Unable to access university WLAN Network

Hello all,

I’m unable to get into my university’s WLAN network. LAN works just fine, but sometimes it’s quite convenient to be able to access stuff wirelessly. It doesn’t seem to be a hardware problem, because if I configure my computer according to our computer department’s instructions it works fine with Ubuntu (currently I carry around a stick to get into the Internet when I really need it and don’t have a cable). Can anyone help me? Some info:

My device:
Broadcom WLAN controller on a Lenovo G560

My system:
OpenSUSE 11.3 64-bit

The drivers are installed, I can get into normal private networks, but have never managed to get into the university network except for with Ubuntu.

The university instructions tell me to use the following settings:
Security: WPA Enterprise
Authentification: TTLS
Inner Authentification: PAP
Username: My username
Password: Password
CA Certificate: Deutsche_Telekom_Root_CA_2.pem
In the KDE instructions, they tell you to write “anonymous” into the anonymous identity field, but in the GNOME instructions it says to leave it blank. In Ubuntu, I leave it blank and it works.

I’ve got the recommended settings, which also work in GNOME.

I’d ask the tech support here, but I am the tech support :stuck_out_tongue: We’ve got it working with other systems, like I said, but not with SUSE, and I’m a SUSE fan. Anyone have an idea what I could try? Thanks!

Daniel

Maybe it is just an relatively easy thing.
Example given, in this thread it was just that
in the KNetworkManager the automatic Recognition of wireless LAN (WLAN) had to be activated (on the ‘wireless’ register):
Lenovo 3000 G530 4446 25G WLAN konfigurieren

But if not so I would like to ask some questions (at least to help an other user to help you):

  1. Do you have a link to your university’s complete description of (the access to the) wireless network?

  2. Are you using openSUSE with KDE or GNOME or an other desktop environment (or with two d. e. ?)?

  3. Do you use the NetworkManager (KNetworkManager or GNOME Network Manager) (or the traditional method)?
    See: Starte mal Computer/Gecko-symbol>YaST (needs root password)>Network Devices: Network Settings -> is there “User Controlled with Networkmanager” chosen (or “Traditional Method with ifup”)?

  4. “Password authentication protocol” (PAP) and "certificate authority or certification authority (“CA”) seems to me to be not very specific things. Is your university using any virtual private network (VPN) or something like that?

  5. Do you get your WLAN-Card generally to work (at home and so on) with openSUSE? Do you see the university’s wireless network in the NetworkManager etc. but are not able to get access?

  6. What is the name of the specific WLAN (PCI? USB?) card/device (Broadcom …)?

Regards
puzzled pistazienfresser :wink:

Hi,

Sorry, I seem to have forgotten a few details. I’m running OpenSUSE 11.3 64-bit KDE.
When I try to connect to the network, it takes a long time and then KNetworkManager asks me for the network secrets again and again and again. No connection is established, but I see that the system’s working on it.

Maybe it is just an relatively easy thing.
Example given, in this thread it was just that
in the KNetworkManager the automatic Recognition of wireless LAN (WLAN) had to be activated (on the ‘wireless’ register):
Lenovo 3000 G530 4446 25G WLAN konfigurieren

Don’t think that’s the problem, because I recognize WLAN networks. However, when I open up KNetworkManager I only see a list of the wireless networks I’ve set up in the past and the option to add, edit or delete them - nothing about automatic WLAN recognition. But since I can see the network, I’m pretty sure it’s on.

  1. Do you have a link to your university’s complete description of (the access to the) wireless network?

Yup - WLAN unter Linux - Philipps-Universität Marburg - Hochschulrechenzentrum. Unfortunately in German, but for you at least that doesn’t look like it’ll be a problem :wink:

  1. Do you use the NetworkManager (KNetworkManager or GNOME Network Manager) (or the traditional method)?
    See: Starte mal Computer/Gecko-symbol>YaST (needs root password)>Network Devices: Network Settings -> is there “User Controlled with Networkmanager” chosen (or “Traditional Method with ifup”)?

I’m using the NetworkManager GUI, not ifup.

  1. “Password authentication protocol” (PAP) and "certificate authority or certification authority (“CA”) seems to me to be not very specific things. Is your university using any virtual private network (VPN) or something like that?

As far as I know it’s no VPN here. The university does have a VPN for remote access to the information infrastructure, but since I’m physically here I’m not using it. If I try to use it here it theoretically shouldn’t work.

  1. Do you get your WLAN-Card generally to work (at home and so on) with openSUSE?

Yes. This is the only network I’ve never been able to connect with before (although I’ve never tried another WPA Enterprise network). I only use OpenSUSE, except for this specific case.

