9:43 p.m.
Hello, I can't get iwd to connect to a 802.1x (university) network.
$ cat /var/lib/iwd/eduroam.8021x
[Security]
EAP-Method=PEAP
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xxx
EAP-PEAP-Phase2-Password=xxx
produces following iwd output (started on console)
""
Wiphy: 0, Name: phy0
Permanent Address: 64:6c:80:ed:91:b9
Bands: 2.4 GHz 5 GHz
Ciphers: CCMP TKIP BIP
Supported iftypes: ad-hoc station ap p2p-client p2p-go
p2p-device
EAP server tried method 25 while client was configured for method 26
PEAP: Tunnel has disconnected with alert: close_notify
""
I'm out of idead what method 25 vs. method 26 is, both are MS something,
and it really should be PEAP/MSCHAPV2 at least thats what always works
on all other configurations.
Network Manager in background, debian bullseye,
cat /proc/version
Linux version 5.10.0-14-amd64 (debian-kernel(a)lists.debian.org) (gcc-10
(Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian)
2.35.2) #1 SMP Debian 5.10.113-1 (2022-04-29)
/usr/libexec/iwd --version
1.14
Kind regards, Axel
6:25 a.m.
New subject: EAP server tried method 25 while client was configured for method
26
Hi Axel,
On 5/12/22 06:43, Axel Kittenberger wrote:
Hello, I can't get iwd to connect to a 802.1x (university)
network.
$ cat /var/lib/iwd/eduroam.8021x
[Security]
EAP-Method=PEAP
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=xxx
EAP-PEAP-Phase2-Password=xxx
This configuration looks pretty typical for a PEAP+MSCHAPv2.
produces following iwd output (started on console)
""
Wiphy: 0, Name: phy0
Permanent Address: 64:6c:80:ed:91:b9
Bands: 2.4 GHz 5 GHz
Ciphers: CCMP TKIP BIP
Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
EAP server tried method 25 while client was configured for method 26
This is very strange. We're configured for MSCHAPv2 (method=26) inside the PEAP
tunnel. It seems that the server is sending us EAP-PEAP (method=25) packets
within the tunnel, which doesn't make sense from what I remember of the protocol.
Can you run with IWD_TLS_DEBUG=1 environment variable set and share the log?
You can send it to me privately. See [1]
PEAP: Tunnel has disconnected with alert: close_notify
""
<snip>
/usr/libexec/iwd --version
1.14
Have you tried a later version of iwd? 1.14 is about a year old now.
[1] https://iwd.wiki.kernel.org/debugging#enabling_tls_debugging
Regards,
-Denis
7:27 a.m.
Hi,
On Thu, 12 May 2022 at 22:25, Denis Kenzior <denkenz(a)gmail.com> wrote:
On 5/12/22 06:43, Axel Kittenberger wrote:
> [Security]
> EAP-Method=PEAP
> EAP-PEAP-Phase2-Method=MSCHAPV2
> EAP-PEAP-Phase2-Identity=xxx
> EAP-PEAP-Phase2-Password=xxx
>
This configuration looks pretty typical for a PEAP+MSCHAPv2.
> produces following iwd output (started on console)
> ""
> Wiphy: 0, Name: phy0
> Permanent Address: 64:6c:80:ed:91:b9
> Bands: 2.4 GHz 5 GHz
> Ciphers: CCMP TKIP BIP
> Supported iftypes: ad-hoc station ap p2p-client p2p-go p2p-device
> EAP server tried method 25 while client was configured for method 26
This is very strange. We're configured for MSCHAPv2 (method=26) inside the PEAP
tunnel. It seems that the server is sending us EAP-PEAP (method=25) packets
within the tunnel, which doesn't make sense from what I remember of the protocol.
I think the Eduroam authenticator is known for non-standard behaviour
when your configuration is not exactly what it expects, and it varies
from site to site. I notice your config has no phase 1 (outer)
identity, maybe that's confusing it.
https://wiki.archlinux.org/title/Iwd#eduroam has a config example that
worked for some people.
Best regards
7:16 p.m.
New subject: EAP server tried method 25 while client was configured for method
26
This is very strange. We're configured for MSCHAPv2 (method=26)
inside the PEAP tunnel. It seems that the server is sending us
EAP-PEAP (method=25) packets within the tunnel, which doesn't make
sense from what I remember of the protocol.
Can you run with IWD_TLS_DEBUG=1 environment variable set and share
the log? You can send it to me privately. See [1]
Unfortunately I don't have access to that laptop today (it's a
coworkers), I switched my own laptop to iwd for testing, got the same
error message, but it connects nevertheless. So I guess the issue is
something else. (That laptop had some issues with the wifi driver, thats
why I switched it to iwd a year ago, since trying to get wpa supplicant
running drove me crazy, which then worked with iwd normal WPA2 networks)
Have you tried a later version of iwd? 1.14 is about a year old now.
It did compile git HEAD yesterdeay (1.24) same result.
I can provide full debug output sometimes next week
Thanks for the reply,
- Axel
128
days inactive
129
days old
3 comments
3 participants
participants (3)
-
Andrew Zaborowski -
Axel Kittenberger -
Denis Kenzior