Can't connect to AP with Intel WiFi Link 5100 AGN using supplied certificates

Heya,

I moved to Berlin recently and I got wireless internet through an access point. I’m supposed to use the laptop’s built-in wireless netcard to access the internet. This usually works in windows (connection falls out from time to time), but I have yet to make it work in linux. I’m using OpenSuse 11.3 64-bit and the Knetwork manager. Most of the settings in the network manager are correct, but it keeps wanting to use system certificates for the server. By that I mean it keeps checking ‘Use CA System certificates’.

So I can’t choose the CA-certificate supplied by my internet provider. I keep removing the check-mark and pointing it to the ‘hotzoneCA.der’ certificate. I also got a ‘personal’ certificate, in lack of a better word. Its called ‘jacob_collstrup.p12’. The Knetwork manager seems to accept the ‘jacob_collstrup.p12’ certificate, but not the other one.

I just put the certificates in a folder like this /jacob/home/hotzone/zertifikate/

I can see the network fine using the Knetwork manager, and the signal strength seems ok. Not too good, but it shouldn’t be a problem.

I might have messed up the system, since I first tried this guide, prior to experimenting with Knetwork Manager:

  1. (had to run this one as su)
wpa_supplicant -w -i wlan0 -c /etc/wpa_supplicant.conf -Dndiswrapper -dd –t
  1. (This was supposed to be put in a wpa_supplicant.conf file)
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
opensc_engine_path=/usr/lib/opensc/engine_opensc.so
pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
update_config=1
ap_scan=1
network={
	ssid="hotZone"
	proto=WPA
	key_mgmt=IEEE8021X
	auth_alg=OPEN
	eap=TLS
	identity="Otto Mustermann" # "FirstName FamilyName"
	ca_cert="/etc/ssl/certs/hotZone/hotzoneCA.der"
	private_key="/etc/ssl/certs/hotZone/otto_mustermann.p12"
	private_key_passwd="otto_mustermann_client_passwort"
			# password as printed on the welcome letter
	eapol_flags=1
	priority=99
}

Please tell me if I haven’t supplied enough information.

Best regards,

Daqar

I really need some help here. I’d like to get the internet to working in opensuse too…Is there some info missing or have I posted in the wrong forum?

Best regards,

Daqar

It looks like you’re using ndiswrapper. That should really be a last resort.
Did you put the correct certificates in wpa_supplicant.conf? If you put them in a custom folder you need to change the config file to point to those certs.
The config file you posted isn’t pointing to your files.
I’ve never needed a cert to connect to wireless, so I don’t know a lot about your issue. But if that’s what it needs, once you get the CA, KEY and PASSWORD entered in the file it should be able to connect.
Knetworkmanager might not work to do that. Doing it from the command line is a better bet.

the file wpa_supplicant.conf is located in /etc/wpa_supplicant/

I don’t think I’m using ndiswrapper, but I’m not sure. I don’t know how to put the command together without the ndiswrapper-part.

The wpa_supplicant.conf lies in a write-protected part of my system. I have so far not been able to edit it. I’ve tried creating it in a non-write-protected part of my system, saved it, then ran dolphin as su to copy it, but this doesn’t work either.

Assuming I get conf-file set up right and copied to the right destination, what then? Will the computer automaticly connect then?

Best regards,

Daqar

I have been successful with creating the wpa_supplicant.conf file, but I don’t know what to do now…I tried experimenting a bit with the cli:

linux-c18f:/home/jacob # wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ENGINE: ctrl cmd_string failed: LOAD (null) [error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library]
SSL: Failed to initialize TLS context.
Failed to initialize EAPOL state machines.
linux-c18f:/home/jacob # exit
exit
jacob@linux-c18f:~> su
Password: 
linux-c18f:/home/jacob # wpa_supplicant -w -i wlan0 -c /etc/wpa_supplicant.conf -Dwext -dd -t
wpa_supplicant: invalid option -- 'w'
wpa_supplicant v0.7.1
Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.

