wpa_supplicant uses MAC as username when connecting to PEAP/MSCHAPV2 network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ahoi,

I have several networks which use PEAP and MSCHAPv2 and for several
months I had lots of issues connecting to them.
Now I finally found out why I couldn't connect.

Here's my minimal config example:

# wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant
update_config=1

network={
  ssid="#somewifiname"
  key_mgmt=WPA-EAP
  eap=PEAP
  identity="someusername"
  anonymous_identity=""
  password="supersecurepassword"
  ca_cert="/etc/ssl/certs/SOMECERT.pem"
  priority=1
  phase2="auth=MSCHAPV2"
}

Note that the anonymous_identity is set to an empty String. The wifi
name starts with a "#" but this should be fine, right?
When I try to connect I get the following:

$ sudo wpa_supplicant -i wlp59s0 -c wpa_supplicant.conf
Successfully initialized wpa_supplicant
wlp59s0: SME: Trying to authenticate with 12:34:56:f8:8b:1b
(SSID='#somewifiname' freq=5500 MHz)
wlp59s0: Trying to associate with 12:34:56:f8:8b:1b
(SSID='#somewifiname' freq=5500 MHz)
wlp59s0: Associated with 12:34:56:f8:8b:1b
wlp59s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp59s0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp59s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlp59s0: Authentication with 12:34:56:f8:8b:1b timed out.
wlp59s0: CTRL-EVENT-DISCONNECTED bssid=12:34:56:f8:8b:1b reason=3
locally_generated=1
wlp59s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="#somewifiname"
auth_failures=1 duration=10 reason=AUTH_FAILED
wlp59s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="#somewifiname"
wlp59s0: SME: Trying to authenticate with 12:34:56:56:cc:29
(SSID='#somewifiname' freq=5240 MHz)
wlp59s0: Trying to associate with 12:34:56:56:cc:29
(SSID='#somewifiname' freq=5240 MHz)
wlp59s0: Associated with 12:34:56:56:cc:29
wlp59s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp59s0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp59s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlp59s0: Authentication with 12:34:56:56:cc:29 timed out.
wlp59s0: CTRL-EVENT-DISCONNECTED bssid=12:34:56:56:cc:29 reason=3
locally_generated=1
wlp59s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="#somewifiname"
auth_failures=2 duration=23 reason=AUTH_FAILED


So basically everything on my mashine is telling me that my credentials
are wrong. I checked them and everything in the config file is
perfectly fine.
I went to my Wifi admin and looked into the debug log on the access
point with him. Surprisingly my client was trying to authenticate with
the clients MAC address as the username. So the error messages about
wrong credentials are actually correct.

Now when I remove the anonymous_identity setting or simply insert a
string with any length other then 0, my client succesfully connects to
the wifi using the identity as the username for auth.

I think I found a bug here or at least a misbehaviour. An empty string
in the anonymous_identity should not lead to my MAC address being used
as my username. Or did I miss something?
If this behaviour is intended it should at least be documented cause
it's really easy to walk into this.


Some additional infos:
$ pacman -Q wpa_supplicant linux
wpa_supplicant 1:2.6-12
linux 4.18.14.arch1-1

The APs are Aruba 3xx Series.

- -- 

Greetings

Ricardo Band

 https://   www.ricardo.band
mailto:// email@xxxxxxxxxxxx
  xmpp://jabber@xxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhyzgFNiV8yZuI1T5Gp1lfQa1gg4FAlvpj0IACgkQGp1lfQa1
gg5/mA//RS2G5L5HdjeglwHXidKYqcHQeap1qL6GAdaXMqQcYzA1ya8yrbfg/PAF
qZunxOCYucvmqAHPKRdQR+WqgBlA18URBK/zsx/wS19j3H8n3eKdaRIWsMmST48F
Fmfuq/FlepLVfG40FDsvybdhiLyMDXqZ0C6LGLvhUrKEvH6lhdGYoOKtUVUbtG5r
y9aFXOddI18ayfv3DjjUSFIXOtgBI5iYLa3V4+fgd5815Eygf+umvLeKxXTqcseq
er1lbgh/hHEzAjtLSAb2p7dE7ikKi29W3l0oz0NORkle+/hmhOQnUjbUzTiNjXta
+XB6/JzpFPgJq8zujqY8vnhzltGtYHfLwJZqmf4zUd0fRkevPNRAjA6HaDVYX/tp
T8jbFN7Rq+sm371Lpaz1rx1lZCWsQD84q7V+BEHWS1QcIdyzjIuXWuxfwJX/BuDb
8USbSJ+4PYZBhWrUAEA9lcU7/vpBSb/TK1r+dFtnJd7HUiiNB52OKCndMAdXOpVf
6eV2100TmtXHo471inBWtx5F1NQYXMJFv7X/2hxGuWCi82ktKgJBxc8ENPHF8EiV
gwUO3oheSjtuf1yss8oWNEYshBlsIHXe1YQsI3X+Xp6zUdllget5GXh3u1JW7raH
gnrfIh6woMArh9B12DHFdb/wYqgorgIlS2zGVZw2LeZB+P2Vqqc=
=v9LF
-----END PGP SIGNATURE-----


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux