Bugzilla – Bug 134238
NetworkManager does not support WPA-Enterprise
Last modified: 2006-02-28 15:36:38 UTC
I cannot enable Enterprise-WPA with network manager. Here is what i have done: -install alpha3 -install ipw-firmware -yast2, network devices, select ipw2200, click "handled by network manager" -rcnetworkmanager restart, because networkmanager was gone after yast was finished -nm-applet -click the icon in the systray - connect to other wireless network - enter the essid (is hidden by accesspoint) - check "connect with encryption enabled" - i can only enter a passphrase, but cannot enter certificates etc. needed for WPA-EAP.
NM currently does not support WPA. Support is in-the-works.
Please have a look at feature ID 100140 when implementing Enterprise-WPA in NM. IMHO NM should ask for some credentials (e.g. username and password) when a user tries to connect to an Enterpwise-WPA secured network.
i have heard rumours that this won't make it into 10.1. Without WPA-PSK and enterprise-WPA we cannot use any wireless at all here, and cannot test even the simplest functionality so this would probably a mega-blocker. Taking PM and responsible persons into cc:
nothing changed with alpha3+
*** Bug 141292 has been marked as a duplicate of this bug. ***
Checked in 0.5.1cvs20060112, which adds both WPA-1 and WPA-2 (WPA Personal and WPA Enterprise). Tested and works. Closing bug as resolved. If specific problems arise, please file new specific bugs.
I think there is a slight misunderstanding of what "Enterprise WPA" is. Enterprise-WPA is not WPA-PSK. A good introduction is available in /usr/share/doc/packages/wpa_supplicant/README Besides: i also could not get WPA-PSK to work, will attach the logfile.
Created attachment 63175 [details] /var/log/messages This is the logfile from my WPA-PSK tests. I tested it together with Christian and we tried all possible settings in nm-applet, including CCMP/TKIP variants and "WPA-2" but we could not get a connection to the wpa-psk enabled access point.
the package i used was a mbuild of NetworkManager-0.5.1cvs20060112-1
This is with an ipw2200? You tried WPA-1 + TKIP and it did not work? The log only shows CCMP (AES).
seife: I just checked in an updated NM (not yet built) that might help you out. Can you retest and let me know? Let's just try WPA-1 + TKIP for now, to make things simple.
i'll test tomorrow morning, deckel has enabled our access point for wpa-1/tkip a minute ago (was ccmp only before iiuc), but i have to catch my ride home now. We did not see anything obviously wrong in the log (deckel is my WPA-god and he also did not spot anything obvious :-)
I forgot: yes, this is ipw2200 and this machine can take ages to scan / associate, also with the old setup. Something i have to investigate separately.
I have heard that ipw2200 takes a long time. I bumped the timeout up to 90s (from only 10s!) in this newer version. I think, looking at the log, it is just a timeout issue. It should work. Maybe we need to try even longer. But WPA-1+TKIP should not take too long. Let's see if 90s works. It should! Danke!
Ack, wait! I'll need to rebuild this tomorrow, the rebuild messed up and the timeout is still 10s. I will update this once it is rebuilt.
Alright, sorry about that! ;-) Submitted 0.5.1cvs20060113. Check it out and let me know.
We configured our wireless system for different ciphers: TKIP only (for pairwise and group), CCMP only (for pairwise and group) and mixed TKIP/CCMP. The first two worked when setting the coresponding ciphers in the NM applet. The third one didn´t work because our WPA system didn´t accept CCMP as group cipher when TKIP is used for pairwise cipher. I think wpa_supplicant will choose the right ciphers automatically. It also selected WPA2 automatically when available. So, what is the reason for forcing the wpa_supplicant to specific ciphers. Proposal: Don´t specify the cipher types per default. Expert options can be provided but should not be necessary under normal circumstances.
to elaborate more on this: - i used the latest NM and tools: NetworkManager-0.5.1cvs20060116-2 NetworkManager-kde-0.1-7 NetworkManager-gnome-0.5.1cvs20060116-2 - it works fine with WPA1 and TKIP-only - it works fine with WPA2 and CCMP-only - it probably also works fine with WPA1 and CCMP-only Caveats: - i explicitly had to select "use WPA2" for the WPA2/CCMP-only case, otherwise it did not work (could still be a timeout problem with ipw2200, but i doubt it) It does not work with "mixed" TKIP/CCMP setups. Reason: - NM always sets "group" and "pairwise" ciphers identically. - In mixed setups, "group" has to be set to the lowest common denominator, which is TKIP => selecting "CCMP" cannot work in a mixed setup. AFAIR i never configured anything like that for the old sysconfig method; this is one of my old configs (without the IPs and the empty variables): BOOTPROTO='static' STARTMODE='auto' USERCONTROL='yes' WIRELESS_AUTH_MODE='psk' WIRELESS_BITRATE='auto' WIRELESS_DEFAULT_KEY='0' WIRELESS_ESSID='my-essid' WIRELESS_KEY_LENGTH='128' WIRELESS_MODE='Managed' WIRELESS_POWER='yes' WIRELESS_WPA_PSK='my-very-long-wpa-passphrase-that-is-very-secure' PERSISTENT_NAME='air' WIRELESS='yes' which leads to the following config file: seife@strolchi:/tmp> cat wpa_supplicant-air.conf ctrl_interface=/var/run/wpa_supplicant network={ scan_ssid=1 ssid="my-essid" key_mgmt=WPA-PSK psk="my-very-long-wpa-passphrase-that-is-very-secure" } which seems to work reasonably well; wpa_supplicant figures out everything by himself.
Submitted 0.5.1cvs20060117.
latest build still does Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'INTERFACE_ADD air wext /var/run/wpa_supplicant ' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'AP_SCAN 2' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'ADD_NETWORK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was '0 ' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'SET_NETWORK 0 ssid "seifenschachtel"' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'SET_NETWORK 0 proto WPA' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'SET_NETWORK 0 key_mgmt WPA-PSK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'SET_NETWORK 0 psk FOOBAR Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'SET_NETWORK 0 pairwise TKIP' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'SET_NETWORK 0 group TKIP' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: sending command 'ENABLE_NETWORK 0' Jan 20 23:51:58 strolchi NetworkManager: <information> SUP: response was 'OK' Jan 20 23:51:58 strolchi NetworkManager: <information> Activation (air) Stage 2 (Device Configure) complete. so it is not fixed...
Seife, is the bug here that WPA-Enterprise is not implemented, or are you additionally reporting another problem? If so, exactly what? What driver? Thanks.
I guess the bug consists of two problems. The first is that WPA Enterprise is not implemented. The second ist that NM doesn´t work with WPA Mixed Mode (pairwise:CCMP, group:TKIP) setups. How about chaning NM to not specify the cipher types per default? I guess this would work and make the user experience (no configuration needed)better.
Alright. I checked in support for automatic cipher calculation (select "Automatic" in the UI). This will let pair/group mismatch networks work flawlessly. I am changing the summary to note just the remaining WPA Enterprise issue.
WPA Enterprise submitted to autobuild. See package 0.5.1cvs20060227.
Package is in beta 6.