIG_\(PACKET\|IPW2100\|MAC80211\|BRCMFMAC\|SSB\|BCMA\|B43\)' /proc/config.gz 

CONFIG_PACKET=y

CONFIG_PACKET_DIAG=m

# CONFIG_MAC80211 is not set

CONFIG_MAC80211_STA_HASH_MAX_SIZE=0

# CONFIG_BRCMFMAC is not set

CONFIG_IPW2100=m

# CONFIG_IPW2100_MONITOR is not set

# CONFIG_IPW2100_DEBUG is not set

CONFIG_SSB_POSSIBLE=y

# CONFIG_SSB is not set

CONFIG_BCMA_POSSIBLE=y

# CONFIG_BCMA is not set

```

----------

## charles17

Have you checked the Known problems & limitations section?

----------

## eNca

 *charles17 wrote:*   

> Have you checked the Known problems & limitations section?

 

Yes, I have.

If I understand this page well then it tells that my wireless network adapter [14e4:43a0] is not supported by b43 driver and there is an alternative driver called wl.

That's the reason why I have B43 disabled in kernel and I'm using wl driver installed via broadcom-sta package.

My post is about problems with wl driver not with b43.

Anyway thanks for reply.

----------

## charles17

Looks like your problem were in wpa_supplicant.  Could you try running wpa_supplicant in debug mode?

----------

## khayyam

 *charles17 wrote:*   

> Looks like your problem were in wpa_supplicant.  Could you try running wpa_supplicant in debug mode?

 

charles17 ... well, no, there is definitely a bug in cgf80211, wpa_supplicant is perhaps the trigger, but not the cause.

@eNca ... please try with another kernel (what version is the above?) and see if the same happens. As for wpa_supplicant.conf you will need TLS.

```
network={

   ssid="WORK"

   scan_ssid=1

   key_mgmt=WPA-EAP

   eap=TTLS

   phase2="auth=MD5"

   identity="correct_identity@domain.tld"

   anonymous_identity="anonymous@domain.tld"

   password="correct_password"

   ca_cert="/path/to/cert/cert.pem"

}
```

HTH & best ... khay

----------

## eNca

 *charles17 wrote:*   

> Looks like your problem were in wpa_supplicant.  Could you try running wpa_supplicant in debug mode?

 

I had run wpa_supplicant in debug mode and according to this part of log file it seems that an DEAUTH event is received right after successful authentication.

```

   ...cut...

EAP: EAP entering state RECEIVED

EAP: Received EAP-Success

EAP: Status notification: completion (param=success)

EAP: EAP entering state SUCCESS

wlp2s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

EAPOL: SUPP_BE entering state RECEIVE

EAPOL: SUPP_BE entering state SUCCESS

EAPOL: SUPP_BE entering state IDLE

nl80211: Event message available

nl80211: Drv Event 48 (NL80211_CMD_DISCONNECT) received for wlp2s0

nl80211: Disconnect event

wlp2s0: Event DEAUTH (12) received

wlp2s0: Deauthentication notification

wlp2s0:  * reason 0

Deauthentication frame IE(s) - hexdump(len=0): [NULL]

wlp2s0: CTRL-EVENT-DISCONNECTED bssid=04:bd:88:58:70:b1 reason=0

wlp2s0: Auto connect enabled: try to reconnect (wps=0/0 wpa_state=6)

wlp2s0: Setting scan request: 0.100000 sec

   ...cut...

```

----------

## eNca

 *khayyam wrote:*   

> 
> 
> @eNca ... please try with another kernel (what version is the above?) and see if the same happens. As for wpa_supplicant.conf you will need TLS.
> 
> 

 

I'm running on linux kernel 4.4.39 (sys-kernel/gentoo-sources). I have tried 4.4.26 with the same result.

 *Quote:*   

> 
> 
> ```
> network={
> 
> ...

 

I have no "cert.pem". I don't need it when I'm using the same wifi network from MacOS.

Is it really required for linux if it is not required for MacOS?

----------

## khayyam

 *eNca wrote:*   

>  *khayyam wrote:*   @eNca ... please try with another kernel (what version is the above?) and see if the same happens. 
> 
> I'm running on linux kernel 4.4.39 (sys-kernel/gentoo-sources). I have tried 4.4.26 with the same result.

 

eNca ... in which case try with 4.8.17, or 4.9.4, if its reproducable with these then it means its not yet fixed (or backported), and so you would need to report it upstream.

 *Quote:*   

> I have no "cert.pem". I don't need it when I'm using the same wifi network from MacOS.
> 
> Is it really required for linux if it is not required for MacOS?

 

All hosts will have certificates in order to do https, tls, etc. I'm not sure who the certificate authority will be for your work domain but you should find a .pem under /etc/certs ... or ask your network admin.

best ... khay

----------

## eNca

 *khayyam wrote:*   

> 
> 
> eNca ... in which case try with 4.8.17, or 4.9.4, if its reproducable with these then it means its not yet fixed (or backported), and so you would need to report it upstream.
> 
> 

 

@khayyam ... I have tried it with 4.9.4 with the same result - deauthentication right after successul authentication.

So I will try to report this problem to wpa_supplicant mailing list.

Thanks for your help

----------

## khayyam

 *eNca wrote:*   

> @khayyam ... I have tried it with 4.9.4 with the same result - deauthentication right after successul authentication.

 

eNca ... "reason 0" could mean anything in this case, if your kernel is segfaulting then I wouldn't trust what wpa_supplicant is saying.

 *eNca wrote:*   

> So I will try to report this problem to wpa_supplicant mailing list.

 

It doesn't seem to be a wpa_supplicant issue, as I said above, it might trigger the issue but it is cfg80211 that seems to be the culprit. That is why I asked if you'd tried various kernels, it means that its probably not a known bug, so really it needs reported to LKML.

 *eNca wrote:*   

> Thanks for your help

 

You're welcome ... & best ... khay

----------

