LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   wpa_supplicant: how do I know what I did wrong (https://www.linuxquestions.org/questions/slackware-14/wpa_supplicant-how-do-i-know-what-i-did-wrong-724275/)

trainee 05-06-2009 08:25 PM
wpa_supplicant: how do I know what I did wrong
 
Hi everybody,

I am trying to connect to the network at Purdue University using the instruction here

http://purduelug.org/?page_id=11

I follow section 4 of it:

I was able to use wpa_cli list_networks to see the network, but unable to connect to the network.

I don't know where things go wrong.

Can you guys give me a clue or at least show me which log files should I look at to find out what went wrong?

Thank you.

2Gnu 05-06-2009 11:10 PM
Run the wpa_supplicant daemon in the foreground (no -B option), with increased verbosity (-dd). Example:

wpa_supplicant -w -dd -c/etc/wpa_supplicant.conf -Dwext -iwlan0

Then, sit back and watch the fun. The messages may appear to be cryptic, but read them carefully or post here and hopefully we can help you.

onebuck 05-07-2009 07:09 AM
Hi,

I would suggest that you look at 'Configuring your network in Slackware'. Great wiki by Alien_Bob.

This link and others are available from 'Slackware-Links'. More than just SlackwareŽ links!

trainee 05-07-2009 10:27 AM
Thank you, guys. I'll try these advices and report the progress.

Ilgar 05-07-2009 12:18 PM
You can also use wicd from the extra/ directory (of the Slack installation CD, or find a copy in the mirrors). It's a GUI tool to setup you wireless connection.

onebuck 05-07-2009 05:26 PM
Hi,

'wicd' is referenced in the link that I provided in the above post. Alien_Bob has covered network setups to the 'T'. Great Wiki!

trainee 05-08-2009 08:54 AM
I tried the wikie of Alien_Bob. But I stuck. Here are some of the outcome.

this is my rc.inet1.conf

Quote:
IFNAME[1]="eth1"
IPADDR[1]=""
NETMASK[1]=""
USE_DHCP[1]="yes"
DHCP_HOSTNAME[1]=""
WLAN_WPA[1]="wpa_supplicant"
WLAN_WPADRIVER[1]="wext"
WLAN_ESSID[1]="PAL2.0"
WLAN_WPAWAIT[1]=30
this is my wpa_supplicant.conf
Quote:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1


network={
ssid="PAL2.0"
scan_ssid=1
proto=WPA RSN
key_mgmt=WPA-EAP
eap=PEAP
identity="username"
password="pass"
ca_cert="/etc/ssl/certs/ca-certificates.crt"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
}
this is the outcome of some command I typed

Quote:
root@darkstar:/etc/rc.d# wpa_cli status
Selected interface 'eth1'
bssid=00:07:85:b3:4f:63
ssid=PAL2.0
id=0
pairwise_cipher=TKIP
group_cipher=TKIP
key_mgmt=WPA/IEEE 802.1X/EAP
wpa_state=ASSOCIATED
Supplicant PAE state=CONNECTING
suppPortStatus=Unauthorized
EAP state=IDLE
root@darkstar:/etc/rc.d# iwconfig
lo no wireless extensions.

eth1 IEEE 802.11b ESSID:"PAL2.0" Nickname:"darkstar"
Mode:Managed Frequency:2.462 GHz Access Point: 00:07:85:B3:4F:63
Bit Rate:11 Mb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=62/100 Signal level=-63 dBm Noise level=-86 dBm
Rx invalid nwid:0 Rx invalid crypt:3 Rx invalid frag:0
Tx excessive retries:55 Invalid misc:626 Missed beacon:3

eth0 no wireless extensions.

root@darkstar:/etc/rc.d# wpa_cli list_networks
Selected interface 'eth1'
network id / ssid / bssid / flags
0 PAL2.0 any [CURRENT]
It seems like I was able to connect to the network, but it refused to give me anything else. (No domain name resolve).

Do you have any idea what I should do next?

