SkullKill
Posts: 7
Joined: Tue Jul 30, 2019 1:23 pm

Raspbian Buster - WiFi WPA2 enterprise broken?

Tue Jul 30, 2019 1:36 pm

just wondering if other people are having the same issue with connecting to a WPA2 enterprise with peap-mschapv2 authentication wifi network?

the same wpa_supplicant.conf works fine in 2019-04-08-raspbian-stretch , but in 2019-07-10-raspbian-buster, it does not work.

Code: Select all

country=AU
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
		ssid="SSIDofWiFi"
		priority=1
		proto=RSN
		key_mgmt=WPA-EAP
		pairwise=CCMP
		auth_alg=OPEN
		eap=PEAP
		identity="UsernameOfUser"
		password=hash:#############################		
		phase1="peaplabel=0"
		phase2="auth=MSCHAPV2"
		id_str="home"
}

tried on a pi 3A+ and pi zero w, same error.

on the radius server, the log shows that the authentication has been accepted, and i get the message there every 5 sec.

on the pi with raspbian buster
every 5 sec i get the following error/trace
in /var/log/messages

Code: Select all

Jul 10 01:48:24 raspberrypi kernel: [  251.872764] ------------[ cut here ]------------
Jul 10 01:48:24 raspberrypi kernel: [  251.873218] WARNING: CPU: 0 PID: 390 at drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:5126 brcmf_cfg80211_set_pmk+0x64/0x84 [brcmfmac]
Jul 10 01:48:24 raspberrypi kernel: [  251.873230] Modules linked in: rfcomm bnep hci_uart btbcm serdev bluetooth ecdh_generic 8021q garp stp llc joydev evdev brcmfmac brcmutil sha256_generic cfg80211 raspberrypi_hwmon hwmon snd_bcm2835(C) rfkill snd_pcm snd_timer snd bcm2835_codec(C) bcm2835_v4l2(C) v4l2_mem2mem v4l2_common bcm2835_mmal_vchiq(C) videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops videobuf2_v4l2 videobuf2_common videodev vc_sm_cma(C) media uio_pdrv_genirq uio fixed i2c_dev ip_tables x_tables ipv6
Jul 10 01:48:24 raspberrypi kernel: [  251.873621] CPU: 0 PID: 390 Comm: wpa_supplicant Tainted: G        WC        4.19.57+ #1244
Jul 10 01:48:24 raspberrypi kernel: [  251.873629] Hardware name: BCM2835
Jul 10 01:48:24 raspberrypi kernel: [  251.873680] [<c0017edc>] (unwind_backtrace) from [<c0014e24>] (show_stack+0x20/0x24)
Jul 10 01:48:24 raspberrypi kernel: [  251.873709] [<c0014e24>] (show_stack) from [<c06b5410>] (dump_stack+0x20/0x28)
Jul 10 01:48:24 raspberrypi kernel: [  251.873744] [<c06b5410>] (dump_stack) from [<c0024450>] (__warn+0xf4/0x11c)
Jul 10 01:48:24 raspberrypi kernel: [  251.873768] [<c0024450>] (__warn) from [<c00245a8>] (warn_slowpath_null+0x4c/0x58)
Jul 10 01:48:24 raspberrypi kernel: [  251.874125] [<c00245a8>] (warn_slowpath_null) from [<bf401aec>] (brcmf_cfg80211_set_pmk+0x64/0x84 [brcmfmac])
Jul 10 01:48:24 raspberrypi kernel: [  251.875783] [<bf401aec>] (brcmf_cfg80211_set_pmk [brcmfmac]) from [<bf26a3b8>] (nl80211_set_pmk+0x160/0x1f8 [cfg80211])
Jul 10 01:48:24 raspberrypi kernel: [  251.877250] [<bf26a3b8>] (nl80211_set_pmk [cfg80211]) from [<c05f3de4>] (genl_rcv_msg+0x238/0x458)
Jul 10 01:48:24 raspberrypi kernel: [  251.877388] [<c05f3de4>] (genl_rcv_msg) from [<c05f2e00>] (netlink_rcv_skb+0x100/0x138)
Jul 10 01:48:24 raspberrypi kernel: [  251.877419] [<c05f2e00>] (netlink_rcv_skb) from [<c05f3b98>] (genl_rcv+0x30/0x44)
Jul 10 01:48:24 raspberrypi kernel: [  251.877447] [<c05f3b98>] (genl_rcv) from [<c05f252c>] (netlink_unicast+0x1a8/0x23c)
Jul 10 01:48:24 raspberrypi kernel: [  251.877471] [<c05f252c>] (netlink_unicast) from [<c05f2974>] (netlink_sendmsg+0x2f0/0x364)
Jul 10 01:48:24 raspberrypi kernel: [  251.877498] [<c05f2974>] (netlink_sendmsg) from [<c05874b4>] (sock_sendmsg+0x24/0x34)
Jul 10 01:48:24 raspberrypi kernel: [  251.877521] [<c05874b4>] (sock_sendmsg) from [<c0587ca0>] (___sys_sendmsg+0x20c/0x228)
Jul 10 01:48:24 raspberrypi kernel: [  251.877545] [<c0587ca0>] (___sys_sendmsg) from [<c0588d64>] (__sys_sendmsg+0x5c/0xa0)
Jul 10 01:48:24 raspberrypi kernel: [  251.877571] [<c0588d64>] (__sys_sendmsg) from [<c0588dc4>] (sys_sendmsg+0x1c/0x20)
Jul 10 01:48:24 raspberrypi kernel: [  251.877595] [<c0588dc4>] (sys_sendmsg) from [<c0009000>] (ret_fast_syscall+0x0/0x28)
Jul 10 01:48:24 raspberrypi kernel: [  251.877605] Exception stack(0xd7571fa8 to 0xd7571ff0)
Jul 10 01:48:24 raspberrypi kernel: [  251.877624] 1fa0:                   020d4228 021196c0 00000004 bef47fd0 00000000 00000000
Jul 10 01:48:24 raspberrypi kernel: [  251.877643] 1fc0: 020d4228 021196c0 020d41b0 00000128 b6ec2000 ffffffff 00000001 00000004
Jul 10 01:48:24 raspberrypi kernel: [  251.877656] 1fe0: 0000006c bef47f88 b6ea75bc b6a0d980
Jul 10 01:48:24 raspberrypi kernel: [  251.877671] ---[ end trace 3c8dcb8fb6a768b8 ]---


