Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Help required diagnosing random authentication failures.

  1. #1
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,216

    Default Help required diagnosing random authentication failures.

    Recently acquired my first laptop and the world of wireless access is all rather foreign to me.

    I'm getting apparently quite random authentication failures when connecting to a wireless router, and am fumbling around in the dark somewhat as to the exact cause.

    (KDE, Network Manager, wpa_supplicant)

    The driver in use is rtl8821ce from forum user Sauerland's home repository.

    Looking at the log for wpa_supplicant on a successful authentication I see the following:

    Code:
    1565812781.727495: wlan1: Trying to associate with 4c:38:d8:03:c1:9f (SSID='ORION-a-5G' freq=5220 MHz)
    1565812781.790247: wlan1: Associated with 4c:38:d8:03:c1:9f
    1565812781.790274: wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
    1565812781.790315: wlan1: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=GB
    1565812781.815898: wlan1: WPA: Key negotiation completed with 4c:38:d8:03:c1:9f [PTK=CCMP GTK=TKIP]
    1565812781.815931: wlan1: CTRL-EVENT-CONNECTED - Connection to 4c:38:d8:03:c1:9f completed [id=0 id_str=]
    On a failed authentication:

    Code:
    1565813819.717660: wlan1: Trying to associate with 4c:38:d8:03:c1:9f (SSID='ORION-a-5G' freq=5220 MHz)
    1565813819.822618: wlan1: Associated with 4c:38:d8:03:c1:9f
    1565813819.822655: wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
    1565813819.822689: wlan1: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=GB
    1565813823.869094: wlan1: CTRL-EVENT-DISCONNECTED bssid=4c:38:d8:03:c1:9f reason=2
    1565813823.869144: wlan1: WPA: 4-Way Handshake failed - pre-shared key may be incorrect
    1565813823.869159: wlan1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="ORION-a-5G" auth_failures=1 duration=10 reason=WRONG_KEY
    I note (if I'm interpreting correctly) that immediately before the key negotiation there is:

    Code:
    wlan1: CTRL-EVENT-DISCONNECTED bssid=4c:38:d8:03:c1:9f reason=2
    I wonder what is "reason=2", as that may give a clue... "googling" this didn't turn up anything that seemed relevant.

    When working there is no problem with the connection itself, the following fragment from "iwconfig" shows (I believe) the actual wireless link to be OK, that's after some 60-70 minutes of use.

    Code:
    Link Quality=70/100  Signal level=31/100  Noise level=0/100
    Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
    Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    I've discounted the signal level and quality by physically moving the laptop closer to the wireless access point, (quality and level then both approach 100/100), and I still see the random authentication failures.
    Regards, Paul

    Tumbleweed (Snapshot: 20190918) KDE Plasma 5
    Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected
    2x Leap 15.1 KDE Plasma 5

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,673
    Blog Entries
    15

    Default Re: Help required diagnosing random authentication failures.

    Quote Originally Posted by tannington View Post
    Recently acquired my first laptop and the world of wireless access is all rather foreign to me.

    I'm getting apparently quite random authentication failures when connecting to a wireless router, and am fumbling around in the dark somewhat as to the exact cause.

    (KDE, Network Manager, wpa_supplicant)

    The driver in use is rtl8821ce from forum user Sauerland's home repository.

    Looking at the log for wpa_supplicant on a successful authentication I see the following:

    Code:
    1565812781.727495: wlan1: Trying to associate with 4c:38:d8:03:c1:9f (SSID='ORION-a-5G' freq=5220 MHz)
    1565812781.790247: wlan1: Associated with 4c:38:d8:03:c1:9f
    1565812781.790274: wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
    1565812781.790315: wlan1: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=GB
    1565812781.815898: wlan1: WPA: Key negotiation completed with 4c:38:d8:03:c1:9f [PTK=CCMP GTK=TKIP]
    1565812781.815931: wlan1: CTRL-EVENT-CONNECTED - Connection to 4c:38:d8:03:c1:9f completed [id=0 id_str=]
    On a failed authentication:

    Code:
    1565813819.717660: wlan1: Trying to associate with 4c:38:d8:03:c1:9f (SSID='ORION-a-5G' freq=5220 MHz)
    1565813819.822618: wlan1: Associated with 4c:38:d8:03:c1:9f
    1565813819.822655: wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
    1565813819.822689: wlan1: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=GB
    1565813823.869094: wlan1: CTRL-EVENT-DISCONNECTED bssid=4c:38:d8:03:c1:9f reason=2
    1565813823.869144: wlan1: WPA: 4-Way Handshake failed - pre-shared key may be incorrect
    1565813823.869159: wlan1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="ORION-a-5G" auth_failures=1 duration=10 reason=WRONG_KEY
    I note (if I'm interpreting correctly) that immediately before the key negotiation there is:

    Code:
    wlan1: CTRL-EVENT-DISCONNECTED bssid=4c:38:d8:03:c1:9f reason=2
    I wonder what is "reason=2", as that may give a clue... "googling" this didn't turn up anything that seemed relevant.

    When working there is no problem with the connection itself, the following fragment from "iwconfig" shows (I believe) the actual wireless link to be OK, that's after some 60-70 minutes of use.

    Code:
    Link Quality=70/100  Signal level=31/100  Noise level=0/100
    Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
    Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    I've discounted the signal level and quality by physically moving the laptop closer to the wireless access point, (quality and level then both approach 100/100), and I still see the random authentication failures.
    Hi
    Could also be interference from other wireless AP's in the same locale, on the AP, can it do a wireless scan, if so move your channel to a less congested one if you can as least two channels away from the most congested...

    When was the AP last rebooted, if it's been up awhile sometimes this helps...
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,216

    Default Re: Help required diagnosing random authentication failures.

    Interference would certainly account for the randomness with which this happens, but I'm seeing little to actually confirm that may be the cause.

    The AP I'm connecting to is an ISP supplied "UPC Connect Box", an all in one Cable Modem / Router / WiFi AP / VOIP gizmo...

    It has "Intelligent Wi-Fi", which (paraphrased to shorten) "regularly checks for best channel and channel width to minimize interference and congestion". I've read on my ISP's user forums that some people claim better performance by switching that feature off, and others by switching it on...

    Typically I see anything from 2-7 other "Available Connections" in Network Manager, however if I use "iwlist wlan1 scan" to see in detail, then only "Cell 08" is on 5GHz and on a different channel to myself. So I'm doubting if it's interference from other local APs.

    Code:
    Heavily snipped output
    
    wlan1     Scan completed :
              Cell 01 - Address: 4C:*** - (This is mine)
                        ESSID:"ORION-a-5G"
                        Protocol:IEEE 802.11AC
                        Mode:Master
                        Frequency:5.22 GHz (Channel 44)
                        Encryption key:on
                        Bit Rates:1.3 Gb/s
                        Quality=78/100  Signal level=53/100  
    
              Cell 02 - Address: 80:***
                        ESSID:"VM8504976_EXT"
                        Protocol:IEEE 802.11bgn
                        Mode:Master
                        Frequency:2.412 GHz (Channel 1)
                        Encryption key:on
                        Bit Rates:144 Mb/s
                        Quality=100/100  Signal level=16/100  
    
              Cell 03 - Address: 15:***
                        ESSID:"iNOR15a"
                        Protocol:IEEE 802.11bg
                        Mode:Ad-Hoc
                        Frequency:2.412 GHz (Channel 1)
                        Encryption key:on
                        Bit Rates:54 Mb/s
                        Quality=0/100  Signal level=18/100  
    
              Cell 04 - Address: B6:***
                        ESSID:"DIRECT-8D-HP ENVY 5000 series"
                        Protocol:IEEE 802.11gn
                        Mode:Master
                        Frequency:2.437 GHz (Channel 6)
                        Encryption key:on
                        Bit Rates:144 Mb/s
                        Quality=27/100  Signal level=20/100  
    
              Cell 05 - Address: C0:***
                        ESSID:"The Cairn"
                        Protocol:IEEE 802.11bgn
                        Mode:Master
                        Frequency:2.437 GHz (Channel 6)
                        Encryption key:on
                        Bit Rates:144 Mb/s
                        Quality=81/100  Signal level=14/100  
    
              Cell 06 - Address: 10:***
                        ESSID:"VM383956-2G"
                        Protocol:IEEE 802.11bgn
                        Mode:Master
                        Frequency:2.462 GHz (Channel 11)
                        Encryption key:on
                        Bit Rates:144 Mb/s
                        Quality=100/100  Signal level=19/100  
    
              Cell 07 - Address: 15:***
                        ESSID:"iNOR15"
                        Protocol:IEEE 802.11bg
                        Mode:Ad-Hoc
                        Frequency:2.462 GHz (Channel 11)
                        Encryption key:on
                        Bit Rates:54 Mb/s
                        Quality=90/100  Signal level=20/100  
    
              Cell 08 - Address: 9C:***
                        ESSID:"VM383956-5G"
                        Protocol:IEEE 802.11an
                        Mode:Master
                        Frequency:5.18 GHz (Channel 36)
                        Encryption key:on
                        Bit Rates:300 Mb/s
                        Quality=18/100  Signal level=7/100

    Referring back to the wpa_supplicant log, I've now found ( https://community.cisco.com/t5/wirel...s/ta-p/3113150 ) that "Reason=2" is "Previous authentication no longer valid", which so far is of little help.


    For the moment I'm "sort of" accepting it, are authentication failures such as this something that "just happen"...

    On a more positive note the 15.1 install on my newly acquired HP 255 G7 went quite well, I ran a live USB for a couple of days which didn't throw up any serious problems, so went ahead and did a network install.

    I've a few minor problems to fathom out, I'll post about those in a day or so if unable to resolve them myself.
    Regards, Paul

    Tumbleweed (Snapshot: 20190918) KDE Plasma 5
    Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected
    2x Leap 15.1 KDE Plasma 5

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,673
    Blog Entries
    15

    Default Re: Help required diagnosing random authentication failures.

    Quote Originally Posted by tannington View Post
    Interference would certainly account for the randomness with which this happens, but I'm seeing little to actually confirm that may be the cause.

    The AP I'm connecting to is an ISP supplied "UPC Connect Box", an all in one Cable Modem / Router / WiFi AP / VOIP gizmo...

    It has "Intelligent Wi-Fi", which (paraphrased to shorten) "regularly checks for best channel and channel width to minimize interference and congestion". I've read on my ISP's user forums that some people claim better performance by switching that feature off, and others by switching it on...

    Typically I see anything from 2-7 other "Available Connections" in Network Manager, however if I use "iwlist wlan1 scan" to see in detail, then only "Cell 08" is on 5GHz and on a different channel to myself. So I'm doubting if it's interference from other local APs.
    Hi
    I would set the channel and turn off any switching, can you run your setup as just 5GHz only, or it has to be both?
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  5. #5
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,518

    Question Re: Help required diagnosing random authentication failures.

    @tannington:

    Have you enabled the systemd “wpa_supplicant” service?

    AFAICS, with Network Manager, this isn't needed and, indeed, may be counterproductive …

    The reason is:
    • The systemd “wpa_supplicant” service needs to be started during boot only if, the wireless connection is to be made during boot – with Network Manager this is not the case …
    • Network Manager starts “wpa_supplicant” anyway, by it's self and, there's some D-Bus activity going on as well …

    Code:
     > systemctl list-unit-files | grep -i 'wpa'
    dbus-fi.epitest.hostap.WPASupplicant.service                           disabled 
    dbus-fi.w1.wpa_supplicant1.service                                     disabled 
    wpa_supplicant.service                                                 disabled 
    wpa_supplicant@.service                                                disabled 
     >
    Code:
     # journalctl --this-boot --full | grep -i 'wpa'
    Aug 16 18:15:04 xxx dbus-daemon[1272]: [system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service' requested by ':1.10' (uid=0 pid=1465 comm="/usr/sbin/NetworkManager --no-daemon ")
    Aug 16 18:15:05 xxx systemd[1]: Starting WPA Supplicant daemon...
    Aug 16 18:15:05 xxx dbus-daemon[1272]: [system] Successfully activated service 'fi.w1.wpa_supplicant1'
    Aug 16 18:15:05 xxx systemd[1]: Started WPA Supplicant daemon.
    Aug 16 18:15:05 xxx NetworkManager[1465]: <info>  [1565972105.7923] supplicant: wpa_supplicant running

  6. #6
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,518

    Default Re: Help required diagnosing random authentication failures.

    @tannington:

    Given that, you seem to have some WLAN “neighbours”, you're well advised to setup the SSID of your WLAN to a unique string – it's currently the default manufacturer string – “ORION-a-5G” – meaning that, anyone else in your neighbourhood who has also purchased from the same provider will, have a WLAN with the same SSID as yours – which is confusing for the clients trying to connect to the WLANs …
    • The clients, normally, 1st search for the SSID (string) and then, attempt to connect to it – if it ain't “yours” then, the passphrase fails …

  7. #7
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,216

    Default Re: Help required diagnosing random authentication failures.

    Quote Originally Posted by malcolmlewis View Post
    Hi
    I would set the channel and turn off any switching, can you run your setup as just 5GHz only, or it has to be both?
    I had already switched off 2.4GHz.

    With the "Intelligent Wi-Fi" and "Auto Channel Selection" also switched off I've not seen any change in behaviour, i.e. still random authentication failures.

    I don't think the problem is interference from another Wi-Fi nearby as I'm frequently the only person on 5GHz. I've taken to running "iwlist wlan1 scan" immediately after an authentication failure to see what other activity there is.

    I've also started to take note of the time at which it occurs, to see if it's more likely to happen at a particular time of day, but so far that seems quite random also, but I need to do that for a few more days before drawing any conclusions.
    Regards, Paul

    Tumbleweed (Snapshot: 20190918) KDE Plasma 5
    Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected
    2x Leap 15.1 KDE Plasma 5

  8. #8
    Join Date
    Mar 2011
    Location
    Sauerland
    Posts
    3,952

    Default AW: Help required diagnosing random authentication failures.

    Running with the same Chip here on Leap 15.1 with no Problems.

    Post:
    Code:
    zypper se -si rtl kernel
    Code:
    uname -a

  9. #9
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,216

    Default Re: Help required diagnosing random authentication failures.

    Quote Originally Posted by dcurtisfra View Post
    Have you enabled the systemd “wpa_supplicant” service?
    Not changed that from the installed default:

    Code:
    paul@HP255G7:~> systemctl list-unit-files | grep -i 'wpa'
    dbus-fi.epitest.hostap.WPASupplicant.service disabled       
    dbus-fi.w1.wpa_supplicant1.service           disabled       
    wpa_supplicant.service                       disabled       
    wpa_supplicant@.service                      disabled       
    paul@HP255G7:~>
    And it starts up correctly when required to do so by Network Manager:

    Code:
    paul@HP255G7:~> sudo journalctl --this-boot --full | grep -i 'wpa'
    [sudo] password for root: 
    Aug 17 13:48:05 HP255G7 dbus-daemon[1053]: [system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service' requested by ':1.4' (uid=0 pid=1106 comm="/usr/sbin/NetworkManager --no-daemon ")
    Aug 17 13:48:05 HP255G7 systemd[1]: Starting WPA Supplicant daemon...
    Aug 17 13:48:05 HP255G7 dbus-daemon[1053]: [system] Successfully activated service 'fi.w1.wpa_supplicant1'
    Aug 17 13:48:05 HP255G7 systemd[1]: Started WPA Supplicant daemon.
    Aug 17 13:48:05 HP255G7 NetworkManager[1106]: <info>  [1566046085.9922] supplicant: wpa_supplicant running
    Aug 17 13:48:30 HP255G7 NetworkManager[1106]: <info>  [1566046110.4104] Config: added 'key_mgmt' value 'WPA-PSK'
    Aug 17 13:48:34 HP255G7 kernel: RTW: rtw_cfg80211_set_wpa_version, wpa_version=2
    Aug 17 13:48:34 HP255G7 kernel: RTW: set wpa_ie(length:22):
    Aug 17 13:48:34 HP255G7 kernel: RTW: got wpa2_ie, wpa2_ielen:20
    Aug 17 14:05:29 HP255G7 kernel: RTW: recv eapol packet - WPA Group Key 1/2
    Aug 17 14:05:29 HP255G7 kernel: RTW: send eapol packet - WPA Group Key 2/2
    paul@HP255G7:~>
    Given that, you seem to have some WLAN “neighbours”, you're well advised to setup the SSID of your WLAN to a unique string – it's currently the default manufacturer string – “ORION-a-5G”
    Already changed that, “ORION-a-5G” is not the default SSID
    Regards, Paul

    Tumbleweed (Snapshot: 20190918) KDE Plasma 5
    Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected
    2x Leap 15.1 KDE Plasma 5

  10. #10
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,673
    Blog Entries
    15

    Default Re: Help required diagnosing random authentication failures.

    Quote Originally Posted by tannington View Post
    I had already switched off 2.4GHz.

    With the "Intelligent Wi-Fi" and "Auto Channel Selection" also switched off I've not seen any change in behaviour, i.e. still random authentication failures.

    I don't think the problem is interference from another Wi-Fi nearby as I'm frequently the only person on 5GHz. I've taken to running "iwlist wlan1 scan" immediately after an authentication failure to see what other activity there is.

    I've also started to take note of the time at which it occurs, to see if it's more likely to happen at a particular time of day, but so far that seems quite random also, but I need to do that for a few more days before drawing any conclusions.
    Hi
    Can you post the output from;

    Code:
    systool -vm rtl8821ce
    This will see if there are any module options and if they can be tweaked.
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •