611024 – Can't connect to network using WPA2-EAP

Bug 611024 - Can't connect to network using WPA2-EAP

Summary: Can't connect to network using WPA2-EAP

Status:	RESOLVED DUPLICATE of bug 601501

Alias:	None

Product:	openSUSE 11.3
Classification:	openSUSE
Component:	Network (show other bugs)
Version:	Milestone 7
Hardware:	i686 Other

Priority:	P5 - None Severity: Critical (vote)
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2010-06-02 16:09 UTC by Andrew Jorgensen
Modified:	2010-06-02 18:39 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Fix fallback from failed PMKSA caching into full EAP authentication (1.75 KB, patch) 2010-06-02 18:16 UTC, Andrew Jorgensen	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Jorgensen 2010-06-02 16:09:59 UTC

Found this while testing milestone 7 here at work (Novell Provo Campus): When I try to connect to the "Novell" network using PEAP / MSCHAPv2:

WPA: Failed to get master session key from EAPOL state machines
WPA: Key handshake aborted

It fails in this way several times and then sometimes will connect eventually but usually times will not.

This system uses the ath5k driver.

Comment 1 Andrew Jorgensen 2010-06-02 16:59:50 UTC

Just tried on another box, this one using iwl3945, with the same result (except that I have not as yet been able to make it connect at all).

It should be noted that the settings (PEAP / MSCHAPv2) where gleaned from an authenticated windows host, so they are known to be correct.

Fedora 13 also connects correctly.  It has wpa_supplicant 0.6.8.  The latest stable version right now is 0.6.10.  11.2 had 0.6.9.  11.3 has 0.7.1 (a development version).  We may want to revert to 0.6.10?  It does seem a bad idea to use a development version of a security tool.

I manually installed the wpa_supplicant from 11.2 and was able to connect immediately.  Please consider reverting to the stable version of wpa_supplicant for 11.3.

Comment 2 Andrew Jorgensen 2010-06-02 17:35:41 UTC

Scratch 0.6.10, it fails in the same way.  The last version that works is 0.6.9.  I'll have a look at the changes and see if I can't determine what went wrong but I am not expert in this area (not even close).  If someone at SUSE is a wpa_supplicant hacker I would really appreciate some help.

Comment 3 Andrew Jorgensen 2010-06-02 17:36:58 UTC

Another thing I'm noticing that happens sometimes is that wpa_supplicant will actually connect but somehow NM doesn't see that it succeeded.  There may be some communications problems there.

Comment 4 Andrew Jorgensen 2010-06-02 18:16:44 UTC

Created attachment 366481 [details]
Fix fallback from failed PMKSA caching into full EAP authentication

Pulled this out of the wpa_supplicant git tree (post 0.6.10, on the 0.6 branch).  With this patch I connect every time without fail.  I'm sure there's a similar patch on the 0.7 branch.

Comment 5 Andrew Jorgensen 2010-06-02 18:39:40 UTC

Ah, duplicate, and already patched in the "hardware" project.

*** This bug has been marked as a duplicate of bug 601501 ***