Do you see the university’s wireless network in the NetworkManager etc. but are not able to get access?

Yes. See above - I see it, I can try to connect, but for some reason I don’t gain access and it keeps on asking for my authentification info.

  1. What is the name of the specific WLAN (PCI? USB?) card/device (Broadcom …)?

Where do I find that? I tried YaST–>Hardware–>Hardware Info–>Wireless LAN–>Broadcom WLAN controller but as of that point I’m not able to find a name that doesn’t seem to be the system name (eth1) or just a name for the specific device, like the MAC-Address. Under “Model” YaST tells me “Broadcom WLAN controller.”

Sorry for being such a noob, I actually work with OpenSUSE for quite a while not but when it comes to messing with the system itself I’m still a noob :stuck_out_tongue:

Best,
Daniel

I would guess that is a problem of the KNetworkManager and the WPA2 Enterprise / the WPA Enterprise Certificate or Password (and maybe KWallet ???). As I have no access to such a network with such a security ()

I am not able to test it or to give you any specific advice - maybe an other user is able to do so.

I would see to ways of approach:

  1. Try it again and further on with the KNetworkmanager.
    Example given:
    Klick on the Symbol in the System Tray>Manage Connections>on the left: Network Connections>register: wireless>
    (chosing your connection>on the right: Edit) OR on the right: Add>
    register: Wireless Security>
    let me chose:
  • drop down menu 1 (Security)> … ; “WPA/WPA2 Secrurity”; …
  • drop down menu 2 (Autification): TLS, [LEAP], PEAP,
    TLS will include also the Import of two Certificates (User Certificate: … ;CA Certificate:Deutsche Telepost usw…)
    Protected EAP (PEAP) will include …
    **Tunneled TLS - CA Certificate: … Inner Autification: PAP … ** (sounds interesting like your given Data to me)

1a) Try other/an newer Version of the KNetworkManager:
search in the KDE-Stable-Repository or
software.opensuse.org: Search Results (but be aware of the problems of using One-Click-Install to often…)

  1. Try to use an other program/application (after deleting the other configuration):
    My wild guessing around:
    a) Could you just use the GNOME Networkmanager under GNOME?
    b) Search for wpa_supplicant software.opensuse.org: Search Results
    c) Search for “RADIUS”: software.opensuse.org: Search Results

Good luck and have a lot of fun with ‘herumbasteln’
puzzled pistazienfresser

See also:
WPA2

P.S.: Maybe you could increase your chances with adding one (or …) more tag:
as I am not in charge on this part of the forums I am only allowed to add 2 tags to treads of other people.

Hi there,

Alright, I’ll add some more tags. Good idea.

The options you describe are the ones that are already in my settings for that connection - I followed the instructions on the page to the letter :wink: Also, KNetworkManager should be able to access KWalletManager without problems, it does that all the time with my other connections. And sadly, I’ve already got the newest version of KNetworkManager for KDE4.

A little bit nervous of using the GNOME version, could that produce problems or would that slow down my system? I’ve heard that using GNOME programs makes your OS load all the GNOME libraries in addition to everything else it loads, that’d be annoying. Plus, I’d be worried about conflicts with KNetworkManager.

wpa_supplicant - got it
RADIUS - those are a lot of search results, which would I need? What is that used for?

Sadly, I can’t test now until Monday, when I get back to the university…

Thanks a lot for the help!
Daniel

Maybe you could add “WPA2” (Wi-Fi Protected Access 2) / “IEEE 802.11i-2004” (that will partly describe your used model of authentication, or?) and something with “Certificate” (Zertifikat) or “Authentication” (Authentifikation / Authentifizierung), too ?

And maybe you would find a solution for you problem if you search for such words (both as tags and as words in the titles and the normal text)?

And an older version (without any security problems) was also tested?

Then it may be time
(to install the corresponding debug-packages and)
to search for and (if there is no)
to write a fine Bug-Report (maybe both at KDE and at openSUSE’s/Novell’s bugzilla with remarks links to each other - but it might be just the same developers :wink: ).

KNetworkManager: As it is not working - I would think about deinstallation.
And the “KNetworkManager” is in my opinion not so much more than a graphical user interface for the GNOME program “NetworkManager”. But maybe you could just make a test case in the YaST Software Manager (or a snapshot or use a test system etc.). I have installed openSUSE 11.2 both with KDE and with GNOME (see signature) and my old laptop seems not to be working too much (at least in GNOME :wink: - but maybe I there are other opinions?

Only installed or also used? I thought that would be not an addition but an alternative to the KNetworkManager?

Sorry, that was just the “wildest” part of my guessing.
Compare out of de-Wikipedia:
WPA2 - Wikipedia #Verschlüsselung
->
Extensible Authentication Protocol - Wikipedia (Weitergeleitet von TTLS ) # TLS
->
RADIUS - Wikipedia
-> Put “RADIUS” in the opensuse.software.org (as I got no results for other tags/words/acronyms/letters I could think of …).

And maybe there is also someone out there who knows a way using an other program with a graphical or a/the text based user interface/environment.

Good luck - both in finding users with more knowledge in security issues than me and in trying it yourself (maybe you should not use your productive system for that or at least make a snapshot and secure your data :wink: )
pistazienfresser

Other programs and interfaces for the wireless LAN and KDE network debugging:

I think a look at NetworkManagement - KDE UserBase might help (or a more regular KDE user with experienced with WPA-EAP (or WPA-Enterprise) ad least on a RADIUS client[1] (or do you want to run your RADIUS server also? :wink: ).

1.1
Especially: Have you also tried alternatives of the Network Management applet ( NetworkManager-kde4 ) ?

1.1.1

  • like the plasmoid-networkmanagement ( NetworkManager client for KDE 4 ) ?

1.1.2

  • like the cnetworkmanager - Command-line client for NetworkManager ?

(1.1.3
For the
NetworkManager-gnome - GNOME applications for use with NetworkManager
(~ nm-applet) see postings before

1.2
Alternatives to the NetworkManager:

1.2.1
YaST : Traditional Method with ifup

SDB:WiFi - openSUSE # How-to connect to WiFi without the NetworkManager

Novell Documentation: Reference # 32.0 Wireless LAN

Getting the hardware information for the wireless LAN card/adapter (some alternatives):

2.1
Getting Your Wireless to Work

2.2
My wireless doesn’t work - a primer on what I should do next

2.3
And another (a maybe not very sophisticated) way of letting you know more about your WLAN-Hardware is

lshal

Example given (on my Samsung X20):

 ....]
udi = '/org/freedesktop/Hal/devices/pci_8086_4220'
  info.linux.driver = '**ipw2200**'  (string)         
  info.parent = '/org/freedesktop/Hal/devices/pci_8086_2448'  (string)
  info.product = '**PRO/Wireless 2200BG [Calexico2] Network Connection**'  (string)
  info.subsystem = 'pci'  (string)                                             
  info.udi = '/org/freedesktop/Hal/devices/pci_8086_4220'  (string)            
  info.vendor = 'Intel Corporation'  (string)                                  
  linux.hotplug_type = 2  (0x2)  (int)                                         
  linux.subsystem = 'pci'  (string)                                            
  linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1e.0/0000:02:07.0'  (string)
  pci.device_class = 2  (0x2)  (int)                                              
  pci.device_protocol = 0  (0x0)  (int)                                           
  pci.device_subclass = 128  (0x80)  (int)                                        
  pci.linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:1e.0/0000:02:07.0'  (string)
  pci.product = 'PRO/Wireless 2200BG [Calexico2] Network Connection'  (string)        
  pci.product_id = 16928  (0x4220)  (int)                                             
  pci.subsys_product = 'Samsung P35 integrated WLAN'  (string)
...]                     
 

(Bolded by me)

2.4
:wink:
And sometimes you could also just turn your laptop upside down, take a not-magnetic screwdriver, make sure you are not (statically) electrically charged and take a look on your PCI-Card etc…But do not cry or try to sue me if you brake your laptop…
/:wink:

Good luck!
pistazienfresser

[1] Novell Documentation

Hey there,

Alright, I did lshal but my WLAN card didn’t show up at all. Strange, I read through more than a hundred entries, but I also couldn’t see my original command input, so maybe the text was simply so long that it ended up cutting off the top? In any case, I wasn’t able to find it.

This problem sadly seems to go well above and beyond my own knowledge. I’ve looked at all of those pages that you listed, but was only able to understand a very limited amount of their content. I’ll take this over to the KDE people, maybe they know some more specific stuff to try. I don’t have another computer so I’m really afraid to mess around with the system settings a lot or install concurrent network managing tools; in that case it looks like the work-around would be to use wired connections when possible and otherwise work with my live Ubuntu system, although I don’t like that as a permanent system. Thanks a lot for the help! If anybody else has any tips, I’d be glad to hear them.

Best,
Daniel

But I am still hoping for an expert on wireless LAN, network and or security to have a look at this thread…

Hope I frustrated you not to much with my (un-helpfully way of) trying to help…:shame:

Just three/four additional thoughts (Wireless card unknown; WPA Enterprise settings conflicting? EAP over RADIUS and Inner Authentification PAP but: TTLS or PEAP?):

  1. WLAN unter Gnome/Ubuntu - Philipps-Universität Marburg - Hochschulrechenzentrum
    shows me the name of the wireless lan card (and also my NetworkManager applet in openSUSE with GNOME).
    Maybe the easiest way to know/guess you hardware would be to turn on you Ubuntu and take a look at your NetworkManager there? Does your NetworkManager-kde4 in openSUSE show you no specific WLAN hardware?

  2. I would try it with a new user under openSUSE - maybe your settings for the wpa_supplicant are still existing somewhere and conflicting with your settings for the KDE NetworkManager application?

  3. And Betriebskonzept - Philipps-Universität Marburg - Hochschulrechenzentrum

a) …shows me: the name of the author/last editor and “Zuletzt aktualisiert: 09.06.2010” (2010/06/09 probably still at the university?). If you are really the support for the students/users

she might be willing to help you so that you are better fitted to help the students?

b) … says that the authentication itself is managed either by EAP-TTLS or by PEAP:

…] Die Kommunikation zwischen dem Supplikanten, d.h. dem Betriebssystem bzw. der Client-Software, und dem Authentisierungs-Server, einem Radius-Server, basiert auf einem der beiden dem Authentisierungs-Protokolle EAP-TTLS oder PEAP; dabei werden Username und Passwort verschlüsselt übertragen…]

I do not know if your PEAP variate is only compatible with the one used by Mircosoft or also with the variate(s) used in openSUSE (and KDE and the NetworkManager-KDE) but maybe you could just try to use the setting PEAP (Protected EAP, Protected Extensible Authentication Protocol - Wikipedia, the free encyclopedia) instead of TTLS (Tunned TLS)?

Sorry for being not able to help you more
pistazienfresser

Me too! Don’t worry, you’re much more an expert than I am :wink: I know forums aren’t a magic wand.

Maybe the easiest way to know/guess you hardware would be to turn on you Ubuntu and take a look at your NetworkManager there? Does your NetworkManager-kde4 in openSUSE show you no specific WLAN hardware?

Unfortunately, it doesn’t…

  1. I would try it with a new user under openSUSE - maybe your settings for the wpa_supplicant are still existing somewhere and conflicting with your settings for the KDE NetworkManager application?

Will try that and report back, as soon as I get a chance :wink:

  1. And Betriebskonzept - Philipps-Universität Marburg - Hochschulrechenzentrum

a) …shows me: the name of the author/last editor and “Zuletzt aktualisiert: 09.06.2010” (2010/06/09 probably still at the university?). If you are really the support for the students/users she might be willing to help you so that you are better fitted to help the students?

Yeah, good idea. I’d contacted the HRZ before (HRZ is university-wide and I’m responsible for computers in our department, we use a different system) and hadn’t gotten an answer, but I’ll definitely try again… Fragen kostet nix :wink:

b) … says that the authentication itself is managed either by EAP-TTLS or by PEAP:

I do not know if your PEAP variate is only compatible with the one used by Mircosoft or also with the variate(s) used in openSUSE (and KDE and the NetworkManager-KDE) but maybe you could just try to use the setting PEAP (Protected EAP, Protected Extensible Authentication Protocol - Wikipedia, the free encyclopedia) instead of TTLS (Tunned TLS)?

Just tried it… But that didn’t work either. Would’ve been a bit surprising, because the settings that do work in Ubuntu use the ones described in the instructions (TTLS rather than PEAP).

Anyway, I hope that we can gather some additional ideas - but whatever the case is, I’m thankful for the attempt to help, I know you don’t get paid for it or anything, so it’s really nice that you take the time for troubleshooting, regardless of the outcome!

Best,
Daniel

Hi Daniel,

I have tried a “Ausgabeumleitung” (en: Output redirection ?)

lshal > lshal.txt

might give you all the many data in one file called “lshal.txt” (choose the name you like) under your users home directory. Then you will be able to open the file with you favorite editor or text-editor (gidit, openOffice, …) and use the search function for “wireless” and “wlan”.

Maybe you could use this command not only in openSUSE but also in Ubuntu (I have not tried it there only in my openSUSE 11.2 with GNOME)?

Good luck!
pistazienfresser

Just one or two thoughts more:

  1. Where have you stored you certificate and are your programs able to read it? Maybe under openSUSE you have just to use a certain place for certificates
    (as openSUSE related to the enterprise version “SUSE Linux Enterprise Desktop” and to the method of YaST to setup a wireless network with encryption and ). In the Ubuntu descriptions for your university I could read much about security problems :wink:
  2. Maybe you could just try the “traditional method with ifup” ?