SkullKill
Posts: 7
Joined: Tue Jul 30, 2019 1:23 pm

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Jul 31, 2019 4:57 am

looks like this is related to a bug between wpa_supplicant 2.8 and broadcom-wl driver


already fix in other distro?
https://bugzilla.redhat.com/show_bug.cgi?id=1665608

looks like there are already patches out there
https://patchwork.ozlabs.org/patch/1125655/

SkullKill
Posts: 7
Joined: Tue Jul 30, 2019 1:23 pm

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Jul 31, 2019 5:10 am

read in other forums that a workaround is to use the driver wext instead of nl80211
e.g
wpa_supplicant -Dwext -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf


however i wanted it implement the workaround without doing too much, and integrate it with the auto start upon reboot etc.


could not find the correct argument/config to put in the wpa_supplicant.conf file to do that. (if anyone knows, please share)

so i edited /etc/wpa_supplicant/functions.sh
on line 227, i moved the wext to be before nl80211

before

Code: Select all

WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext"
now

Code: Select all

WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D wext,nl80211"

wifi is connecting fine now. :)

SkullKill
Posts: 7
Joined: Tue Jul 30, 2019 1:23 pm

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Jul 31, 2019 5:21 am

fyi

for dhcpcd

this might also work, but i have not tested this

/etc/dhcpcd.conf

Code: Select all

# Replace with your actual wireless interface name.
interface wlx******
env ifwireless=1
env wpa_supplicant_driver=wext,nl80211
from https://www.raspberrypi.org/forums/view ... 0#p1208200

daniel-sc
Posts: 1
Joined: Mon Jul 29, 2019 9:02 am

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Jul 31, 2019 1:53 pm

For me only setting it via /etc/dhcpcd.conf worked (check via

Code: Select all

ps auxwww | grep wpa
)

SkullKill
Posts: 7
Joined: Tue Jul 30, 2019 1:23 pm

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Jul 31, 2019 3:18 pm

daniel-sc wrote:
Wed Jul 31, 2019 1:53 pm
For me only setting it via /etc/dhcpcd.conf worked
good to know that via dhcpcd.conf works.

i am using /etc/network/interfaces to set static ipv4 and static ipv6 , so for my setup, i can't use the dhcpcd.conf option unfortunately.

i probably should look at moving to dhcpcd.conf for static ip. . .

Andyroo

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Jul 31, 2019 6:24 pm

The interfaces file has been causing fun since Stretch was introduced- maybe this is just another reason to move over?

For basic bits I’ve not had any issues but it does have a few settings for IPv6 that I’m still trying to work out if I just comment them out as this is an IPv4 only network :o

Rlg
Posts: 1
Joined: Wed Sep 04, 2019 3:07 am

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Sep 04, 2019 3:10 am

Guys is this fixed?

I tried several times to get PEAP MSCHAPv2 to work using the CLI. The GUI displayed a grayout SSID and doesn't allow me to connect.

Thinkcat
Posts: 28
Joined: Wed Mar 14, 2018 10:50 pm
Location: Finland

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Wed Oct 16, 2019 11:07 am

I'd assume the GUI is not reporting anything per se, but is simply made to ignore enterprise networks.

Question is, do I lose anything (in compatibility, security, availability, performance) by switcing the driver?

Thinkcat
Posts: 28
Joined: Wed Mar 14, 2018 10:50 pm
Location: Finland

Re: Raspbian Buster - WiFi WPA2 enterprise broken?

Thu Oct 17, 2019 9:39 pm

Rlg wrote:
Wed Sep 04, 2019 3:10 am
I tried several times to get PEAP MSCHAPv2 to work using the CLI.
I got it working by reversing the drivers everywhere I saw them mentioned. I think the most important thing was to change it in /lib/dhcpcd/dhcpcd-hooks/10-wpa_supplicant because I wasn't using the systemd service at all and I also disabled the service called networking.

Code: Select all

network={
	ssid="TheSSID"
	key_mgmt=WPA-EAP
	eap=TTLS
	identity="myraspberry"
	password="paaaswoord"
	phase2="auth=MSCHAPV2"
}
Remember to use a capital V in MSCHAPV2.

I'd really like to know how many different network interface management systems there are. There is at least NetworkManager, then there is a service called networking and after one disables these both, dhcpcd will start wpa_supplicant anyway. What is the relationship of the panel applet to these, and which ones of these are complementary and which ones are exclusive? I also prefer i3, so there's no panel applet anywhere now.

Return to “Troubleshooting”