(I haven't tried the Wicd because I want to to it by these configuration files to find out how it work and things like that.

Thank you for all your help and relies.

trainee 05-08-2009 09:23 AM
Another thing,

when I run the command

/etc/rc.d/rc.inet1 stop
/etc/rc.d/rc.inet1 start

I get the outcome
Quote:
./rc.inet1 eth1 information "Any ESSID"
Polling for DHCP server on interface eth1
No carrier detected on eth1. Reducing DHCP timeout to 10 seconds.
dhcpcd: MAC address = 00:12:f0:a7:05:68

janhe 05-09-2009 04:23 PM
This is what happens now:

It seems to me like there's a problem when wpa_supplicant tries to login on the network.

This setup requires that you provide a username and password before you get a encryption key (but you already knew that)
Something goes wrong when wpa_supplicant tries to do that.

After failing to get a wireless connection, the slackware scripts try to get an IP by running dhcpcd, just in case the carrier detection is wrong. Since there really isn't a link, you cannot get an IP.

--

The difficult part is that the encryption key for the network has to be obtained after a login. Most WPA encrypted networks work with a passphrase, and either you have configured the right passphrase, or not.

If you want to find out what goes wrong, take 2Gnu's suggestion. Kill the wpa_supplicant that is running after bootup, and execute the wpa_supplicant command that 2Gnu gave in his post above.

You should be able to kill wpa_supplicant with this command:
Code:
wpa_cli terminate
Also, make sure the interface is up before running the wpa_supplicant command yourself:
Code:
ifconfig eth1 up
good luck and please post back if and how you get it running

edit: if the wpa_supplicant command is successfull, go to another console and run the following command, after that you should be able to connect to the internet (at least until reboot):
Code:
dhcpcd eth1

trainee 05-09-2009 04:41 PM
Thank you. I'll try that.

trainee 05-10-2009 09:23 AM
I tried WiCD and failed (mysteriously, and I don't know why)

I ran the command

wpa_supplicant -i eth1 -D wext -c /etc/ssl/certs/ca.crt

and here is the outcome I got

Quote:
Trying to associate with 00:07:85:b3:4f:63 (SSID='PAL2.0' freq=2462 MHz)
Associated with 00:07:85:b3:4f:63
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
TLS: Certificate verification failed, error 2 (unable to get issuer certificate) depth 1 for '/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with 00:07:85:b3:4f:63 (SSID='PAL2.0' freq=2462 MHz)
Associated with 00:07:85:b3:4f:63
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Does this mean I got the wrong certificate? (I copy and paste it as-is from the website I mentioned above.
Is there any "special" thing about those certificate, or is there any thing else I can do here?

Thank you for your advice so far.

Alien Bob 05-10-2009 10:17 AM
Quote:
Originally Posted by trainee (Post 3536159)
I ran the command

wpa_supplicant -i eth1 -D wext -c /etc/ssl/certs/ca.crt
For sure, this is a wrong command. The "-c" option for wpa_supplicant should point to a wpa_supplicant.conf, not to a SSL certificate file.
Quote:
Does this mean I got the wrong certificate? (I copy and paste it as-is from the website I mentioned above.
Is there any "special" thing about those certificate, or is there any thing else I can do here?
You should save the certificate from that site to a new file, any name will be fine (for instance, save it as ~/ThawteCA.pem). This should be it's content:
Code:
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIQ2Mh2diLpT6UR0zu3OPMSkDANBgkqhkiG9w0BAQQFADAd
MRswGQYDVQQDExJSb290IFNHQyBBdXRob3JpdHkwHhcNOTkwNzE2MTk0NzA1WhcN
MDQwNzE2MTk0NzA0WjCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs
dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lv
bjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcN
AQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDSNjZqi9fCW57agUFijzjuSQRV1tDvHBuVFkfvGEg1OlL0K2oG
jzsv6lbjr4aNnhf3nrRldQJN78sJoiFR2JvQZ9C6DZIGFHPUk8uXKgCcXE4MvPoV
UvzyRG7aEUpuCJ8vLeP5qjqGc7ZGU1jIiQW9gxG4cz+qB430Qk3nQJ0cNwIDAQAB
o30wezANBgNVHQoEBjAEAwIHgDAgBgNVHSUEGTAXBgorBgEEAYI3CgMDBglghkgB
hvhCBAEwSAYDVR0BBEEwP4AQDScp5AUql7R3WDVHky0GuKEfMB0xGzAZBgNVBAMT
ElJvb3QgU0dDIEF1dGhvcml0eYIKIJ0R0Q5/e4V0gDANBgkqhkiG9w0BAQQFAAOC
AQEAtpjGLFCXuP8g1Vw1aG7lznNu3l/k5ILEZ/0mFvF6xWzV4a/7HAUQkP6ZSMrd
Ko/WoOssAkvxX4bOW/qcOPEnnAGm5W0TwFYL8PE8StApw5/XkT8ZYE5RVBk1pq9j
PdeKRS7sMW9GVz3ONfF/Zq4IfqM3S8am3SA5wOF/+jJ/2OoeobV38aF7n6vxEmrI
uWSK0hpLSUXtOTvdx1POo2lt5+Hj1dnFtdTRYTDbog2wO4nVDtrD94V6dOfAKXFt
0NXwo/9d7ylenV1cVg34JSMGNMlWApLwpsRPCM6x2pbYxciUktaukwdhrBO28sSb
RatCwXzGbGSaSYIC0T28vEA5Lg==
-----END CERTIFICATE-----
And your wpa_supplicant.conf file should have that filename in the line starting with "ca_cert=".

I also see that that website lists
Code:
phase1="peaplabel=0"
while your own wpa_supplicant.conf has the value "1" there.

Eric

trainee 05-10-2009 10:25 AM
For sure, Alien_Bob, you pointed out my mistake.

I used the right command which was

wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant.conf

(I only posted it here wrong)

About the certificate, I did copy and pasted that exact part and saved it as /etc/ssl/certs/ca.crt

the line ca_cert in the file wpa_supplicant.conf did point to that file

trainee 05-10-2009 10:44 AM
And now, I am running into another problem.
There are two networks available as I can see, one is "PAL2.0", the other is "erdos". And even though I want to connect to PAL2.0, whenever I run the command
Quote:
wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant.conf
It keep doing:
Quote:
Trying to associate with .... (SSID='erdos' freq=2347 MHz)
I fired up another one, use wpa_cli select_network to try to connect to the right one. But no luck. It kicked me out of the wpa_supplicant when I tried doing so.

(And before I ran the wpa_supplicant command, I did run
Quote:
iwconfig eth1 essid PAL2.0
)
What should I do?

PS: After a few more tries, it stopped kicking me out, but the problem remained the same.

By the suggestion of Alien_bob, I also tried "peaplable=1" and "peaplabel=0"
They both gave the same result.

I do suspect about the certificate, by reading through the instruction at purduelug.org, it seems to me that this is something I can acquire independently with the network administration. Do you know anywhere else where I can get it?

Thank you.

janhe 05-11-2009 04:47 PM
The first error that appears in the output from wpa_supplicant you posted is: (when you ran wpa_supplicant yourself on the command line, without the "-B" option)
Quote:
TLS: Certificate verification failed, error 2 (unable to get issuer certificate) depth 1 for '/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server
I've looked at the certificate that is mentioned on the website, and that Alien_Bob posted. It is expired since 2004.

I've found the instructions for setting up Windows XP, and it seems the needed certificate is a root certificate that is widely distributed.

I've found a certificate with the same name as the expired one (and the name mentioned in the XP howto) on my slackware 12.2 + KDE4 installation. It is located in the file /usr/share/apps/kssl/ca-bundle.crt The name is Thawte Premium Server CA.

If you have KDE installed, look if you have the certificate bundle. Try to list that as your "ca_cert=" entry in wpa_supplicant.conf


All times are GMT -5. The time now is 04:46 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page