I'm having trouble completing an enterprise wireless connection. The RADIUS server log contains error codes indicating "no such user". I've got a few snippets of information about what is appearing in the RADIUS server logs from the enterprise wifi admin: "Use Windows authentication for all users" (this phrase shows up verbatim in the logs) "4136,3,4142,8" indicates rejection reason is "no such user". Docs: https://technet.microsoft.com/en-us/library/dd197432(v=ws.10).aspx The client is a 64-bit Ubuntu 14.04.4 LTS server with the wpasupplicant package version 2.1-0ubuntu1 installed. I also tried an Ubuntu 16.04 LTS desktop with a more recent wpasupplicant package (2.4 if I recall correctly) but it had the same "no such user" problem server-side. There are many Windows clients that are able to connect to the network without problems. Client side I see many kernel messages like these (ap MAC redacted): [ 4569.552056] wlan1: send auth to 00:00:00:00:00:00 (try 1/3) [ 4569.553037] wlan1: authenticated [ 4569.553824] wlan1: associate with 00:00:00:00:00:00 (try 1/3) [ 4569.757832] wlan1: associate with 00:00:00:00:00:00 (try 2/3) [ 4569.961813] wlan1: associate with 00:00:00:00:00:00 (try 3/3) [ 4570.165774] wlan1: association with 00:00:00:00:00:00 timed out Here's the /etc/wpa_supplicant.conf file I'm trying (latest version -- I've tried many different configurations): ctrl_interface=/var/run/wpa_supplicant network={ ssid="THEIRSSID" scan_ssid=1 key_mgmt=IEEE8021X eap=TLS identity="ubuntu.wifi.local.place" ca_cert="/opt/wifi/root.crt" client_cert="/opt/wifi/client.pem" private_key="/opt/wifi/encrypted.key" private_key_passwd="(REDACTED)" eapol_flags=3 } Does that config file look more or less reasonable? Given the "no such user" error, should I suspect an invalid setting for the "identity" config option? Does it look more or less sane, or should it perhaps be something more like "BLAH\ubuntu.guest.domain.name"? Sorry, I don't have much experience with Windows, but I recall names looking more like that on Windows networks. I created the files in /opt/wifi/ by extracting them with openssl from a ".pfx" file the admin provided. I'll confirm with the enterprise wifi admin tomorrow, but I think what they gave me in that file is: 1. private key (they provided the password separately) 2. client cert 3. intermediate cert 4. root cert As for the files mentioned in my wpa_supplicant.conf: * /opt/wifi/root.crt contains the root cert * /opt/wifi/client.pem contains the client cert * /opt/wifi/encrypted.key contains the private key * I wasn't sure what to do with the intermediate cert Should I work in the intermediate cert somewhere? Where? How do I verify I did so properly? Before I sent this mail I searched the mailing lists a bunch with queries like this: site:lists.infradead.org inurl:hostap wpa_supplicant.conf eap tls cert but I [clearly] haven't found the solution yet. Thank you, -Adam _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
