On February 6th, I updated my Tumbleweed system which included an update of NetworkManager to 1.40-.12-1.1 and wpa_supplicant to 2.10-4.2. After that, I was not able to connect to he eduroam network both at my library and school. Booting into a snapshot prior to the upgrade worked flawlessly. Unfortunately, that snapshot as deleted since I kept updating the system.
I captured the following log related to the problem:
[ 11.540295] Intel(R) Wireless WiFi driver for Linux
[ 11.540564] iwlwifi 0000:02:00.0: can't disable ASPM; OS doesn't have ASPM control
[ 11.575916] iwlwifi 0000:02:00.0: loaded firmware version 18.168.6.1 6000g2b-6.ucode op_mode iwldvm
[ 11.891683] iwlwifi 0000:02:00.0 wlp2s0: renamed from wlan0
[ 18.155163] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 18.458785] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 18.594006] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 18.905098] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 22.531238] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 22.835375] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 22.940674] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 22.944431] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 22.958287] wlp2s0: authenticated
[ 22.958457] wlp2s0: waiting for beacon from xxxxxxxxxxxxxxx
[ 23.062412] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
[ 23.065556] wlp2s0: RX AssocResp from xxxxxxxxxxxxxxx (capab=0x1111 status=0 aid=2)
[ 23.067995] wlp2s0: associated
[ 23.163515] wlp2s0: deauthenticated from xxxxxxxxxxxxxxx (Reason: 23=IEEE8021X_FAILED)
[ 36.851151] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 36.854572] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 36.884660] wlp2s0: authenticated
[ 36.884944] wlp2s0: waiting for beacon from xxxxxxxxxxxxxxx
[ 36.988044] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
[ 36.991750] wlp2s0: RX AssocResp from xxxxxxxxxxxxxxx (capab=0x1111 status=0 aid=2)
[ 36.995328] wlp2s0: associated
[ 37.093102] wlp2s0: deauthenticated from xxxxxxxxxxxxxxx (Reason: 23=IEEE8021X_FAILED)
[ 51.178857] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 51.181823] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 51.220530] wlp2s0: authenticated
[ 51.220715] wlp2s0: waiting for beacon from xxxxxxxxxxxxxxx
[ 51.323832] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
[ 51.326792] wlp2s0: RX AssocResp from xxxxxxxxxxxxxxx (capab=0x1111 status=0 aid=2)
[ 51.329744] wlp2s0: associated
[ 51.423147] wlp2s0: deauthenticated from xxxxxxxxxxxxxxx (Reason: 23=IEEE8021X_FAILED)
[ 65.108953] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 65.111249] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 65.146827] wlp2s0: authenticated
[ 65.146986] wlp2s0: waiting for beacon from xxxxxxxxxxxxxxx
[ 65.251066] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
[ 65.254520] wlp2s0: RX AssocResp from xxxxxxxxxxxxxxx (capab=0x1111 status=0 aid=2)
[ 65.257709] wlp2s0: associated
[ 65.352726] wlp2s0: deauthenticated from xxxxxxxxxxxxxxx (Reason: 23=IEEE8021X_FAILED)
[ 73.013367] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 73.016100] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 73.031482] wlp2s0: authenticated
[ 73.031674] wlp2s0: waiting for beacon from xxxxxxxxxxxxxxx
[ 73.135553] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
[ 73.138790] wlp2s0: RX AssocResp from xxxxxxxxxxxxxxx (capab=0x1111 status=0 aid=2)
[ 73.142358] wlp2s0: associated
[ 73.232600] wlp2s0: deauthenticated from xxxxxxxxxxxxxxx (Reason: 23=IEEE8021X_FAILED)
[ 97.978070] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 97.981818] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 98.000036] wlp2s0: aborting authentication with xxxxxxxxxxxxxxx by local choice (Reason: 3=DEAUTH_LEAVING)
[ 98.057181] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
[ 98.358338] iwlwifi 0000:02:00.0: Radio type=0x2-0x1-0x0
Any ideas?
FWIW, the network settings for eduroam:
Security: WPA/WPA2 enterprise
Authentication: PEAP
No certificate
PEAP version: automatic
Inner authentication: MSCHAPV2
And, of course, username and password.