Compare to both issues:
32.5 Configuration with YaST with 32.5.2 Configuration for Access Points
Novell Documentation - Reference (in pdf) page 521-525 (especially 523):
(= Novell Documentation - Reference (in html) )

But I am still hoping for some words from forums’ member with more skills…

Regards
pistazienfresser

I had the same problem here at TU München with KNetworkManager. I solved it by not specifying a root ca. Instead I used the option “Use system ca’s”. The “Deutsche Telekom” certifacate should be installed. TUM uses this one, too.

Maybe you can also solve this problem by changing the permissions for the root ca file. But I didn’t try this.

Alright, just a report back… Apparently KNetworkManager always has a problem with eduroam networks. It’s a registered bug that hasn’t been taken care of yet. I deinstalled KNetworkManager, installed networkmanager-gnome, and started that NetworkManager (nm-applet). It’s able to connect to the eduroam network just fine, and do all the stuff that KNetworkManager was able to do - at least so far. So I guess that’s the work-around solution. If you want to have it autostart, though, you have to autostart the command nm-applet. So… The problem may not be solved, but at least it’s not creating any more trouble :stuck_out_tongue:

I am happy for you! So at least one of the alternatives to the KDE Network Management applet (NetworkManager-kde4) to run the Network Manager has worked for you.

Are these the KDE bugreports/treads you have meant :
KDE NetworkManagment and eduroam - Fails to connect
Bug 252668 - Can’t connect to WPA Enterprise networks
Bug 209673 - knetworkmanager applet (NOT THE PLASMOID) can’t connect to WPA PEAP when validating by CA certificate ?

Regards pistazienfresser

Did you try the plasma applet? The standalone program (knetworkmanager) is obsolete.
Which KDE version do you have?
Did you try the solution I mentioned above? It really solved the problem for me (Using KDE 4.5.3)

Just some thoughts:

I would presume that most users are (at least a bit) confused by all the different names for the programs/applications/packages/pattens in openSUSE connected with networking and Network Manager (and especially as they are not allways conform with the names in other distributions).

A table with all the different names (and what they mean) may probably help some people.

Compare:
NetworkManager - Wikipedia, the free encyclopedia
NetworkManagement - KDE UserBase
KNetworkManager - openSUSE
http://en.opensuse.org/KNetworkManager (empty in the new wiki!)
Search for networkmanager (fulltext and not only main namespace) in openSUSE wiki
Search for knetworkmanager in Webpin (openSUSE 11.3)
Search for knetworkmanager in Webpin (openSUSE 11.2)
software.opensuse.org: Search Results for network AND manager in Factory
software.opensuse.org: Search Results for “networkmanager-kde4” in Factory

And maybe a Diagram (in the openSUSE wiki?) giving an overview of how the Network Manager works together with other programs (both more at the user side and more in the inner side of the system) would help at least some users in openSUSE.

And if the user would find SDB:Tracking down wireless problems - openSUSE or Tracking down wireless problems - openSUSE the length of that article will probably scare most of them (and an update of that article would probably be fine, too).

Regards
pistazienfresser

Oops, sorry, it’s been a while since I looked at the thread.

Since the switch to the GNOME Network Manager worked just fine, I haven’t experimented with it - maybe I’ll try using the system certs using the KDE network manager next time (Fruchtratte’s problem). Need to install it again then. But at the moment I’m honesty said pretty happy with how things have turned out.

What’s the difference between System certs and choosing the certificate from the HD? The certificate was already in /etc/ssl/certs before, so I assumed it was a system certificate :slight_smile:

You could run into the problem that the certifcate may not be installed (for
example if you use some private self signed certifcate). In this case you
can select one from the file system.

But I looks like the KDE applet can not handle this option probably.

Guessing wild around:
Maybe the KDE applet/plasmoid has not the privileges/rights to access/execute the certificate directly and to authenticate (especially if the certificate is saved under /etc/ssl/certs ) - but asking the “system”
(the wpa_supplicant ? =>
wpa_supplicant(8) - Linux man page
networkmanager(8): network management daemon - Linux man page )
may work.
But if so I do not get it: why it is different with the GNOME Network Manager application (nm-applet / package: NetworkManager-gnome)? If you (pl./all) are/somebody is really interested to find the cause (without destroying you working actual configuration) you might test your “WPA enterprise” with a live-CD/live system (and the certificate on a USB-Stick?) ?

puzzled
pistazienfresser