cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Jose Manuel Pérez <jmperez AT i2basque.eus>
- To: cat-users AT lists.geant.org
- Subject: [[cat-users]] Problem connecting to eduroam
- Date: Tue, 4 Jun 2019 14:42:24 +0200
Hi people at Gean,
We have some problems connecting to eduroam from Windows and Linux boxes (not
from MacOS). Downloaded last CAT installer but could not get authentication,
we get some TLS certificate problem:
Jun 4 13:38:16 mint wpa_supplicant[831]: TLS: Certificate verification
failed, error 2 (unable to get issuer certificate) depth 1 for
'/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3'
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1
subject='/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3'
err='unable to get issuer certificate'
Jun 4 13:38:16 mint wpa_supplicant[831]: SSL: SSL3 alert: write (local SSL3
detected an error):fatal:unknown CA
Jun 4 13:38:16 mint wpa_supplicant[831]: OpenSSL: openssl_handshake -
SSL_connect error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
What could be the problem? Radius servers have certificates up to date.
Here log output for a connection attempt:
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6400] device
(wlp3s0): Activation: starting connection 'eduroam'
(1cc36963-612e-48b7-9f96-de830bca67c0)
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6402] audit:
op="connection-activate" uuid="1cc36963-612e-48b7-9f96-de830bca67c0"
name="eduroam" pid=1496 uid=1000 result="success"
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6405] device
(wlp3s0): state change: disconnected -> prepare (reason 'none',
sys-iface-state: 'managed')
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6411] device
(wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state:
'managed')
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6414] device
(wlp3s0): Activation: (wifi) access point 'eduroam' has security, but secrets
are required.
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6414] device
(wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state:
'managed')
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6454] device
(wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state:
'managed')
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6456] device
(wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state:
'managed')
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6458] device
(wlp3s0): Activation: (wifi) connection 'eduroam' has security, and secrets
exist. No new secrets needed.
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6458] Config:
added 'ssid' value 'eduroam'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'scan_ssid' value '1'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'bgscan' value 'simple:30:-65:300'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'key_mgmt' value 'WPA-EAP'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'proto' value 'RSN'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'pairwise' value 'CCMP'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'group' value 'CCMP TKIP'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'password' value '<hidden>'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'eap' value 'TTLS'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6459] Config:
added 'fragment_size' value '1266'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6460] Config:
added 'phase2' value 'auth=PAP'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6460] Config:
added 'ca_cert' value '/home/jmperez/.cat_installer/ca.pem'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6460] Config:
added 'altsubject_match' value
'DNS:radius1.i2basque.es;DNS:radius3.i2basque.es'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6460] Config:
added 'identity' value 'jmperez AT i2basque.es'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6460] Config:
added 'anonymous_identity' value 'anonymous AT i2basque.es'
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6460] Config:
added 'proactive_key_caching' value '1'
Jun 4 13:38:16 mint kernel: [ 300.753553] wlp3s0: authenticate with
24:f2:7f:f7:16:90
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0: SME: Trying to authenticate
with 24:f2:7f:f7:16:90 (SSID='eduroam' freq=5260 MHz)
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6594] device
(wlp3s0): supplicant interface state: inactive -> authenticating
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0: Trying to associate with
24:f2:7f:f7:16:90 (SSID='eduroam' freq=5260 MHz)
Jun 4 13:38:16 mint kernel: [ 300.763722] wlp3s0: send auth to
24:f2:7f:f7:16:90 (try 1/3)
Jun 4 13:38:16 mint kernel: [ 300.765410] wlp3s0: authenticated
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0: Associated with
24:f2:7f:f7:16:90
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Jun 4 13:38:16 mint kernel: [ 300.767180] wlp3s0: associate with
24:f2:7f:f7:16:90 (try 1/3)
Jun 4 13:38:16 mint kernel: [ 300.768718] wlp3s0: RX AssocResp from
24:f2:7f:f7:16:90 (capab=0x411 status=0 aid=4)
Jun 4 13:38:16 mint kernel: [ 300.768820] wlp3s0: associated
Jun 4 13:38:16 mint NetworkManager[857]: <info> [1559648296.6661] device
(wlp3s0): supplicant interface state: authenticating -> associated
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0: CTRL-EVENT-EAP-STARTED EAP
authentication started
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 -> NAK
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0: CTRL-EVENT-EAP-METHOD EAP
vendor 0 method 21 (TTLS) selected
Jun 4 13:38:16 mint wpa_supplicant[831]: TLS: Certificate verification
failed, error 2 (unable to get issuer certificate) depth 1 for
'/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3'
Jun 4 13:38:16 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1
subject='/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3'
err='unable to get issuer certificate'
Jun 4 13:38:16 mint wpa_supplicant[831]: SSL: SSL3 alert: write (local SSL3
detected an error):fatal:unknown CA
Jun 4 13:38:16 mint wpa_supplicant[831]: OpenSSL: openssl_handshake -
SSL_connect error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Jun 4 13:38:17 mint wpa_supplicant[831]: wlp3s0: CTRL-EVENT-EAP-FAILURE EAP
authentication failed
Jun 4 13:38:19 mint wpa_supplicant[831]: wlp3s0: Authentication with
24:f2:7f:f7:16:90 timed out.
