802.1x (dot1x) problem on wired network after Fedora 30 upgrade (from F28)

Hey all,

I’m looking for a bit of help diagnosing an odd problem before i log any bug reports for it as i’m not 100% sure it is a bug, vs an upgrade problem.

I’ve recently upgraded from F28 to F30, i’m a KDE user and was using network manager before on F28 to manage my user auth to our wired network at work, we use dot1x with PEAP/MSCHAP and it had been working absolutely perfectly.

Now that i’ve upgraded to F30, my connections get stuck at setting interface and it never actually proceeds to sending any auth. Originally i thought this might be a wallet or key problem, so i’ve created new profiles and modified the password storage from local to global and vice versa, and yet i’ve still not had any luck.

The one thing i haven’t done is actually killed networkmanager and sent a manual dot1x using wpa_sup or something.

I can get a full connection no problem as long as i turn off dot1x (we currently have it set optional at work as we are testing prior to a full deployment), i’ve checked on our auth system and the switch doing it and Fedora is just never even starting to send any auth at all.

I’ve put networkmanager’s logging to debug as the info level had nothing useful that i can see, whilst the debug output i’ve got has some oddities in it, i can’t see anything that i think is 100% related. Has anybody run into this / got any fixes/suggestions?

I’ll paste the debug log into the next message for neatness.

2 Likes

I put it into a pastebin as its too big to paste here: https://pastebin.com/gsBpAPH6

This paste includes letting it sit for a bit, thinking the password is wrong and prompting again, but i can confirm it is 100% not actually attempting to auth (at least not in any way that looks like a proper dot1x auth).

Without the debug it just gets stuck at carrier link detected after associating, with the debug it looks to have no extra real info.

One odd thing is this:
Aug 05 15:26:53 PCNAME NetworkManager[737]: [1564982813.0745] platform: (enp0s25) qdisc: delete fq_codel dev 2 family 0 handle 0 parent ffffffff info 2
Aug 05 15:26:53 PCNAME NetworkManager[737]: [1564982813.0746] platform-linux: netlink: recvmsg: error message from kernel: No such file or directory (2) “Cannot delete qdisc with handle of zero” for>
Aug 05 15:26:53 PCNAME NetworkManager[737]: [1564982813.0747] platform-linux: do-delete-qdisc[2: -1]: failure 2 (No such file or directory - Cannot delete qdisc with handle of zero), meaning the obj>

I’ve done some extra investigations here and found that I can log into KDE with another user, and dot1x using the same credentials no problem.

I can also manually auth using wpa_supplicant then use NM to initialise the interface / request a DHCP lease etc and that works fine too.

I’ve done some wireshark captures and it never sends anything out the LAN interface, then just times out and loops back. I’ve tried blowing away my user’s home directory entirely, just removing KDE’s various folders, and specifically trying to remove targetted folders/files but nothing has fixed it.

I’m going to open a bug report with the NM team now and see what they say, it looks to be a problem with the auth mechanism caused by the upgrade from FC28, but as to what it is / where it is, I can’t find it.

1759797 – dot1x broken after upgrade to FC30 from FC28 created for this.

2 Likes