先週の金曜日、Ubuntu 15.10に更新しました。その瞬間、私はWifiで企業ネットワークに接続されました。アップグレード後、機能しなくなりました。
WiFi接続の構成:
セキュリティ:WPAおよびWPA2 Enterprise
認証:保護されたEAP(PEAP)
チェックボックスCA証明書は不要です。
PEAPバージョン。自動、バージョン0、バージョン1の3つのオプションをすべて試しました。
内部認証:MSCHAPv2
ユーザー名とパスワードが保存されます。同じ資格情報を使用して携帯電話でWi-Fiに接続できます。
これは私がsyslogで見るものです:
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: SME: Trying to authenticate with b4:14:89:d1:2f:21 (SSID='CorporateNetwork' freq=2437 MHz)
Oct 26 07:27:01 mymachine kernel: [ 3144.862773] wlan0: authenticate with b4:14:89:d1:2f:21
Oct 26 07:27:01 mymachine kernel: [ 3144.878081] wlan0: direct probe to b4:14:89:d1:2f:21 (try 1/3)
Oct 26 07:27:01 mymachine NetworkManager[828]: <info> (wlan0): supplicant interface state: disconnected -> authenticating
Oct 26 07:27:01 mymachine kernel: [ 3145.081778] wlan0: direct probe to b4:14:89:d1:2f:21 (try 2/3)
Oct 26 07:27:01 mymachine kernel: [ 3145.285917] wlan0: send auth to b4:14:89:d1:2f:21 (try 3/3)
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: Trying to associate with b4:14:89:d1:2f:21 (SSID='CorporateNetwork' freq=2437 MHz)
Oct 26 07:27:01 mymachine kernel: [ 3145.304765] wlan0: authenticated
Oct 26 07:27:01 mymachine kernel: [ 3145.305931] wlan0: associate with b4:14:89:d1:2f:21 (try 1/3)
Oct 26 07:27:01 mymachine NetworkManager[828]: <info> (wlan0): supplicant interface state: authenticating -> associating
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: Associated with b4:14:89:d1:2f:21
Oct 26 07:27:01 mymachine kernel: [ 3145.340295] wlan0: RX AssocResp from b4:14:89:d1:2f:21 (capab=0x431 status=0 aid=2)
Oct 26 07:27:01 mymachine kernel: [ 3145.340396] wlan0: associated
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=NL
Oct 26 07:27:01 mymachine kernel: [ 3145.345160] cfg80211: Regulatory domain changed to country: NL
Oct 26 07:27:01 mymachine kernel: [ 3145.345166] cfg80211: DFS Master region: ETSI
Oct 26 07:27:01 mymachine kernel: [ 3145.345168] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp), (dfs_cac_time)
Oct 26 07:27:01 mymachine kernel: [ 3145.345173] cfg80211: (2402000 KHz - 2482000 KHz @ 40000 KHz), (N/A, 2000 mBm), (N/A)
Oct 26 07:27:01 mymachine kernel: [ 3145.345176] cfg80211: (5170000 KHz - 5250000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (N/A)
Oct 26 07:27:01 mymachine kernel: [ 3145.345180] cfg80211: (5250000 KHz - 5330000 KHz @ 80000 KHz, 160000 KHz AUTO), (N/A, 2000 mBm), (0 s)
Oct 26 07:27:01 mymachine kernel: [ 3145.345183] cfg80211: (5490000 KHz - 5710000 KHz @ 160000 KHz), (N/A, 2700 mBm), (0 s)
Oct 26 07:27:01 mymachine kernel: [ 3145.345185] cfg80211: (57000000 KHz - 66000000 KHz @ 2160000 KHz), (N/A, 4000 mBm), (N/A)
Oct 26 07:27:01 mymachine NetworkManager[828]: <info> (wlan0): supplicant interface state: associating -> associated
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
Oct 26 07:27:01 mymachine kernel: [ 3145.396028] wlan0: Limiting TX power to 2 dBm as advertised by b4:14:89:d1:2f:21
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3' hash=64903546a58058d1e6f1bead1134ede66a6831d231f0df8d4e28535d7a300496
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='...stripped...' hash=abf1a463f10887c64e4858fb5a06c7016426508815ce324b4f7cea269b1fc029
Oct 26 07:27:01 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:...stripped...
Oct 26 07:27:01 mymachine kernel: [ 3145.498685] wlan0: Limiting TX power to 2 dBm as advertised by b4:14:89:d1:2f:21
Oct 26 07:27:01 mymachine wpa_supplicant[974]: SSL: SSL3 alert: read (remote end reported an error):unknown:unknown
Oct 26 07:27:01 mymachine wpa_supplicant[974]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:illegal parameter
Oct 26 07:27:01 mymachine wpa_supplicant[974]: OpenSSL: openssl_handshake - SSL_connect error:140940F6:SSL routines:ssl3_read_bytes:unknown alert type
Oct 26 07:27:09 mymachine kernel: [ 3153.136903] [drm:intel_pipe_update_end [i915]] *ERROR* Atomic update failure on pipe B (start=185389 end=185390)
Oct 26 07:27:25 mymachine NetworkManager[828]: <warn> (wlan0): Activation: (wifi) association took too long
Oct 26 07:27:25 mymachine NetworkManager[828]: <info> (wlan0): device state change: config -> need-auth (reason 'none') [50 60 0]
Oct 26 07:27:25 mymachine NetworkManager[828]: <warn> (wlan0): Activation: (wifi) asking for new secrets
Oct 26 07:27:25 mymachine kernel: [ 3169.209119] wlan0: deauthenticating from b4:14:89:d1:2f:21 by local choice (Reason: 3=DEAUTH_LEAVING)
Oct 26 07:27:25 mymachine wpa_supplicant[974]: wlan0: CTRL-EVENT-DISCONNECTED bssid=b4:14:89:d1:2f:21 reason=3 locally_generated=1
Oct 26 07:27:25 mymachine NetworkManager[828]: <warn> Connection disconnected (reason -3)
Oct 26 07:27:25 mymachine NetworkManager[828]: <info> (wlan0): supplicant interface state: associated -> disconnected
Oct 26 07:27:25 mymachine NetworkManager[828]: <warn> Failed to GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected: disconnect.
Oct 26 07:27:25 mymachine gnome-session[1578]: nm-applet-Message: New secrets for CorporateNetwork/802-1x requested; ask the user
再び接続できるようにするにはどうすればよいですか?
ここで同じ問題が発生しました:問題はwpa_supplicant 2.4で、ここで読むことができます: http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Internal-radius-server-incompatibility -with-the-new-wpa/td-p/236602
2.3にダウングレードすると、この問題は解決します!
問題は、一部のルーターおよび/またはアクセスポイントが、弱いDHキーを持つWPA2 Enterpriseを使用し、Network Manager 2.4がそれらのネットワークに接続しないことです。
通常、この問題はUbuntu> = 15.10で発生します。現時点での一時的な回避策は、次の手順でwpa_supplicantを2.1(Ubuntu 15.04から)にダウングレードすることです。
echo "deb http://london.mirrors.linode.com/ubuntu/ vivid main" | Sudo tee /etc/apt/sources.list.d/vivid.list
echo -e "Package: *\nPin: release o=Ubuntu,n=vivid\nPin-Priority: -1" | Sudo tee cat /etc/apt/preferences.d/vivid
Sudo apt-get update
Sudo apt-get install wpasupplicant=2.1-0ubuntu7
Sudo apt-mark hold wpasupplicant
Sudo /etc/init.d/network-manager restart
参照: