802.1x private key password wired connection
Page 1 of 1 (15 posts)
Tags:
None
Registered Member 
|
Hi, I have Kubuntu 12.10 with kde 4.9.2.
My wired network connection is secured by 802.1x with TLS. I have all things set up properly and selected to store my private key password. Now there is a problem, when I startup KDE / plugin my network cable a dialog appears with a password request. I double checked that - it's the same password in the preferences, of course with the password provided network is working fine. Any clues on that ? |
Administrator
|
Can you confirm that this is a network password dialog rather than a KWallet dialog?
(The KWallet dialog will have references to opening a wallet, etc).
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
I think, it's not the one from kwallet, but I could be wrong, here is a screenshot: http://i.imgur.com/0NCWu.png
When I changed settings in the 'other' tab to store confidential data unencrypted that dialog does not appear but the connection is not configured then with a message in the syslog: 10/10/2012 07:38:20 piotrus-ThinkPad-W520 NetworkManager[1121] <info> (eth0): device state change: need-auth -> failed (reason 'no-secrets') [60 120 7] Additionally in the syslog, while plugging in the cable I can see the information that: 10/10/2012 07:41:21 piotrus-ThinkPad-W520 NetworkManager[1121] <info> Config: added 'private_key_passwd' value '<omitted>' then 10/10/2012 07:40:15 piotrus-ThinkPad-W520 NetworkManager[1121] <info> Activation (eth0/wired): connection 'kabel praca' has security, but secrets are required. and the dialog appears. Hope that will clear things a little bit. Thanks ! |
|
Administrator
|
That is definitely the network password dialog.
Is the "eth0" connection a system one or a user one? Also, can you please provide the version of NetworkManager in use?
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
here is the version info: 0.9.0.5 (nm09 20120930)
eth0 is configured as a system connection with autoconnect option on |
|
Registered Member
|
Have you followed this step to configure your connection? https://bugs.kde.org/show_bug.cgi?id=279942#c25
If it is a system connection then NetworkManager is responsible for storing any secrets for the connection. That problemay should not happen. Update: I forgout about this other bug https://bugs.kde.org/show_bug.cgi?id=308062, I think that is what is causing you troubles.
Software engineer at Petrobrás http://www.petrobras.com.br/en/about-us/
KDE's Network Management maintainer |
|
Registered Member
|
As for now the solution that worked for me was to uncheck the 'System connection' box - then I got only the dialog ( obviously not needed one ) informing me that the secure connection is about to start, but at least no password required. The second bug you mention has been created by myself.
Anyway, thanks for your help 
|
|
Registered Member
|
For me, it was not enough. I'm using version 0.9.0.8 (nm09 20130310), but can't authenticate through 802.1x. That boring password request dialog continues appearing. Any other tips? |
|
Administrator
|
Does the NetworkManager log reveal if it is failing to retrieve the password, or if actual authentication to the network is failing?
It is possible that additional packages may be needed to enable 802.1x support.
KDE Sysadmin
[img]content/bcooksley_sig.png[/img] |
|
Registered Member
|
Thanks bcooksley!
See the log below. It seems that NetworkManager don't recognize the secrets I place, neither on the network config, nor on the secrets dialog. Furthermore, it shows a weird sequence: connection 'Conexao 802.1x' has security, but secrets are required. then: connection 'Conexao 802.1x' requires no security. No secrets needed. and so it shows me the dialog: asking for new secrets and again: connection 'Conexao 802.1x' requires no security. No secrets needed. and finishing: need-auth -> failed (reason 'no-secrets')
|
|
Registered Member
|
1 Jul 2 07:30:24 machine wpa_supplicant[1458]: eth0: Associated with 01:80:c2:00:00:03
2 Jul 2 07:30:24 machine NetworkManager[1324]: <info> (eth0): supplicant interface state: inactive -> associated 3 Jul 2 07:30:49 machine NetworkManager[1324]: <warn> Activation (eth0/wired): association took too long. 4 Jul 2 07:30:49 machine NetworkManager[1324]: <info> (eth0): device state change: config -> need-auth (reason 'none') [50 60 0] 5 Jul 2 07:30:49 machine NetworkManager[1324]: <info> Activation (eth0/wired): asking for new secrets By what I can see in those lines it associates in line 1 and 2. In line 3 NetworkManager reaches a 15s timeout. I am not sure what that timeout is used for. If it is the dhcp client timeout then maybe your dhcp server is being too slow to send the configuration and that can explain why the connection is being dropped. NetworkManager usually "thinks" the password is wrong there an error in the connection activation, so it usually asks for new secrets (line 5) when any error happens.
Software engineer at Petrobrás http://www.petrobras.com.br/en/about-us/
KDE's Network Management maintainer |
|
Registered Member
|
Thanks lamarque!
At the very beginning I thought the problem was at the server side, but other people got it using Ubuntu and Windows 7, using the same server, so I focused on the KDE NetworkManager. Is there another way to test it (through CLI or another GUI)? |
|
Registered Member
|
Looking at NetworkManager's source code that timeout should be 25s not 15s. Anyway, that is a supplicant timeout, then wpa_supplicant must be having problems to complete the activation in despite of the "(eth0): supplicant interface state: inactive -> associated" message. Which wpa_supplicant version do you use? That timeout is really old, from 2008 according to NetworkManager's git log, so it is probably a problem with wpa_supplicant, not NetworkManager.
Software engineer at Petrobrás http://www.petrobras.com.br/en/about-us/
KDE's Network Management maintainer |
|
Registered Member
|
Thanks lamarque,
My wpasupplicant version is 1.0-3ubuntu1. I think it's the original one, from Kubuntu 13.04, unless it has been changed by another application. I saw there is a new version (2.0), but is it the stable one? |
|
Registered Member
|
I think it is. That is the wpa_supplicant version I use.
Software engineer at Petrobrás http://www.petrobras.com.br/en/about-us/
KDE's Network Management maintainer |
Page 1 of 1 (15 posts)
Bookmarks
Who is online
Registered users: Bing [Bot], Google [Bot], Yahoo [Bot]
