Summary: | net-wireless/wpa_supplicant-0.6.4 fails to authenticate when built with gnutls | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Christopher Head <bugs> |
Component: | Current packages | Assignee: | Mobile Herd (OBSOLETE) <mobile+disabled> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | chaujc, pesa |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Christopher Head
2009-03-24 17:25:29 UTC
This may be related to bug #263589. Post your emerge --info and gnutls version please. Btw, wpa_supplicant-0.6.8 and 0.6.9 built with USE=gnutls are working fine for me. # emerge --info Portage 2.1.6.7 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.8_p20080602-r1, 2.6.28-hardened-r7 i686) ================================================================= System uname: Linux-2.6.28-hardened-r7-i686-Intel-R-_Pentium-R-_M_processor_1.70GHz-with-glibc2.0 Timestamp of tree: Sun, 05 Apr 2009 20:15:01 +0000 app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.5.2-r7 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium-m -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium-m -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.chem.wisc.edu/gentoo ftp://gentoo.arcticnetwork.ca/pub/gentoo ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo" LANG="en_CA.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en en_CA" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/usr/portage/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync21.us.gentoo.org/gentoo-portage" USE="X a52 alsa bzip2 cairo caps cdda cddb cdio cgi cli cups dri dvd firefox flac gif gimp glibc-omitfp gmp gnutls gtk hpn isdnlog java jce joystick jpeg kdehiddenvisibility libsamplerate midi mikmod mmx mp3 mpeg multiuser ncurses nls nptl nptlonly nsplugin ntfs offensive ogg opengl pam pdf pg-intdatetime pic plotutils png pppd qq readline reflection replytolist scanner scenarios session sockets spell spl sse sse2 svg symlink sysfs theora timidity truetype unicode usb vim-syntax vorbis win32codecs x86 xcb xinerama xorg xulrunner xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard synaptics wacom" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_CA" USERLAND="GNU" VIDEO_CARDS="intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS net-libs/gnutls-2.6.4 dev-libs/libgcrypt-1.4.4 Doesn't sound like it's #263589 because I use -O2 in CFLAGS and running "FEATURES=test emerge -1 libgcrypt" shows all selftests passing. I can try to get more information about the network being connected to (if you can tell me what to run to do so), but it'll take some time as I'm not in the area every day. You should try a more recent version of wpa_supplicant, see bug #246117 for updated ebuilds. Version 0.6.4 is considered experimental by upstream and imho it shouldn't have ever been marked stable. I'm not sure if my problem is caused by the gnutls use flag as this bug claims, but I think I have the same/a similar problem. For now, I masked 0.6.4, which has been unable to reliably connect to Boston University's 802.1x authenticated wireless network; it may take over 20 minutes of failed attempts before wpa_supplicant can get me connected. On the other hand, 0.5.7, to which I had to downgrade, is able to connect almost immediately and without errors. Below are the relevant sections from my wpa_supplicant.conf (with confidential login info and apparently unrelated network blocks altered/removed): ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel eapol_version=2 ap_scan=1 network={ ssid="BU (802.1x)" priority=15 key_mgmt=WPA-EAP # Either TTLS or PEAP may be used for phase 1 (outer authentication). # From examples and through trials, know that MSCHAPV2 does not need # to be here even though it will be used later. eap=TTLS PEAP identity="username-redacted" password="password-redacted" # The "autheap" is for TTLS and the "auth" is for PEAP. For both, # MSCHAPV2 need to be used for phase 2 (inner authentication). phase2="autheap=MSCHAPV2 auth=MSCHAPV2" } I have not yet tried to connect with version 0.6.4 without the gnutls use flag. I'll try this after I finish my work for the semester or when I have free time. Below is my current emerge --info: Portage 2.1.6.7 (default/linux/x86/2008.0, gcc-4.3.2, glibc-2.8_p20080602-r1, 2.6.28-gentoo-r5-2009Apr24 i686) ================================================================= System uname: Linux-2.6.28-gentoo-r5-2009Apr24-i686-Intel-R-_Pentium-R-_M_processor_1.73GHz-with-glibc2.0 Timestamp of tree: Fri, 24 Apr 2009 01:45:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7-r1, 2.1.7 dev-lang/python: 2.5.4-r2 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.2-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.4_p6, 1.5, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium-m -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=pentium-m -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://www.gtlib.gatech.edu/pub/gentoo http://gentoo.mirrors.pair.com/ http://gentoo.netnitco.net http://open-systems.ufl.edu/mirrors/gentoo http://gentoo.mirrors.tds.net/gentoo ftp://mirror.datapipe.net/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LDFLAGS="-Wl,-O1" LINGUAS="en_US en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa bash-completion berkdb bluetooth bzip2 cairo caps cdparanoia cjk cli cracklib crypt cups dbus dell directfb divx dri dts dvb dvd eap-tls emacs encode exif fbcon ffmpeg flac fortran ftp gd gdbm gif gmedia gnutls gpm gstreamer gtk hal hardened iconv ipv6 isdnlog java javascript jpeg jpeg2k laptop libcaca logrotate lzo mad mailwrapper matroska mbrola midi mmx mmxext mp3 mpeg mudflap ncurses nls nptl nptlonly ogg openal opengl openmp pam pcmcia pcre pdf perl png ppds pppd prediction preview-latex python qt3support qt4 quicktime readline realmedia reflection samba scanner sdl session socks5 sound spell spl sse sse2 ssl svg sysfs tcpd theora threads tiff tk truetype unicode usb v4l v4l2 vcd vlm vorbis wifi win32codecs wmf wmp wxwindows x86 xinerama xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="ptp2" ELIBC="glibc" INPUT_DEVICES="evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en_US en" USERLAND="GNU" VIDEO_CARDS="intel" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS In case this helps, below is an email I sent to the University's LUG about this problem back in February 12, 2009. I received one reply from someone claiming that wpa-supplicant 0.6.4 works without problems for them on Fedora 10. In the process of furiously tweaking & reverting my configs, I noticed (through my wpa_gui window) that it somehow managed to connect and get an IP address. I ran a diff against my original wpa_supplicant.conf and realized that it was the same. In disbelief, I disconnected & reconnected & it still worked. Then I removed the debug flags from my /etc/conf.d/net for wpa_supplicant. Restart, & it gives me the same old CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected CTRL-EVENT-EAP-FAILURE EAP authentication failed Since I strongly doubted that increasing the debug verbosity solved my problem, I decided to leave it running. Pages of the above message continued to appear. Sure enough, after a painfully long wait (long enough that it will probably be faster for me to go home, take a nap, grab a Ethernet cable & return to where I am), it was able to connect and acquire an DHCP lease. WPA: Key negotiation completed with 00:1b:d5:c9:6a:e2 [PTK=CCMP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to 00:1b:d5:c9:6a:e2 completed (reauth) [id=2 id_str=] So I downgraded back to 0.5.7 (the version I was using before), which is much faster in connecting (a few seconds), but has a worse wpa_gui interface than 0.6.4. I want to file a bug report so that this will get fixed, but I'm not sure what to report. I don't know what the problem is; nobody else online (that I can find) appears to have a similar problem; I don't know whether it's my configuration problem, the server's problem, or wpa_supplicant's problem; I don't even know what RADIUS server BU's using. Ryan, if you have time, can you try upgrading your wpa_supplicant to 0.6.4 to see whether it's just my computer? Anyone else who uses wpa_supplicant, please reply with its version number, your OS/distro, and whether it still works (you can get this with the following command): wpa_supplicant -v Thanks! I had problems with 0.6.4 too, when connecting to my university's wifi network (PEAP-MSCHAPv2). Newer versions work fine though. Jimmy, could you try the latest 0.6.9 in portage? (In reply to comment #8) Thanks, Davide. 0.6.9 works for me. I think marking this bug as fixed would be appropriate. IMHO wpa_supplicant-0.6.9 should be stabilized ASAP, it fixes a great number of bugs affecting current stable (0.6.4, considered experimental by upstream!) 0.6.9 works for me. |