Jun 4 13:38:19 mint kernel: [ 303.933755] wlp3s0: deauthenticating from
24:f2:7f:f7:16:90 by local choice (Reason: 3=DEAUTH_LEAVING)
Jun 4 13:38:20 mint wpa_supplicant[831]: wlp3s0: CTRL-EVENT-DISCONNECTED
bssid=24:f2:7f:f7:16:90 reason=3 locally_generated=1
Jun 4 13:38:20 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10
reason=AUTH_FAILED
Jun 4 13:38:20 mint wpa_supplicant[831]: wlp3s0:
CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=2 duration=26
reason=CONN_FAILED
Jun 4 13:38:20 mint wpa_supplicant[831]: wlp3s0: CTRL-EVENT-REGDOM-CHANGE
init=CORE type=WORLD
Jun 4 13:38:20 mint NetworkManager[857]: <warn> [1559648300.2405]
sup-iface[0x55e3e816ca40,wlp3s0]: connection disconnected (reason -3)
Jun 4 13:38:20 mint NetworkManager[857]: <info> [1559648300.2453] device
(wlp3s0): supplicant interface state: associated -> disconnected
Jun 4 13:38:20 mint NetworkManager[857]: <info> [1559648300.3454] device
(wlp3s0): supplicant interface state: disconnected -> scanning
Jun 4 13:38:42 mint NetworkManager[857]: <warn> [1559648322.2079] device
(wlp3s0): Activation: (wifi) association took too long
Jun 4 13:38:42 mint NetworkManager[857]: <info> [1559648322.2080] device
(wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state:
'managed')
Jun 4 13:38:42 mint NetworkManager[857]: <warn> [1559648322.2103] device
(wlp3s0): Activation: (wifi) asking for new secrets
Jun 4 13:38:42 mint dbus-daemon[792]: [system] Activating via systemd:
service name='org.freedesktop.hostname1'
unit='dbus-org.freedesktop.hostname1.service' requested by ':1.63' (uid=1000
pid=1543 comm="nm-applet " label="unconfined")
Jun 4 13:38:42 mint systemd[1]: Starting Hostname Service...
Jun 4 13:38:42 mint dbus-daemon[792]: [system] Successfully activated
service 'org.freedesktop.hostname1'
Jun 4 13:38:42 mint systemd[1]: Started Hostname Service.
Jun 4 13:38:47 mint NetworkManager[857]: <info> [1559648327.1416] device
(wlp3s0): supplicant interface state: scanning -> inactive
Jun 4 13:40:42 mint NetworkManager[857]: <warn> [1559648442.2154] device
(wlp3s0): No agents were available for this request.
Jun 4 13:40:42 mint NetworkManager[857]: <info> [1559648442.2154] device
(wlp3s0): state change: need-auth -> failed (reason 'no-secrets',
sys-iface-state: 'managed')
Jun 4 13:40:42 mint NetworkManager[857]: <warn> [1559648442.2161] device
(wlp3s0): Activation: failed for connection 'eduroam'
Jun 4 13:40:42 mint NetworkManager[857]: <info> [1559648442.2167] device
(wlp3s0): state change: failed -> disconnected (reason 'none',
sys-iface-state: 'managed')
Jun 4 13:40:42 mint kernel: [ 446.321394] IPv6: ADDRCONF(NETDEV_UP):
wlp3s0: link is not ready
Best regards.
--
# Jose Manuel Pérez :: +34 648 156 387 #
# i2basque :: red y sistemas/sarea eta sistemak #
- [[cat-users]] Problem connecting to eduroam, Jose Manuel Pérez, 06/04/2019
- Re: [[cat-users]] Problem connecting to eduroam, Stefan Winter, 06/13/2019
- Re: [[cat-users]] Problem connecting to eduroam, Jose Manuel Pérez, 06/13/2019
- Re: [[cat-users]] Problem connecting to eduroam, Stefan Winter, 06/13/2019
Archive powered by MHonArc 2.6.19.