This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)

usage:
  wpa_supplicant -BddhKLqqstuvW] -P<pid file>] -g<global ctrl>] \
        -i<ifname> -c<config file> -C<ctrl>] -D<driver>] -p<driver_param>] \
        -b<br_ifname>] -f<debug file>] \
        -o<override driver>] -O<override ctrl>] \
        -N -i<ifname> -c<conf> -C<ctrl>] -D<driver>] \
        -p<driver_param>] -b<br_ifname>] ...]

drivers:
  wext = Linux wireless extensions (generic)
  nl80211 = Linux nl80211/cfg80211
  hostap = Host AP driver (Intersil Prism2/2.5/3)
  atmel = ATMEL AT76C5XXx (USB, PCMCIA)
  ndiswrapper = Linux ndiswrapper (deprecated; use wext)
  wired = Wired Ethernet driver
  ralink = Ralink Wireless Client driver
options:
  -b = optional bridge interface name
  -B = run daemon in the background
  -c = Configuration file
  -C = ctrl_interface parameter (only used if -c is not)
  -i = interface name
  -d = increase debugging verbosity (-dd even more)
  -D = driver name (can be multiple drivers: nl80211,wext)
  -f = log output to debug file instead of stdout
  -g = global ctrl_interface
  -K = include keys (passwords, etc.) in debug output
  -t = include timestamp in debug messages
  -h = show this help text
  -L = show license (GPL and BSD)
  -o = override driver parameter for new interfaces
  -O = override ctrl_interface parameter for new interfaces
  -p = driver parameters
  -P = PID file
  -q = decrease debugging verbosity (-qq even less)
  -u = enable DBus control interface
  -v = show version
  -W = wait for a control interface monitor before starting
  -N = start describing new interface
example:
  wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
linux-c18f:/home/jacob # dhclient
linux-c18f:/home/jacob # dhcclient
If 'dhcclient' is not a typo you can use command-not-found to lookup the package that contains it, like this:
    cnf dhcclient
linux-c18f:/home/jacob # 

I really don’t know if I’m doing it right or wrong…

Best regards,

Daqar

What is the status of your wireless? Did the wpa_supplicant error go away? Have you tried to configure your network with network manager?

error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library
Looks like this error is cause by missing packages.

sudo zypper in opensc

That should install libopenct1 libopensc2 opensc pcsc-lite and you should be able to run the wpa_supplicant commnand at that point.
Please update with detailed status.

Also, could you post your wpa_supplicant.conf file? (The one that you customized with your certs in it)

Sorry for the late reply, I have been busy with uni and a little bit confused, so I forgot all about my troubles connection linux to the internet.

I tried the commands again today…with some progress, however it still doesn’t work:

linux-c18f:/home/jacob # wpa_supplicant -i -wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -Diwlagn -dd -t
1290177417.150369: Initializing interface '-wlan0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'iwlagn' ctrl_interface 'N/A' bridge 'N/A'
1290177417.150407: Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'
1290177417.150416: Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
1290177417.292062: ctrl_interface='/var/run/wpa_supplicant'
1290177417.292098: ctrl_interface_group='0'
1290177417.292108: opensc_engine_path='/usr/lib/opensc/engine_opensc.so'
1290177417.292119: pkcs11_engine_path='/usr/lib/opensc/engine_pkcs11.so'
1290177417.292129: pkcs11_module_path='/usr/lib/pkcs11/opensc-pkcs11.so'
1290177417.292145: update_config=1
1290177417.292156: ap_scan=1
1290177417.292164: Line: 8 - start of a new network block
1290177417.292198: ssid - hexdump_ascii(len=7):
     68 6f 74 5a 6f 6e 65                              hotZone         
1290177417.292238: proto: 0x1
1290177417.292250: key_mgmt: 0x8
1290177417.292260: auth_alg: 0x1
1290177417.292278: eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00
1290177417.292298: identity - hexdump_ascii(len=15):
     4a 61 63 6f 62 20 43 6f 6c 6c 73 74 72 75 70      Jacob Collstrup 
1290177417.292325: ca_cert - hexdump_ascii(len=36):
     2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 68   /etc/ssl/certs/h
     6f 74 5a 6f 6e 65 2f 68 6f 74 7a 6f 6e 65 43 41   otZone/hotzoneCA
     2e 64 65 72                                       .der            
1290177417.292402: private_key - hexdump_ascii(len=42):
     2f 65 74 63 2f 73 73 6c 2f 63 65 72 74 73 2f 68   /etc/ssl/certs/h
     6f 74 5a 6f 6e 65 2f 6a 61 63 6f 62 5f 63 6f 6c   otZone/jacob_col
     6c 73 74 72 75 70 2e 70 31 32                     lstrup.p12      
1290177417.292454: private_key_passwd - hexdump_ascii(len=8): [REMOVED]
1290177417.292471: eapol_flags=1 (0x1)
1290177417.292488: priority=99 (0x63)
1290177417.292543: Priority group 99
1290177417.292561:    id=0 ssid='hotZone'
1290177417.292577: Unsupported driver 'iwlagn'.
1290177417.292591: Failed to add interface -wlan0
1290177417.292644: Cancelling scan request
1290177417.292660: Cancelling authentication timeout

Here is my conf-file:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
opensc_engine_path=/usr/lib/opensc/engine_opensc.so
pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
update_config=1
ap_scan=1
network={
ssid="hotZone"
proto=WPA
key_mgmt=IEEE8021X
auth_alg=OPEN
eap=TLS
identity="Jacob Collstrup"
# "FirstName FamilyName"
ca_cert="/etc/ssl/certs/hotZone/hotzoneCA.der"
private_key="/etc/ssl/certs/hotZone/Jacob Collstrup.p12"
private_key_passwd="otto_mustermann_client_passwort"
# password as printed on the welcome letter
eapol_flags=1
priority=99
}

The above is based on the old .conf file. I have corrected it as best as I can. So it now points to my certificates and has my password in it.

Best regards,

Daqar

Can you also post the relevant output of

lspci

and

dmesg |grep firmware

I couldn’t figure out what you’d consider ‘relevant’ so I’m going to present all the info, from those two commands:

lspci:

jacob@linux-c18f:~> lspci
Absolute path to 'lspci' is '/sbin/lspci', so running it may require superuser privileges (eg. root).
jacob@linux-c18f:~> su
Password: 
linux-c18f:/home/jacob # lspci
00:00.0 Host bridge: Intel Corporation Mobile 4 Series Chipset Memory Controller Hub (rev 07)
00:01.0 PCI bridge: Intel Corporation Mobile 4 Series Chipset PCI Express Graphics Port (rev 07)
00:1a.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 (rev 03)
00:1a.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 (rev 03)
00:1a.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 (rev 03)
00:1a.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 (rev 03)
00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 1 (rev 03)
00:1c.2 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 3 (rev 03)
00:1c.3 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 4 (rev 03)
00:1c.5 PCI bridge: Intel Corporation 82801I (ICH9 Family) PCI Express Port 6 (rev 03)
00:1d.0 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 (rev 03)
00:1d.1 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 (rev 03)
00:1d.2 USB Controller: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 (rev 03)
00:1d.7 USB Controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 (rev 03)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev 93)
00:1f.0 ISA bridge: Intel Corporation ICH9M LPC Interface Controller (rev 03)
00:1f.2 SATA controller: Intel Corporation ICH9M/M-E SATA AHCI Controller (rev 03)
00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 03)
01:00.0 VGA compatible controller: nVidia Corporation G96 [GeForce 9600M GT] (rev a1)
06:00.0 System peripheral: JMicron Technology Corp. SD/MMC Host Controller
06:00.2 SD Host controller: JMicron Technology Corp. Standard SD Host Controller
06:00.3 System peripheral: JMicron Technology Corp. MS Host Controller
06:00.4 System peripheral: JMicron Technology Corp. xD Host Controller
07:00.0 Network controller: Intel Corporation WiFi Link 5100
09:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe (rev 10)
0a:04.0 CardBus bridge: O2 Micro, Inc. OZ601/6912/711E0 CardBus/SmartCardBus Controller (rev 40)

dmesg |grep firmware:

linux-c18f:/home/jacob # dmesg |grep firmware
    8.966219] iwlagn 0000:07:00.0: firmware: requesting iwlwifi-5000-2.ucode
    8.968524] iwlagn 0000:07:00.0: loaded firmware version 8.24.2.12
linux-c18f:/home/jacob # 

Best regards,

Daqar

I meant to have you run this command as roor

lspci -nnk

OK…here is the output of ‘lspci -nnk’:

jacob@linux-c18f:~> su
Password: 
linux-c18f:/home/jacob # lspci -nnk
00:00.0 Host bridge [0600]: Intel Corporation Mobile 4 Series Chipset Memory Controller Hub [8086:2a40] (rev 07)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
00:01.0 PCI bridge [0604]: Intel Corporation Mobile 4 Series Chipset PCI Express Graphics Port [8086:2a41] (rev 07)
        Kernel driver in use: pcieport
00:1a.0 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #4 [8086:2937] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: uhci_hcd
00:1a.1 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #5 [8086:2938] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: uhci_hcd
00:1a.2 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #6 [8086:2939] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: uhci_hcd
00:1a.7 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #2 [8086:293c] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: ehci_hcd
00:1b.0 Audio device [0403]: Intel Corporation 82801I (ICH9 Family) HD Audio Controller [8086:293e] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: HDA Intel
00:1c.0 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 1 [8086:2940] (rev 03)
        Kernel driver in use: pcieport
00:1c.2 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 3 [8086:2944] (rev 03)
        Kernel driver in use: pcieport
00:1c.3 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 4 [8086:2946] (rev 03)
        Kernel driver in use: pcieport
00:1c.5 PCI bridge [0604]: Intel Corporation 82801I (ICH9 Family) PCI Express Port 6 [8086:294a] (rev 03)
        Kernel driver in use: pcieport
00:1d.0 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #1 [8086:2934] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: uhci_hcd
00:1d.1 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #2 [8086:2935] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: uhci_hcd
00:1d.2 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB UHCI Controller #3 [8086:2936] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: uhci_hcd
00:1d.7 USB Controller [0c03]: Intel Corporation 82801I (ICH9 Family) USB2 EHCI Controller #1 [8086:293a] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: ehci_hcd
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 Mobile PCI Bridge [8086:2448] (rev 93)
00:1f.0 ISA bridge [0601]: Intel Corporation ICH9M LPC Interface Controller [8086:2919] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
00:1f.2 SATA controller [0106]: Intel Corporation ICH9M/M-E SATA AHCI Controller [8086:2929] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: ahci
00:1f.3 SMBus [0c05]: Intel Corporation 82801I (ICH9 Family) SMBus Controller [8086:2930] (rev 03)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
01:00.0 VGA compatible controller [0300]: nVidia Corporation G96 [GeForce 9600M GT] [10de:0649] (rev a1)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: nvidia
06:00.0 System peripheral [0880]: JMicron Technology Corp. SD/MMC Host Controller [197b:2382]
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: sdhci-pci
06:00.2 SD Host controller [0805]: JMicron Technology Corp. Standard SD Host Controller [197b:2381]
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
06:00.3 System peripheral [0880]: JMicron Technology Corp. MS Host Controller [197b:2383]
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: jmb38x_ms
06:00.4 System peripheral [0880]: JMicron Technology Corp. xD Host Controller [197b:2384]
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
07:00.0 Network controller [0280]: Intel Corporation WiFi Link 5100 [8086:4232]
        Subsystem: Intel Corporation WiFi Link 5100 AGN [8086:1201]
        Kernel driver in use: iwlagn
09:00.0 Ethernet controller [0200]: Broadcom Corporation NetXtreme BCM5764M Gigabit Ethernet PCIe [14e4:1684] (rev 10)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: tg3
0a:04.0 CardBus bridge [0607]: O2 Micro, Inc. OZ601/6912/711E0 CardBus/SmartCardBus Controller [1217:6972] (rev 40)
        Subsystem: Acer Incorporated [ALI] Device [1025:013d]
        Kernel driver in use: yenta_cardbus
linux-c18f:/home/jacob # 

Best regards,

Daqar

Have you tried to configure your NIC with networkmanager now that you have the certificates correct?

What is NIC?

Daqar

Network Interface Controller, your network card.

On 11/22/2010 09:36 AM, Daqar wrote:
>
> What is NIC?

Network Interface Card, i.e. the hardware.

OK, I’m not particularly smart ! :stuck_out_tongue: The ‘NIC’ configuration in ‘network manager’ would that be the ‘Wireless’-tab, the ‘Wireless Security’-tab or the ‘IP address’-tab? And can the following be assumed: ‘Knetwork manager’ = ‘network manager’ ?

Best regards,

Daqar

The wireless tab. Yes, knetworkmanager.

I think the applet/plasmoid is called now (in KDE 4)
KDE Network Management or KNetworkManager, compare:

And the corresponding package in the Software Manager might be
networkmanager-kde4
software.opensuse.org: Search Results

Regards
pistazienfresser