Please be aware that, the openSUSE Documentation is only relevant for the GNOME and KDE Plasma desktop environments – a more general documentation is here: <https://wiki.archlinux.org/title/NetworkManager>
Please note the need to install package named “nm-applet” – for the case of openSUSE this package is named “NetworkManager-applet”.
Looking at the XFCE documentation, I can’t see anything related to Network Management – possibly because the Network Manager applet should be used to manage network connections …
Thank you, sir. I do have the feeling that there is some miscommunication going on. The core of my problem is that eduroam worked perfectly for a long time, but stopped working after a Tumbleweed update in early February.
Yes, but the only information provided so far just says that authentication failed. You may try to enable trace level logging in NetworkManager, it may give some more information why it fails.
Have you included the user directories in the system snapshot?
If so, then, the changes to your user files were also deleted when the snapshot was deleted.
Please be aware that, the snapshot mechanism is mainly useful for rolling back system files to a previous (working) state.
For the case of user directories and files, snapshots are really only useful for recovering files and directories which were accidentally deleted.
Meaning, for the case of user directories and files, a regular Backup is, and remains, the prime choice.
wlp2s0: authenticate with wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 63.237186] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 63.248771] wlp2s0: authenticated
[ 63.251214] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
[ 63.254049] wlp2s0: RX AssocResp from xxxxxxxxxxxxxxx (capab=0x1111 status=0 aid=1)
[ 63.256493] wlp2s0: associated
[ 64.349336] wlp2s0: deauthenticated from xxxxxxxxxxxxxxx (Reason: 6=CLASS2_FRAME_FROM_NONAUTH_STA)
[ 78.064763] wlp2s0: authenticate with xxxxxxxxxxxxxxx
[ 78.067425] wlp2s0: send auth to xxxxxxxxxxxxxxx (try 1/3)
[ 78.095464] wlp2s0: authenticated
[ 78.095641] wlp2s0: waiting for beacon from xxxxxxxxxxxxxxx
[ 78.199158] wlp2s0: associate with xxxxxxxxxxxxxxx (try 1/3)
I also capture the journalctl log, but there does not seem to be anything interesting there. Retrieval of secrets seems to go smooth (except for some lines with user cancelled secret requests).
It could be that, the network you’re trying to connect to has enabled an additional security level –
Only clients with know MAC addresses are allowed to connect – even if, they have correct credentials for connecting to the WLAN/WiFi.
The rejection reason supplied by the WLAN Access Point means:
Client attempted to transfer data before it was authenticated.
Alternatively, the reason could be the way you’re using the IEEE Standard 802.11 –
Are you sure that, you’re using the correct Security Algorithm to access the WLAN?
Could it be that, you’ve enabled the WEP algorithm?
( Rather than WPA/WPA2 … )
BTW, I just love (not really) the abbreviations used by IEEE 802.11 discussions:
STA – there are at least 128 meanings for this abbreviation – “Special Temporary Authority”; “Surface to Air”; “Students Take Action” …
But, I suspect that it means “STATION” …
AP – there are at least 264 meanings for this abbreviation – “Air Pollution”; “Atmospheric Pressure”; “Applied Physics” …
But, I suspect that, it means “Access Point” …
I’m using the settings as described in the OP; configuration has not changed after updating wpa_supplicant, etc.
At school, I was able to connect to eduroam via Windows 10. TW is still giving me problems. Therefore, it must be a bug or a config file that has changed when updating wpa_supplicant, NetworkManager, etc at the beginning of February. Any suggestions for gathering more information to debug/troubleshoot?
None of the above suggestions work… I’m now getting Reason: 23=IEEE8021X_FAILED again, just as I originally did. I’m still convinced that something went wrong with the NetworkManager/wpa_supplicant update in early February (be it a bug, or configuration change), since before that everything worked fine. For now, I’m using USB tethering via my phone as a workaround (am able to connect via Android).
Not sure what you’re getting at, but I can connect via my Android phone no matter if I set the CA-certificate to ‘Do not validate’ or ‘Use system certificates’