Can't Connect to WPA2 Enterprise networks

Issues & Assistance Networking Support
1

Hello ,

All wifi available at my university is WPA2 Enterprise secured and we login with our credentials, we have a couple of internal ones as well as eduroam and none of them work on my laptop with garuda despite working a couple of months ago and still working on other devices, i also have no trouble connecting to my home wifi.

here is a snapshot of network manager logs when attempting to connect to eduroam as an example:

Aug 23 17:10:11 katana NetworkManager[606]: <info>  [1692825011.6568] device (wlo1): supplicant interface state: disconnected -> inactive
Aug 23 17:10:11 katana NetworkManager[606]: <info>  [1692825011.6570] device (p2p-dev-wlo1): supplicant management interface state: disconnected -> inactive
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9676] device (wlo1): Activation: starting connection 'eduroam' (a79e3719-300d-460e-8ab5-1cc61f98ed23)
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9677] audit: op="connection-add-activate" uuid="a79e3719-300d-460e-8ab5-1cc61f98ed23" name="eduroam" pid=3743 uid=1000 result="success"
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9679] device (wlo1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9680] manager: NetworkManager state is now CONNECTING
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9792] device (wlo1): set-hw-addr: reset MAC address to 28:11:A8:31:B8:2F (preserve)
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9813] device (wlo1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9815] device (wlo1): Activation: (wifi) access point 'eduroam' has security, but secrets are required.
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9815] device (wlo1): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9899] device (wlo1): supplicant interface state: inactive -> disconnected
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9900] device (p2p-dev-wlo1): supplicant management interface state: inactive -> disconnected
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9907] device (wlo1): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9910] device (wlo1): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] device (wlo1): Activation: (wifi) connection 'eduroam' has security, and secrets exist.  No new secrets needed.
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] Config: added 'ssid' value 'eduroam'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] Config: added 'scan_ssid' value '1'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] Config: added 'bgscan' value 'simple:30:-65:300'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] Config: added 'key_mgmt' value 'WPA-EAP FT-EAP FT-EAP-SHA384 WPA-EAP-SHA256'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] Config: added 'auth_alg' value 'OPEN'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9914] Config: added 'password' value '<hidden>'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9915] Config: added 'eap' value 'PEAP'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9915] Config: added 'fragment_size' value '1266'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9915] Config: added 'phase2' value 'auth=MSCHAPV2'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9915] Config: added 'identity' value 'USERNAME@UNIVERSITYDOMAIN'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9915] Config: added 'proactive_key_caching' value '1'
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9922] device (wlo1): supplicant interface state: disconnected -> inactive
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9923] device (p2p-dev-wlo1): supplicant management interface state: disconnected -> inactive
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9994] device (wlo1): supplicant interface state: inactive -> scanning
Aug 23 17:11:38 katana NetworkManager[606]: <info>  [1692825098.9994] device (p2p-dev-wlo1): supplicant management interface state: inactive -> scanning
Aug 23 17:11:39 katana NetworkManager[606]: <info>  [1692825099.9732] device (wlo1): supplicant interface state: scanning -> authenticating
Aug 23 17:11:39 katana NetworkManager[606]: <info>  [1692825099.9732] device (p2p-dev-wlo1): supplicant management interface state: scanning -> authenticating
Aug 23 17:11:40 katana NetworkManager[606]: <info>  [1692825100.0009] device (wlo1): supplicant interface state: authenticating -> associating
Aug 23 17:11:40 katana NetworkManager[606]: <info>  [1692825100.0010] device (p2p-dev-wlo1): supplicant management interface state: authenticating -> associating
Aug 23 17:11:40 katana NetworkManager[606]: <info>  [1692825100.0154] device (wlo1): supplicant interface state: associating -> associated
Aug 23 17:11:40 katana NetworkManager[606]: <info>  [1692825100.0155] device (p2p-dev-wlo1): supplicant management interface state: associating -> associated
Aug 23 17:11:42 katana NetworkManager[606]: <info>  [1692825102.2590] device (wlo1): supplicant interface state: associated -> disconnected
Aug 23 17:11:42 katana NetworkManager[606]: <info>  [1692825102.2591] device (p2p-dev-wlo1): supplicant management interface state: associated -> disconnected
Aug 23 17:11:42 katana NetworkManager[606]: <info>  [1692825102.3593] device (wlo1): supplicant interface state: disconnected -> scanning
Aug 23 17:11:42 katana NetworkManager[606]: <info>  [1692825102.3593] device (p2p-dev-wlo1): supplicant management interface state: disconnected -> scanning
Aug 23 17:12:04 katana NetworkManager[606]: <warn>  [1692825124.6327] device (wlo1): Activation: (wifi) association took too long
Aug 23 17:12:04 katana NetworkManager[606]: <info>  [1692825124.6328] device (wlo1): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Aug 23 17:12:04 katana NetworkManager[606]: <warn>  [1692825124.6331] device (wlo1): Activation: (wifi) asking for new secrets
Aug 23 17:12:07 katana NetworkManager[606]: <warn>  [1692825127.1334] device (wlo1): no secrets: User canceled the secrets request.
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1334] device (wlo1): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1339] manager: NetworkManager state is now CONNECTED_LOCAL
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1469] device (wlo1): set-hw-addr: set MAC address to 6A:99:E2:4A:DE:CA (scanning)
Aug 23 17:12:07 katana NetworkManager[606]: <warn>  [1692825127.1500] device (wlo1): Activation: failed for connection 'eduroam'
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1502] device (wlo1): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1682] device (wlo1): supplicant interface state: scanning -> disconnected
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1682] device (p2p-dev-wlo1): supplicant management interface state: scanning -> disconnected
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1733] device (wlo1): supplicant interface state: disconnected -> inactive
Aug 23 17:12:07 katana NetworkManager[606]: <info>  [1692825127.1734] device (p2p-dev-wlo1): supplicant management interface state: disconnected -> inactive


Here is the output of garuda-inxi
>System:
  Kernel: 6.4.11-zen2-1-zen arch: x86_64 bits: 64 compiler: gcc v: 13.2.1
    clocksource: tsc available: acpi_pm
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
    root=UUID=1ff06791-3783-4094-b0dd-898c4b519967 rw rootflags=subvol=@
    quiet quiet rd.udev.log_priority=3 vt.global_cursor_default=0
    resume=UUID=f1f58c16-f4e6-4587-b7db-88c32ef6457f loglevel=3 ibt=off
  Desktop: KDE Plasma v: 5.27.7 tk: Qt v: 5.15.10 wm: kwin_x11 vt: 2
    dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
  Type: Laptop System: Micro-Star product: Katana GF66 11SC v: REV:1.0
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: Micro-Star model: MS-1582 v: REV:1.0 serial: <superuser required>
    UEFI: American Megatrends LLC. v: E1582IMS.30A date: 07/22/2021
Battery:
  ID-1: BAT1 charge: 2.8 Wh (6.0%) condition: 46.7/52.0 Wh (89.8%) volts: 12.2
    min: 11.4 model: MSI BIF0_9 type: Li-ion serial: N/A status: charging
CPU:
  Info: model: 11th Gen Intel Core i5-11400H bits: 64 type: MT MCP
    arch: Tiger Lake gen: core 11 level: v4 note: check built: 2020
    process: Intel 10nm family: 6 model-id: 0x8D (141) stepping: 1
    microcode: 0x46
  Topology: cpus: 1x cores: 6 tpc: 2 threads: 12 smt: enabled cache:
    L1: 480 KiB desc: d-6x48 KiB; i-6x32 KiB L2: 7.5 MiB desc: 6x1.2 MiB
    L3: 12 MiB desc: 1x12 MiB
  Speed (MHz): avg: 2388 high: 3500 min/max: 800/4500 scaling:
    driver: intel_pstate governor: performance cores: 1: 1956 2: 2700 3: 2700
    4: 2700 5: 801 6: 2700 7: 2700 8: 2700 9: 801 10: 2700 11: 2700 12: 3500
    bogomips: 64512
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities: <filter>
Graphics:
  Device-1: Intel TigerLake-H GT1 [UHD Graphics] vendor: Micro-Star MSI
    driver: i915 v: kernel arch: Gen-12.1 process: Intel 10nm built: 2020-21
    ports: active: eDP-1 empty: HDMI-A-1 bus-ID: 00:02.0 chip-ID: 8086:9a68
    class-ID: 0300
  Device-2: NVIDIA TU117M [GeForce GTX 1650 Mobile / Max-Q]
    vendor: Micro-Star MSI driver: nouveau v: kernel non-free: 535.xx+
    status: current (as of 2023-08) arch: Turing code: TUxxx
    process: TSMC 12nm FF built: 2018-22 pcie: gen: 4 speed: 16 GT/s lanes: 8
    link-max: lanes: 16 bus-ID: 01:00.0 chip-ID: 10de:1f9d class-ID: 0302
    temp: 29.0 C
  Device-3: Bison HD Webcam driver: uvcvideo type: USB rev: 2.0
    speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 3-10:2 chip-ID: 5986:211b
    class-ID: 0e02
  Display: x11 server: X.Org v: 21.1.8 with: Xwayland v: 23.2.0
    compositor: kwin_x11 driver: X: loaded: modesetting,nouveau
    alternate: fbdev,intel,nv,vesa dri: iris,nouveau gpu: i915 display-ID: :0
    screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
    s-diag: 582mm (22.93")
  Monitor-1: eDP-1 model: AU Optronics 0xaf90 built: 2020 res: 1920x1080
    hz: 144 dpi: 142 gamma: 1.2 size: 344x193mm (13.54x7.6") diag: 394mm (15.5")
    ratio: 16:9 modes: 1920x1080
  API: OpenGL v: 4.6 Mesa 23.1.6 renderer: Mesa Intel UHD Graphics (TGL GT1)
    direct-render: Yes
Audio:
  Device-1: Intel Tiger Lake-H HD Audio vendor: Micro-Star MSI
    driver: sof-audio-pci-intel-tgl
    alternate: snd_hda_intel,snd_sof_pci_intel_tgl bus-ID: 00:1f.3
    chip-ID: 8086:43c8 class-ID: 0401
  API: ALSA v: k6.4.11-zen2-1-zen status: kernel-api with: aoss
    type: oss-emulator tools: N/A
  Server-1: PipeWire v: 0.3.77 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Intel Tiger Lake PCH CNVi WiFi driver: iwlwifi v: kernel
    bus-ID: 00:14.3 chip-ID: 8086:43f0 class-ID: 0280
  IF: wlo1 state: up mac: <filter>
  Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    vendor: Micro-Star MSI driver: r8169 v: kernel pcie: gen: 1 speed: 2.5 GT/s
    lanes: 1 port: 3000 bus-ID: 03:00.0 chip-ID: 10ec:8168 class-ID: 0200
  IF: enp3s0 state: down mac: <filter>
  IF-ID-1: docker0 state: down mac: <filter>
Bluetooth:
  Device-1: Intel AX201 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
    speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 3-14:3 chip-ID: 8087:0026
    class-ID: e001
  Report: btmgmt ID: hci0 rfk-id: 0 state: up address: <filter> bt-v: 5.2
    lmp-v: 11 status: discoverable: no pairing: no class-ID: 7c010c
Drives:
  Local Storage: total: 476.94 GiB used: 141.43 GiB (29.7%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Kingston model: OM8PCP3512F-AI1
    size: 476.94 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s
    lanes: 4 tech: SSD serial: <filter> fw-rev: ECFK52.8 temp: 41.9 C
    scheme: GPT
Partition:
  ID-1: / raw-size: 467.84 GiB size: 467.84 GiB (100.00%)
    used: 141.43 GiB (30.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
    used: 576 KiB (0.2%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
  ID-3: /home raw-size: 467.84 GiB size: 467.84 GiB (100.00%)
    used: 141.43 GiB (30.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-4: /var/log raw-size: 467.84 GiB size: 467.84 GiB (100.00%)
    used: 141.43 GiB (30.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
  ID-5: /var/tmp raw-size: 467.84 GiB size: 467.84 GiB (100.00%)
    used: 141.43 GiB (30.2%) fs: btrfs dev: /dev/nvme0n1p2 maj-min: 259:2
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
  ID-1: swap-1 type: partition size: 8.8 GiB used: 0 KiB (0.0%) priority: -2
    dev: /dev/nvme0n1p3 maj-min: 259:3
  ID-2: swap-2 type: zram size: 7.47 GiB used: 401 MiB (5.2%) priority: 100
    comp: zstd avail: lzo,lzo-rle,lz4,lz4hc,842 max-streams: 12 dev: /dev/zram0
Sensors:
  System Temperatures: cpu: 35.0 C mobo: N/A gpu: nouveau temp: 29.0 C
  Fan Speeds (rpm): N/A
Info:
  Processes: 326 Uptime: 4m wakeups: 1 Memory: total: 8 GiB note: est.
  available: 7.47 GiB used: 3.88 GiB (52.0%) Init: systemd v: 254
  default: graphical tool: systemctl Compilers: gcc: 13.2.1 clang: 15.0.7
  Packages: 2481 pm: pacman pkgs: 2475 libs: 587 tools: pamac,paru pm: flatpak
  pkgs: 6 Shell: fish v: 3.6.1 default: Bash v: 5.1.16 running-in: konsole
  inxi: 3.3.29
Garuda (2.6.16-1):
  System install date:     2022-08-03
  Last full system update: 2023-08-24
  Is partially upgraded:   No
  Relevant software:       snapper NetworkManager mkinitcpio
  Windows dual boot:       No/Undetected
  Failed units:
2

Hi there, welcome to the forum.
Check if this helps
https://wiki.archlinux.org/title/Network_configuration/Wireless#eduroam

4 Likes
3

After a lot of wiki and forum posts reading it seems this issue is caused by openssl 3.10 onwards moving old TLS protocol versions 1.0 and 1.1 to a deprecated status, requiring a lower security level to be enabled, this is somewhat confirmed by being able to now access the WPE2 Enterprise networks i couldn't before, after downgrading openssl to a 3.9 version i had in the cache.

From what i read the proper way to solve this issue is to lower the security setting used by wpa_supplicant (or more specifically the settings that NetworkManager uses for wpa_supplicant) but after a lot of searching i still don't know how to do that exactly and I've kind of given up.

If someone more knowledgeable can point out the proper fix I'd appreciate it

4

Is this one your issue?
https://wiki.archlinux.org/title/NetworkManager#WPA_Enterprise_connections_fail_to_authenticate_with_OpenSSL_"unsupported_protocol"_error
If so, maybe you could try the suggested solution (I think in the Arch forum thread or the nmcli one).

2 Likes
5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.