Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook Pro

Questions about cabled networking
Forum rules
Before you post please read this

Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook Pro

Postby RonRafajko on Tue Dec 10, 2013 12:54 pm

Dual booting Linux Mint 16 on a MacBook Pro (silver).
Recently upgraded Mint from 11 to 16. LAN authentication worked fine with 11 (WAN did not), now LAN fails with PEAP / MSCHAPv2 authentication but WAN works with WPA2 (fails with WAN PEAP / MSCHAPv2). LAN and WAN work at home (LAN is not using security).
Patches are up to date.
I am running the "Broadcom Corporation: AirPort Extreme" driver in the Device Manager Administrative app.
I know the NIC works, same PEAP / MSCHAPv2 authentication in Mac OS boot works fine for the LAN.
I captured the login with Wireshark but could not find the problem
802.1x authentication login window keeps poping up.
Not sure if the error is logged somewhere.

Thanks!
Attachments
authentication failure.zip
Wireshark capture of failed PEAP / MSCHAPv2 authentication vis LAN.
(3.85 KiB) Downloaded 24 times
RonRafajko
Level 1
Level 1
 
Posts: 5
Joined: Fri Aug 16, 2013 1:14 pm

Linux Mint is funded by ads and donations.
 

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby RonRafajko on Thu Dec 12, 2013 1:51 pm

Could it be related to Ubuntu bug "Network manager cannot connect to WPA2/PEAP/MSCHAPv2 network without CA_Certificate" found at https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1104476?

My SysLog for the login attempt:

Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Auto-activating connection 'My Company'.
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) starting connection 'My Company'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0): device state change: disconnected -> prepare (reason 'none') [30 40 0]
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled...
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) started...
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) scheduled...
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) complete.
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) starting...
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0): device state change: prepare -> config (reason 'none') [40 50 0]
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0/wired): connection 'My Company' requires no security. No secrets needed.
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Activation (eth0) Stage 2 of 5 (Device Configure) complete.
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0) supports 0 scan SSIDs
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <warn> Trying to remove a non-existant call id.
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0): supplicant interface state: starting -> ready
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'password' value '<omitted>'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'key_mgmt' value 'IEEE8021X'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'eapol_flags' value '0'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'eap' value 'PEAP'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'fragment_size' value '1300'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'phase2' value 'auth=MSCHAPV2'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'ca_path' value '/etc/ssl/certs'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'ca_path2' value '/etc/ssl/certs'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: added 'identity' value 'ronrafajko'
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0): supplicant interface state: ready -> inactive
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0) supports 0 scan SSIDs
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> Config: set interface ap_scan to 0
Dec 12 10:44:28 LinuxMint16 wpa_supplicant[850]: eth0: Associated with 01:80:c2:00:00:03
Dec 12 10:44:28 LinuxMint16 NetworkManager[835]: <info> (eth0): supplicant interface state: inactive -> associated
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: eth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: eth0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: TLS: Certificate verification failed, error 19 (self signed certificate in certificate chain) depth 1 for '/C=US/ST=Utah/L=Orem/O=My Company, Inc./OU=Operations/CN=My Company, Inc. Corporate Certificate Authority/emailAddress=operations@My Company.com'
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: eth1: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=US/ST=Utah/L=Orem/O=My Company, Inc./OU=Operations/CN=My Company, Inc. Corporate Certificate Authority/emailAddress=operations@My Company.com' err='self signed certificate in certificate chain'
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
Dec 12 10:44:29 LinuxMint16 wpa_supplicant[850]: OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Dec 12 10:44:31 LinuxMint16 wpa_supplicant[850]: eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Dec 12 10:44:53 LinuxMint16 NetworkManager[835]: <warn> Activation (eth0/wired): association took too long.
Dec 12 10:44:53 LinuxMint16 NetworkManager[835]: <info> (eth0): device state change: config -> need-auth (reason 'none') [50 60 0]

My MAC for eth0 is 3C:07:54:61:F5:47
wireless is 68:A8:6D:27:5B:4C
RonRafajko
Level 1
Level 1
 
Posts: 5
Joined: Fri Aug 16, 2013 1:14 pm

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby RonRafajko on Fri Dec 27, 2013 6:20 pm

No ideas?

When I run "certutil -K" I get "SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format"

Is that important?

Thanks!
RonRafajko
Level 1
Level 1
 
Posts: 5
Joined: Fri Aug 16, 2013 1:14 pm

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby RonRafajko on Mon Jan 06, 2014 11:18 am

201 views and no one has an idea how to fix this?
RonRafajko
Level 1
Level 1
 
Posts: 5
Joined: Fri Aug 16, 2013 1:14 pm

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby black_pignouf on Thu Feb 13, 2014 10:39 am

This might be related:
https://bugs.launchpad.net/linuxmint/+bug/1187483/comments/3
I found a workaround for my network, also working for eduroam.
Here illustrated with eduroam.
1) configure your network properly with the network manager, it will fail to authenticate
2) run the following in order to edit as root
sudo gedit /etc/NetworkManager/system-connections/eduroam
(replace eduroam by your network)
3) in the editor replace "system-ca-certs=true" by "system-ca-certs=false" (or even just remove the line)
4) reconnect using the network manager, and it should work
I hope this helps.
black_pignouf
Level 1
Level 1
 
Posts: 1
Joined: Thu Feb 13, 2014 10:37 am

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby leadpan on Thu Feb 27, 2014 6:37 pm

THAT FIXED IT!
Thanks.
leadpan
Level 1
Level 1
 
Posts: 1
Joined: Tue Jan 22, 2008 2:13 pm

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby gunalmel on Fri Mar 21, 2014 12:55 pm

I was using a cinnamon installation (ver 16) and installing gnome-keyring which was not installed fixed the issue of network manager not saving password. I have a Thinkpad T510 and was using WPA2 with PEAP
gunalmel
Level 1
Level 1
 
Posts: 3
Joined: Wed Jan 02, 2013 2:17 am

Re: Linux Mint 16 PEAP MSCHAPv2 LAN auth failing on MacBook

Postby RonRafajko on Thu Mar 27, 2014 10:46 am

black_pignouf wrote:This might be related:
https://bugs.launchpad.net/linuxmint/+bug/1187483/comments/3
I found a workaround for my network, also working for eduroam.
Here illustrated with eduroam.
1) configure your network properly with the network manager, it will fail to authenticate
2) run the following in order to edit as root
sudo gedit /etc/NetworkManager/system-connections/eduroam
(replace eduroam by your network)
3) in the editor replace "system-ca-certs=true" by "system-ca-certs=false" (or even just remove the line)
4) reconnect using the network manager, and it should work
I hope this helps.



black_pignouf:
I can see in /etc/NetworkManager/system-connections multiple binary files the system created for different connections. Some of the SSIDs have spaces in the name so I cannot edit the file in a text editor.
According to http://askubuntu.com/questions/368560/w ... ions-files the files are not meant to be edited by us. They are changed by the Network Manager tool.
I cannot find a setting that says don't ask for a cert.
Thanks!
RonRafajko
Level 1
Level 1
 
Posts: 5
Joined: Fri Aug 16, 2013 1:14 pm

Linux Mint is funded by ads and donations.
 

Return to Ethernet

Who is online

Users browsing this forum: No registered users and 2 guests