# [SOLVED] wpa_supplicant-2.6-r1 and EAP/MSCHAPV2 = no joy

## rburcham

Hi.  I'm the guy that uses networkmanager to connect his wifi and every so often runs into trouble.  You might remember me from such hits as

https://forums.gentoo.org/viewtopic-t-1048614-highlight-.html

Hardware kernel and driver have remained constant for some time,

 *Quote:*   

> 
> 
> 4.6.3-gentoo
> 
> 

 

 *Quote:*   

> 
> 
> # modinfo 8192cu
> 
> filename:       /lib/modules/4.6.3-gentoo/kernel/drivers/net/wireless/8192cu.ko
> ...

 

 *Quote:*   

> 
> 
> ASUSTek Computer, Inc. USB-N13 802.11n Network Adapter (rev. B1) [Realtek RTL8192CU]
> 
> 

 

But it's worth noting that when they have changed in the past the networkmanager behavior has also remained consistent (when dealing with a nm ver <= 1.08 it works, when it doesn't it doesn't, at least until I roll back nm).

It seems that networkmanager > 1.08 simply fails to successfully authenticate/associate to EAP with MSCHAPv2.  At least I can't get it to work on the command line or via wpa_cli, wpa_gui, plasma-nm, anything.  I don't experience any trouble connecting to SSIDs with WPA-PSK or no auth.

Here's what it's doing:

```

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8700] device (wlan1): Activation: starting connection 'MY-SSID' (394444ce-ca05-42a1-8c48-3dd53981536b)

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8701] audit: op="connection-activate" uuid="394444ce-ca05-42a1-8c48-3dd00000000b" name="MY-SSID" pid=10815 uid=1000 result="success"

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8702] device (wlan1): state change: disconnected -> prepare (reason 'none') [30 40 0]

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8704] manager: NetworkManager state is now CONNECTING

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8711] device (wlan1): state change: prepare -> config (reason 'none') [40 50 0]

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8713] device (wlan1): Activation: (wifi) access point 'MY-SSID' has security, but secrets are required.

Feb 20 18:09:51 roblt3 NetworkManager[10347]: <info>  [1487635791.8713] device (wlan1): state change: config -> need-auth (reason 'none') [50 60 0]

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7121] device (wlan1): state change: need-auth -> prepare (reason 'none') [60 40 0]

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7127] device (wlan1): state change: prepare -> config (reason 'none') [40 50 0]

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7129] device (wlan1): Activation: (wifi) connection 'MY-SSID' has security, and secrets exist.  No new secrets needed.

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7130] Config: added 'ssid' value 'MY-SSID'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7130] Config: added 'scan_ssid' value '1'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7130] Config: added 'key_mgmt' value 'WPA-EAP'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7130] Config: added 'password' value '<omitted>'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7130] Config: added 'eap' value 'PEAP'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7131] Config: added 'fragment_size' value '1266'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7131] Config: added 'phase2' value 'auth=MSCHAPV2'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7131] Config: added 'identity' value 'rburcham'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7131] Config: added 'bgscan' value 'simple:30:-65:300'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7131] Config: added 'proactive_key_caching' value '1'

Feb 20 18:09:57 roblt3 NetworkManager[10347]: <info>  [1487635797.7156] sup-iface[0x21fc0a0,wlan1]: config: set interface ap_scan to 1

Feb 20 18:09:58 roblt3 NetworkManager[10347]: <info>  [1487635798.1206] device (wlan1): supplicant interface state: disconnected -> scanning

Feb 20 18:09:59 roblt3 NetworkManager[10347]: <info>  [1487635799.2575] device (wlan1): supplicant interface state: scanning -> associating

Feb 20 18:09:59 roblt3 NetworkManager[10347]: <info>  [1487635799.3286] device (wlan1): supplicant interface state: associating -> associated

Feb 20 18:10:01 roblt3 kernel: rtw_wx_set_mlme

Feb 20 18:10:01 roblt3 kernel: rtw_wx_set_mlme, cmd=0, reason=3

Feb 20 18:10:01 roblt3 NetworkManager[10347]: <warn>  [1487635801.3586] sup-iface[0x21fc0a0,wlan1]: connection disconnected (reason -3)

Feb 20 18:10:01 roblt3 NetworkManager[10347]: <info>  [1487635801.3588] device (wlan1): supplicant interface state: associated -> disconnected

Feb 20 18:10:01 roblt3 cron[3295]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)

Feb 20 18:10:01 roblt3 cron[3294]: (root) CMD (/usr/lib64/sa/sa1 1 1)

Feb 20 18:10:02 roblt3 NetworkManager[10347]: <info>  [1487635802.5301] device (wlan1): supplicant interface state: disconnected -> scanning

```

There seems to be an association at 18:09:59, but then an instant disconnection 2 seconds later.  Does anyone know the secret to getting nm to stick the landing with EAP/MSCHAPv2?Last edited by rburcham on Wed Feb 22, 2017 4:05 am; edited 1 time in total

----------

## turtles

I had a similar issue this AM after deep world update even wired ethernet did not work. I recompiled my kernel and that took care of it.

Hope that helps

----------

## rburcham

Hmm, see for me it's just EAP/MSCHAPv2.  Other wireless auth is working.  

Did you use same kernel ver or new one?

----------

## rburcham

Turns out it's wpa_supplicant-2.6 and 2.6-r1.  They both fail to authenticate with EAP/MSCHAPV2.

Of course earlier version of wpa_supplicant have been removed from portage, but on a hunch I went to the effort of recovering wpa_supplicant-2.5-r1 ebuild and files from here:

https://gitweb.gentoo.org/repo/gentoo.git/tree/net-wireless/wpa_supplicant?id=7304a9f3c5386be6a3e81f370b0cbe5cbba654ae

and put them in a portdir overlay.  I then rolled back to that version and all of a sudden EAP/MSCHAPV2 works again!  So I'm masking >wpa_supplicant-2.5-r1 until this gets resolved upstream.

In the meantime, how does one petition to get 2.5-r1 restored to portage proper?

----------

## jburns

The bug report Bug 596368 - net-wireless/wpa_supplicant-2.6 breaks NetworkManager WiFi  comment 3 or comment 6 may have a solution.

----------

## turtles

Wow very interesting.  4.6.3-gentoo  is pretty old can you update to 4.7 at least?

And post or Pastbin your emerge --info

----------

## rburcham

@jburns yes!  I saw that bug last year some time when I was dealing with plasma-qt's inability to store profiles or provide password credentials to wpa_supplicant.  In fact even the latest version today still cannot pass credentials if you set the config to "Always Ask."  You have to store the password in the profile for it to work.

The failures as I describe them apply to both the kernel driver and the external driver.  I will say though that both drivers fail to commit mac address changes to the device.  Using any method, e.g. maccchanger, ip, etc. they all report success but when you examine the device again it still reports the original mac.  I believe it was this bug that pointed me at disabling the mac randomization sometime last year.

@turtles  Yes I have a kernel upgrade in my near future.  I'm on a 2012 macbook pro retina 15 with nvidia, and I have to drive external monitors so I am using the nvidia blob, and finding healthy kernel/nvidia-drivers combos is an experiment.  What's interesting is the most recent nvidia blob seems to be playing nicely with efifb again, whereas in prior versions for about the past year it would flake out with a blank screen about half the time.  But that's a story for another thread.

----------

