Hi all,
On fedora36 and rawhide, connecting to University wifi (WPA2-Enterprise) silently fails authentication. Specifically, I am trying to connect to eduroam. I can reproduce this issue on both workstation and silverblue.
Running journalctl -f
gives me the following output:
Journal Output
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2438] Config: added 'ssid' value 'eduroam'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2440] Config: added 'scan_ssid' value '1'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2442] Config: added 'bgscan' value 'simple:30:-65:300'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2444] Config: added 'key_mgmt' value 'WPA-EAP FT-EAP FT-EAP-SHA384 WPA-EAP-SHA256'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2446] Config: added 'auth_alg' value 'OPEN'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2447] Config: added 'password' value '<hidden>'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2449] Config: added 'eap' value 'TTLS'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2450] Config: added 'fragment_size' value '1266'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2453] Config: added 'phase2' value 'auth=MSCHAPV2'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2455] Config: added 'identity' value '<username removed>'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2456] Config: added 'anonymous_identity' value '<username removed>'
Feb 22 12:12:00 matthew-s NetworkManager[863]: <info> [1645485120.2458] Config: added 'proactive_key_caching' value '1'
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: SME: Trying to authenticate with dc:a5:f4:1a:73:6f (SSID='eduroam' freq=5240 MHz)
Feb 22 12:12:01 matthew-s kernel: wlp1s0: authenticate with dc:a5:f4:1a:73:6f
Feb 22 12:12:01 matthew-s kernel: wlp1s0: bad VHT capabilities, disabling VHT
Feb 22 12:12:01 matthew-s kernel: wlp1s0: send auth to dc:a5:f4:1a:73:6f (try 1/3)
Feb 22 12:12:01 matthew-s kernel: wlp1s0: authenticated
Feb 22 12:12:01 matthew-s kernel: wlp1s0: VHT capa missing/short, disabling VHT/HE
Feb 22 12:12:01 matthew-s kernel: wlp1s0: associate with dc:a5:f4:1a:73:6f (try 1/3)
Feb 22 12:12:01 matthew-s kernel: wlp1s0: RX AssocResp from dc:a5:f4:1a:73:6f (capab=0x1111 status=0 aid=3)
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: Trying to associate with dc:a5:f4:1a:73:6f (SSID='eduroam' freq=5240 MHz)
Feb 22 12:12:01 matthew-s kernel: wlp1s0: associated
Feb 22 12:12:01 matthew-s kernel: wlp1s0: Limiting TX power to 17 (17 - 0) dBm as advertised by dc:a5:f4:1a:73:6f
Feb 22 12:12:01 matthew-s NetworkManager[863]: <info> [1645485121.3329] device (wlp1s0): supplicant interface state: scanning -> authenticating
Feb 22 12:12:01 matthew-s NetworkManager[863]: <info> [1645485121.3333] device (p2p-dev-wlp1s0): supplicant management interface state: scanning -> authenticating
Feb 22 12:12:01 matthew-s NetworkManager[863]: <info> [1645485121.3338] device (wlp1s0): supplicant interface state: authenticating -> associating
Feb 22 12:12:01 matthew-s NetworkManager[863]: <info> [1645485121.3340] device (p2p-dev-wlp1s0): supplicant management interface state: authenticating -> associating
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: Associated with dc:a5:f4:1a:73:6f
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Feb 22 12:12:01 matthew-s NetworkManager[863]: <info> [1645485121.3786] device (wlp1s0): supplicant interface state: associating -> associated
Feb 22 12:12:01 matthew-s NetworkManager[863]: <info> [1645485121.3789] device (p2p-dev-wlp1s0): supplicant management interface state: associating -> associated
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 -> NAK
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:handshake failure
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Feb 22 12:12:01 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Feb 22 12:12:02 matthew-s systemd[1]: systemd-hostnamed.service: Deactivated successfully.
Feb 22 12:12:02 matthew-s audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Feb 22 12:12:02 matthew-s audit: BPF prog-id=0 op=UNLOAD
Feb 22 12:12:02 matthew-s audit: BPF prog-id=0 op=UNLOAD
Feb 22 12:12:03 matthew-s wpa_supplicant[932]: wlp1s0: Authentication with dc:a5:f4:1a:73:6f timed out.
Feb 22 12:12:03 matthew-s kernel: wlp1s0: deauthenticating from dc:a5:f4:1a:73:6f by local choice (Reason: 3=DEAUTH_LEAVING)
Feb 22 12:12:03 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=dc:a5:f4:1a:73:6f reason=3 locally_generated=1
Feb 22 12:12:03 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10 reason=AUTH_FAILED
Feb 22 12:12:03 matthew-s wpa_supplicant[932]: BSSID dc:a5:f4:1a:73:6f ignore list count incremented to 2, ignoring for 10 seconds
Feb 22 12:12:03 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-DSCP-POLICY clear_all
Feb 22 12:12:03 matthew-s NetworkManager[863]: <info> [1645485123.5749] device (wlp1s0): supplicant interface state: associated -> disconnected
Feb 22 12:12:03 matthew-s NetworkManager[863]: <info> [1645485123.5754] device (p2p-dev-wlp1s0): supplicant management interface state: associated -> disconnected
Feb 22 12:12:03 matthew-s NetworkManager[863]: <info> [1645485123.6733] device (wlp1s0): supplicant interface state: disconnected -> scanning
Feb 22 12:12:03 matthew-s NetworkManager[863]: <info> [1645485123.6736] device (p2p-dev-wlp1s0): supplicant management interface state: disconnected -> scanning
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam"
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: SME: Trying to authenticate with dc:a5:f4:1a:73:6f (SSID='eduroam' freq=5240 MHz)
Feb 22 12:12:15 matthew-s kernel: wlp1s0: authenticate with dc:a5:f4:1a:73:6f
Feb 22 12:12:15 matthew-s kernel: wlp1s0: bad VHT capabilities, disabling VHT
Feb 22 12:12:15 matthew-s kernel: wlp1s0: send auth to dc:a5:f4:1a:73:6f (try 1/3)
Feb 22 12:12:15 matthew-s kernel: wlp1s0: authenticated
Feb 22 12:12:15 matthew-s kernel: wlp1s0: VHT capa missing/short, disabling VHT/HE
Feb 22 12:12:15 matthew-s kernel: wlp1s0: associate with dc:a5:f4:1a:73:6f (try 1/3)
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: Trying to associate with dc:a5:f4:1a:73:6f (SSID='eduroam' freq=5240 MHz)
Feb 22 12:12:15 matthew-s kernel: wlp1s0: RX AssocResp from dc:a5:f4:1a:73:6f (capab=0x1111 status=0 aid=3)
Feb 22 12:12:15 matthew-s NetworkManager[863]: <info> [1645485135.5614] device (wlp1s0): supplicant interface state: scanning -> authenticating
Feb 22 12:12:15 matthew-s kernel: wlp1s0: associated
Feb 22 12:12:15 matthew-s NetworkManager[863]: <info> [1645485135.5619] device (p2p-dev-wlp1s0): supplicant management interface state: scanning -> authenticating
Feb 22 12:12:15 matthew-s NetworkManager[863]: <info> [1645485135.5649] device (wlp1s0): supplicant interface state: authenticating -> associating
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: Associated with dc:a5:f4:1a:73:6f
Feb 22 12:12:15 matthew-s NetworkManager[863]: <info> [1645485135.5653] device (p2p-dev-wlp1s0): supplicant management interface state: authenticating -> associating
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Feb 22 12:12:15 matthew-s NetworkManager[863]: <info> [1645485135.5946] device (wlp1s0): supplicant interface state: associating -> associated
Feb 22 12:12:15 matthew-s kernel: wlp1s0: Limiting TX power to 17 (17 - 0) dBm as advertised by dc:a5:f4:1a:73:6f
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Feb 22 12:12:15 matthew-s NetworkManager[863]: <info> [1645485135.5949] device (p2p-dev-wlp1s0): supplicant management interface state: associating -> associated
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 -> NAK
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:handshake failure
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Feb 22 12:12:17 matthew-s wpa_supplicant[932]: wlp1s0: Authentication with dc:a5:f4:1a:73:6f timed out.
Feb 22 12:12:17 matthew-s kernel: wlp1s0: deauthenticating from dc:a5:f4:1a:73:6f by local choice (Reason: 3=DEAUTH_LEAVING)
Feb 22 12:12:17 matthew-s wpa_supplicant[932]: BSSID dc:a5:f4:1a:73:6f ignore list count incremented to 3, ignoring for 60 seconds
Feb 22 12:12:17 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=dc:a5:f4:1a:73:6f reason=3 locally_generated=1
Feb 22 12:12:17 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=2 duration=30 reason=AUTH_FAILED
Feb 22 12:12:17 matthew-s wpa_supplicant[932]: BSSID dc:a5:f4:1a:73:6f ignore list count incremented to 4, ignoring for 120 seconds
Feb 22 12:12:17 matthew-s wpa_supplicant[932]: wlp1s0: CTRL-EVENT-DSCP-POLICY clear_all
Feb 22 12:12:17 matthew-s NetworkManager[863]: <info> [1645485137.7492] device (wlp1s0): supplicant interface state: associated -> disconnected
Feb 22 12:12:17 matthew-s NetworkManager[863]: <info> [1645485137.7496] device (p2p-dev-wlp1s0): supplicant management interface state: associated -> disconnected
Feb 22 12:12:17 matthew-s NetworkManager[863]: <info> [1645485137.8476] device (wlp1s0): supplicant interface state: disconnected -> scanning
Feb 22 12:12:17 matthew-s NetworkManager[863]: <info> [1645485137.8478] device (p2p-dev-wlp1s0): supplicant management interface state: disconnected -> scanning
Feb 22 12:12:25 matthew-s NetworkManager[863]: <warn> [1645485145.2240] device (wlp1s0): Activation: (wifi) association took too long
Feb 22 12:12:25 matthew-s NetworkManager[863]: <info> [1645485145.2245] device (wlp1s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Feb 22 12:12:25 matthew-s NetworkManager[863]: <warn> [1645485145.2271] device (wlp1s0): Activation: (wifi) asking for new secrets
Feb 22 12:12:25 matthew-s NetworkManager[863]: <info> [1645485145.2349] device (wlp1s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Feb 22 12:12:25 matthew-s NetworkManager[863]: <info> [1645485145.2382] device (wlp1s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Feb 22 12:12:25 matthew-s NetworkManager[863]: <info> [1645485145.2403] device (wlp1s0): Activation: (wifi) connection 'eduroam' has security, and secrets exist. No new secrets needed.
In particular, these lines seems suspect:
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:handshake failure
Feb 22 12:12:15 matthew-s wpa_supplicant[932]: OpenSSL: openssl_handshake - SSL_connect error:0A000152:SSL routines::unsafe legacy renegotiation disabled
I did not encounter this problem on fedora35 or any other distribution. Would appreciate any help on how to resolve this.