802.1x on a Wired Connection

To: debian-user@lists.debian.org
Cc: "Debian User (mailing list)" <debian-user@lists.debian.org>
Subject: 802.1x on a Wired Connection
From: Martin McCormick <martin@x.it.okstate.edu>
Date: Tue, 16 Jul 2013 10:36:56 -0500
Message-id: <[🔎] 201307161536.r6GFauv4026697@x.it.okstate.edu>
	We are deploying 802.1x on our wired network and I am
working to get an older Dell system so that it will continue to
work in our brave new world.

	Obviously, if it had worked, I wouldn't be posting this
message so here's the tale of woe.

	The GUI is absolutely not an option on this system but
this really doesn't look that bad at all. I obviously have
something misconfigured. Here is the /etc/wpa_supplicant.conf
file minus the Crown Jewels but the problem isn't
authentication. I think it is how I defined the network:

# IEEE 802.1X with dynamic WEP keys using EAP-PEAP/MSCHAPv2

ap_scan=0
ctrl_interface=/var/run/wpa_supplicant

network={
	key_mgmt=IEEE8021X
	eap=PEAP
	phase2="auth=MSCHAPV2"
	identity="username@okstate.edu"
	password="nice_try"
	       eapol_flags=0
}

That was taken right from examples provided with the
wpa_supplicant installation.

	When I tried to test it, here is what happened.

# wpa_supplicant -ieth0 -c/etc/wpa_supplicant.conf -d
wpa_supplicant v1.0
random: Trying to read entropy from /dev/random
Initializing interface 'eth0' conf '/etc/wpa_supplicant.conf' driver 'default' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ap_scan=0
ctrl_interface='DIR=/var/run/wpa_supplicant GROUP=wheel'
ctrl_interface='/var/run/wpa_supplicant'
Priority group 0
   id=0 ssid=''
rfkill: Cannot open RFKILL control device
WEXT: RFKILL status not available
ioctl[SIOCSIWMODE]: Operation not supported
Could not configure driver to use managed mode
ioctl[SIOCGIWRANGE]: Operation not supported
ioctl[SIOCGIWMODE]: Operation not supported
ioctl[SIOCSIWAP]: Operation not supported
WEXT: Failed to clear BSSID selection on disconnect
ioctl[SIOCSIWESSID]: Operation not supported
WEXT: Failed to set bogus SSID to disconnect
netlink: Operstate: linkmode=1, operstate=5
eth0: Own MAC address: 00:50:da:25:16:7a
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Operation not supported
Driver did not support SIOCSIWENCODEEXT, trying SIOCSIWENCODE
ioctl[SIOCSIWENCODE]: Operation not supported
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Operation not supported
Driver did not support SIOCSIWENCODEEXT, trying SIOCSIWENCODE
ioctl[SIOCSIWENCODE]: Operation not supported
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Operation not supported
Driver did not support SIOCSIWENCODEEXT, trying SIOCSIWENCODE
ioctl[SIOCSIWENCODE]: Operation not supported
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Operation not supported
Driver did not support SIOCSIWENCODEEXT, trying SIOCSIWENCODE
ioctl[SIOCSIWENCODE]: Operation not supported
wpa_driver_wext_set_key: alg=0 key_idx=4 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Operation not supported
Driver did not support SIOCSIWENCODEEXT, trying SIOCSIWENCODE
ioctl[SIOCSIWENCODE]: Operation not supported
wpa_driver_wext_set_key: alg=0 key_idx=5 set_tx=0 seq_len=0 key_len=0
ioctl[SIOCSIWENCODEEXT]: Operation not supported
Driver did not support SIOCSIWENCODEEXT, trying SIOCSIWENCODE
ioctl[SIOCSIWENCODE]: Operation not supported
wpa_driver_wext_set_countermeasures
eth0: RSN: flushing PMKID list in the driver
eth0: Setting scan request: 0 sec 100000 usec
WPS: Set UUID for interface eth0
WPS: UUID based on MAC address - hexdump(len=16): de d5 84 cd b1 17 5b 26 89 0f a6 98 44 35 fa cb
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: Supplicant port status: Unauthorized
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: Supplicant port status: Unauthorized
EAPOL: Supplicant port status: Unauthorized
eth0: Added interface eth0
random: Got 16/20 bytes from /dev/random
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth0' added
WEXT: if_removed already cleared - ignore event
ioctl[SIOCGIWESSID]: Operation not supported
eth0: Could not read SSID from driver
EAPOL: disable timer tick
EAPOL: Supplicant port status: Unauthorized
random: Got 4/4 bytes from /dev/random
^Ceth0: CTRL-EVENT-TERMINATING - signal 2 received
eth0: Removing interface eth0
eth0: No keys have been configured - skip key clearing
eth0: State: DISCONNECTED -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
netlink: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: Supplicant port status: Unauthorized
EAPOL: External notification - portValid=0
EAPOL: Supplicant port status: Unauthorized
wpa_driver_wext_set_countermeasures
eth0: No keys have been configured - skip key clearing
eth0: Cancelling scan request
eth0: Cancelling authentication timeout
ioctl[SIOCGIWMODE]: Operation not supported
ioctl[SIOCSIWAP]: Operation not supported
WEXT: Failed to clear BSSID selection on disconnect
ioctl[SIOCSIWESSID]: Operation not supported
WEXT: Failed to set bogus SSID to disconnect
netlink: Operstate: linkmode=0, operstate=6
_______________________________________________________________________________

It looks like absolutely nothing really happened. Actually, it
did. It killed eth0.

ifdown eth0;ifup eth0

Does bring eth0 back up.

	Thanks for any constructive ideas.

Martin McCormick
Reply to:
Prev by Date: Re: USB automount
Next by Date: Re: preseed root password with !
Previous by thread: RE: openvpn
Next by thread: vsftpd on Debian
Index(es):
- Date
- Thread