The patient: Dell E6500 laptop with OpenSuSE 11.4 fully patched.
Code:
wintermute:~ # uname -a
Linux wintermute.is.niu.edu 2.6.37.6-0.9-desktop #1 SMP PREEMPT
2011-10-19 22:33:27 +0200 x86_64 x86_64 x86_64 GNU/Linux
1 ) make and model of wireless device.
Intel Corporation Ultimate N WiFi Link 5300 [8086:4235]
2 ) driver version in use
iwlagn
3 ) any error message.
None.
4 ) what you have tried to rectify the problem.
5 ) any trouble-shooting guide you have tried to follow.
I had this laptop running OpenSuSE 11.2 up until a couple of weeks ago.
It worked fine, wired and wireless. Then a HD crash wiped out the /
partition. New HD installed. Rather than re-install 11.2, I installed
11.4. Since then, no wireless here at work.
I have access to two wireless networks. The one at home, based on a
Linksys WRT router (WPA2 Personal) works fine. My conclusion from this is
that I don’t have a hardware, firmware, or drivers problem.
The wireless network here at work is more complex. We have multiple
access points in the building, backed by a Cisco “wireless controller”,
doing authentication to a Windows service using Active Directory. This is
the one that does not work. I don’t personally have access to the Cisco
controller or the Windows authentication service, but I know the guys
here that do, so I’m not flying totally blind.
When I (Gnome NetworkManager) enable wireless, I get the initial access
point association. iwconfig shows this as:
Code:
wlan0 IEEE 802.11abgn ESSID:“NIUwireless”
Mode:Managed Frequency:2.437 GHz Access Point:
00:24:97:F1:50:A0
Bit Rate=1 Mb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=55/70 Signal level=-55 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:4 Missed beacon:0
Then I’m prompted for authentication to the wireless network. This being
WPA2 Enterprise, I fill in the appropriate fields of the request:
Code:
Wireless Security: WPA and WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous Identity: (blank)
Subject: <will be filled in automatically>
CA Certificate: NPS-Root.cer
PEAP Version: Automatic
Inner Authentication: MSCHAPv2
Username: bob
Password: foobar
[x] Ask for password every time
[x] Show password
and after clicking on the “Connect” button, it goes off to try to
authenticate. After 30 seconds, the popup window returns. Lather, rinse,
repeat.
In /var/log/messages, what shows up is:
Code:
Dec 9 09:32:01 wintermute kernel: [69053.331585] ADDRCONF(NETDEV_UP):
wlan0: link is not ready
Dec 9 09:32:30 wintermute kernel: [69082.160033] wlan0: authenticate
with 00:24:97:f1:50:a0 (try 1)
Dec 9 09:32:30 wintermute kernel: [69082.162690] wlan0: authenticated
Dec 9 09:32:30 wintermute kernel: [69082.162752] wlan0: associate with
00:24:97:f1:50:a0 (try 1)
Dec 9 09:32:30 wintermute kernel: [69082.176725] wlan0: RX AssocResp
from 00:24:97:f1:50:a0 (capab=0x431 stat
Dec 9 09:32:30 wintermute kernel: [69082.176729] wlan0: associated
Dec 9 09:32:30 wintermute kernel: [69082.186438] ADDRCONF
(NETDEV_CHANGE): wlan0: link becomes ready
Dec 9 09:32:30 wintermute kernel: [69082.186488] cfg80211: Calling CRDA
for country: US
Dec 9 09:32:30 wintermute kernel: [69082.189653] cfg80211: Regulatory
domain changed to country: US
Dec 9 09:32:30 wintermute kernel: [69082.189655] (start_freq -
end_freq @ bandwidth), (max_antenna_gain,
Dec 9 09:32:30 wintermute kernel: [69082.189657] (2402000 KHz -
2472000 KHz @ 40000 KHz), (300 mBi, 2700
Dec 9 09:32:30 wintermute kernel: [69082.189659] (5170000 KHz -
5250000 KHz @ 40000 KHz), (300 mBi, 1700
Dec 9 09:32:30 wintermute kernel: [69082.189661] (5250000 KHz -
5330000 KHz @ 40000 KHz), (300 mBi, 2000
Dec 9 09:32:30 wintermute kernel: [69082.189663] (5490000 KHz -
5600000 KHz @ 40000 KHz), (300 mBi, 2000
Dec 9 09:32:30 wintermute kernel: [69082.189665] (5650000 KHz -
5710000 KHz @ 40000 KHz), (300 mBi, 2000
Dec 9 09:32:30 wintermute kernel: [69082.189667] (5735000 KHz -
5835000 KHz @ 40000 KHz), (300 mBi, 3000
Dec 9 09:32:54 wintermute kernel: [69106.232573] wlan0: deauthenticated
from 00:24:97:f1:50:a0 (Reason: 23)
Dec 9 09:32:54 wintermute kernel: [69106.244569] cfg80211: Calling CRDA
to update world regulatory domain
Dec 9 09:32:54 wintermute kernel: [69106.254957] cfg80211: World
regulatory domain updated:
Dec 9 09:32:54 wintermute kernel: [69106.254959] (start_freq -
end_freq @ bandwidth), (max_antenna_gain,
Dec 9 09:32:54 wintermute kernel: [69106.254962] (2402000 KHz -
2472000 KHz @ 40000 KHz), (300 mBi, 2000
Dec 9 09:32:54 wintermute kernel: [69106.254964] (2457000 KHz -
2482000 KHz @ 20000 KHz), (300 mBi, 2000
Dec 9 09:32:54 wintermute kernel: [69106.254966] (2474000 KHz -
2494000 KHz @ 20000 KHz), (300 mBi, 2000
Dec 9 09:32:54 wintermute kernel: [69106.254968] (5170000 KHz -
5250000 KHz @ 40000 KHz), (300 mBi, 2000
Dec 9 09:32:54 wintermute kernel: [69106.254970] (5735000 KHz -
5835000 KHz @ 40000 KHz), (300 mBi, 2000
I’m sure that PEAP and MSCHAPv2 are the correct settings. No other
options are supported by the back end. When I had this working on OpenSuSE
11.2, PEAP Version had to be set to “Version 0”. I’ve tried all three
possibilities (“Automatic”, “Version 0” and “Version 1”) with no change
in results.
I don’t recall having to have the actual certificate installed when this
was working with 11.2. I’ve tried with, and without, specifying the
certificate file, and no change in results. (I understand that having the
certificate locally may be more secure. Right now, I’d settle for
“working” and I’ll worry about “secure” later.)
I spent some time yesterday with the guy that runs the access points and
the Cisco wireless network controller. He can see me attach to an AP, and
says that what the wireless controller sees happening is that I attach to
the AP, the wireless controller starts the authentication negotiation,
and sees me dettach from the AP before it can do so, then immediately
attach to a different AP. This cycle repeats several times, with the
wireless controller starting the negotiation and giving up when it sees
the detach. Since this negotiation never completes, no authentication
request ever reaches the Windows service.
There is a /var/log/wpa_supplicant.log file that contains this sequence
(repeated):
Code:
Trying to associate with 00:24:97:f1:50:a0 (SSID=‘NIUwireless’ freq=2437
MHz)
Associated with 00:24:97:f1:50:a0
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-STARTED EAP authentication started
Authentication with 00:24:97:f1:50:a0 timed out.
CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
Failed to initiate AP scan.
(Side note: It’d be helpful if this included timestamps.)
While I know PEAP/MSCHAPv2 are what are required/supported, I
accidentally found that changing to LEAP produces an interesting change
in behaviour. When configured for LEAP, I do see an authentication
request hit the Windows service (it’s denied with an “EAP not supported”
error).
Digging further, I’ve found /var/log/NetworkManager. This contains
(again, repeated):
Code:
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> Config: added
‘ssid’ value ‘NIUwireless’
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> Config: added
‘key_mgmt’ value ‘WPA-EAP’
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> Config: added
‘eap’ value ‘TTLS PEAP TLS’
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> Config: added
‘identity’ value ’ ’
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> Config: added
‘ca_cert’ value ‘probe://’
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: associated -> disconnected
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> Config: set
interface ap_scan to 1
Dec 9 10:42:17 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: disconnected -> scanning
Dec 9 10:42:19 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: scanning -> associating
Dec 9 10:42:19 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: associating -> associated
Dec 9 10:42:32 wintermute NetworkManager[1549]: <warn> (wlan0): link
timed out.
Dec 9 10:43:29 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: associated -> disconnected
Dec 9 10:43:29 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: disconnected -> scanning
Dec 9 10:43:29 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: scanning -> disconnected
Dec 9 10:43:32 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: disconnected -> associating
Dec 9 10:43:32 wintermute NetworkManager[1549]: <info> (wlan0):
supplicant connection state: associating -> associated
Dec 9 10:44:00 wintermute NetworkManager[1549]: <warn> (wlan0): link
timed out.
What strikes me as interesting here is the ca_cert “value” of “probe://”.
I get this whether I specify the certificate file, or not. Google
suggests that this is Network Manager attempting to call wpa_supplicant
to get the AP’s certificate data.
Here I’m stuck. Where do I look next?
6 ) openSUSE version
OpenSuSE 11.4
7 ) type /sbin/lspci -v" in a terminal; copy and paste the section that
identifies your wireless card and it’s chipset.
Code:
0c:00.0 Network controller: Intel Corporation Ultimate N WiFi Link 5300
Subsystem: Intel Corporation Device 1121
Flags: bus master, fast devsel, latency 0, IRQ 43
Memory at f69fe000 (64-bit, non-prefetchable) [size=8]
Capabilities: [c8] Power Management version 3
Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [e0] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Device Serial Number 00-21-6a-ff-ff-2f-61-6e
Kernel driver in use: iwlagn
Some hunting yesterday turned up the Intel drivers site (http://
intellinuxwireless.org/?n=Downloads) which seems to have a newer firmware
for the 5000 series. The OpenSuSE distro includes two:
Code:
-rw-r–r-- 1 root root 353240 Feb 24 2011 /lib/firmware/
iwlwifi-5000-2.ucode
-rw-r–r-- 1 root root 345008 Feb 24 2011 /lib/firmware/
iwlwifi-5000-1.ucode
which, if I’m reading the notes correctly, are versions 1 and 2 of the
firmware. Intel has a version 5 firmware available:
Code:
-rw-r–r-- 1 root root 340688 Dec 8 14:16 /lib/firmware/
iwlwifi-5000-5.ucode
but I found at least one note that said kernel 2.6.38 was needed for this
firmware. I have not yet found a way to list which firmware is actually
being used for the device. There are no ‘firmware’ messages in /var/log/
messages.
–
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com
Please post questions in the forums. No support provided via email.
[/size]