[rhelv6-list] Antwort: Re: WLAN with RHEL6 with auth against Windows ADS
Kurt Keller
kkathag at gmail.com
Thu Jul 7 07:04:43 UTC 2011
Andreas,
Below is the part from the log of my system when a successful
connection is taking place. Two problems I encountered on the way were
- not knowing where to change the password for the key (-> start seahorse)
- a problem with the wireless card (-> installing the kernel from
fedora 15 on my fedora 14 box fixed that)
Good luck,
Kurt
[cut]
NetworkManager[2066]: <info> Activation (wlan0) Stage 2 of 5 (Device
Configure) complete.
NetworkManager[2066]: <info> Config: set interface ap_scan to 1
NetworkManager[2066]: <info> (wlan0): supplicant connection state:
inactive -> scanning
NetworkManager[2066]: <info> (wlan0): supplicant connection state:
scanning -> associating
kernel: [ 188.630183] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
kernel: [ 188.630328] cfg80211: Calling CRDA for country: XX
NetworkManager[2066]: <info> (wlan0): supplicant connection state:
associating -> associated
kernel: [ 188.654294] cfg80211: Regulatory domain changed to country: XX
kernel: [ 188.654297] cfg80211: (start_freq - end_freq @
bandwidth), (max_antenna_gain, max_eirp)
kernel: [ 188.654300] cfg80211: (2402000 KHz - 2482000 KHz @
40000 KHz), (N/A, 2000 mBm)
kernel: [ 188.654303] cfg80211: (5170000 KHz - 5250000 KHz @
40000 KHz), (N/A, 2000 mBm)
kernel: [ 188.654305] cfg80211: (5250000 KHz - 5330000 KHz @
40000 KHz), (N/A, 2000 mBm)
kernel: [ 188.654308] cfg80211: (5490000 KHz - 5710000 KHz @
40000 KHz), (N/A, 2700 mBm)
NetworkManager[2066]: <info> (wlan0): supplicant connection state:
associated -> 4-way handshake
NetworkManager[2066]: <info> (wlan0): supplicant connection state:
4-way handshake -> group handshake
NetworkManager[2066]: <info> (wlan0): supplicant connection state:
group handshake -> completed
NetworkManager[2066]: <info> Activation (wlan0/wireless) Stage 2 of 5
(Device Configure) successful. Connected to wireless network
'XXXXXXXX'.
NetworkManager[2066]: <info> Activation (wlan0) Stage 3 of 5 (IP
Configure Start) scheduled.
NetworkManager[2066]: <info> Activation (wlan0) Stage 3 of 5 (IP
Configure Start) started...
NetworkManager[2066]: <info> (wlan0): device state change: 5 -> 7 (reason 0)
NetworkManager[2066]: <info> Activation (wlan0) Beginning DHCPv4
transaction (timeout in 45 seconds)
NetworkManager[2066]: <info> dhclient started with pid 3385
NetworkManager[2066]: <info> Activation (wlan0) Stage 3 of 5 (IP
Configure Start) complete.
dhclient[3385]: Internet Systems Consortium DHCP Client 4.2.0-P2
dhclient[3385]: Copyright 2004-2010 Internet Systems Consortium.
dhclient[3385]: All rights reserved.
dhclient[3385]: For info, please visit https://www.isc.org/software/dhcp/
dhclient[3385]:
NetworkManager[2066]: <info> (wlan0): DHCPv4 state changed nbi -> preinit
dhclient[3385]: Listening on LPF/wlan0/XX:XX:XX:XX:XX:XX
dhclient[3385]: Sending on LPF/wlan0/XX:XX:XX:XX:XX:XX
dhclient[3385]: Sending on Socket/fallback
dhclient[3385]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 5
avahi-daemon[2084]: Registering new address record for
xxxx::xxx:xxxx:xxxx:xxx on wlan0.*.
dhclient[3385]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
dhclient[3385]: DHCPOFFER from 1.1.1.1
dhclient[3385]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
dhclient[3385]: DHCPACK from 1.1.1.1
dhclient[3385]: bound to XX.X.XX.XX -- renewal in 1704 seconds.
NetworkManager[2066]: <info> (wlan0): DHCPv4 state changed preinit -> bound
NetworkManager[2066]: <info> Activation (wlan0) Stage 4 of 5 (IP4
Configure Get) scheduled...
NetworkManager[2066]: <info> Activation (wlan0) Stage 4 of 5 (IP4
Configure Get) started...
NetworkManager[2066]: <info> address XX.X.XX.XX
NetworkManager[2066]: <info> prefix XX (XXX.XXX.XXX.X)
NetworkManager[2066]: <info> gateway XX.X.XX.XXX
NetworkManager[2066]: <info> nameserver 'XX.X.XX.XX'
NetworkManager[2066]: <info> nameserver 'XX.X.XX.XX'
NetworkManager[2066]: <info> domain name 'xxx.xxxxx.xxx'
NetworkManager[2066]: <info> Scheduling stage 5
NetworkManager[2066]: <info> Activation (wlan0) Stage 5 of 5 (IP
Configure Commit) scheduled...
NetworkManager[2066]: <info> Done scheduling stage 5
NetworkManager[2066]: <info> Activation (wlan0) Stage 4 of 5 (IP4
Configure Get) complete.
NetworkManager[2066]: <info> Activation (wlan0) Stage 5 of 5 (IP
Configure Commit) started...
avahi-daemon[2084]: Joining mDNS multicast group on interface
wlan0.IPv4 with address XX.X.XX.XX.
avahi-daemon[2084]: New relevant interface wlan0.IPv4 for mDNS.
avahi-daemon[2084]: Registering new address record for XX.X.XX.XX on wlan0.IPv4.
NetworkManager[2066]: <info> (wlan0): device state change: 7 -> 8 (reason 0)
NetworkManager[2066]: <info> (wlan0): roamed from BSSID
XX:XX:XX:XX:XX:XX (XXXXXXXX) to XX:XX:XX:XX:XX:XX (XXXXXXXX)
NetworkManager[2066]: <info> Policy set 'XXXXXXXX' (wlan0) as default
for IPv4 routing and DNS.
NetworkManager[2066]: <info> Activation (wlan0) successful, device activated.
NetworkManager[2066]: <info> Activation (wlan0) Stage 5 of 5 (IP
Configure Commit) complete.
[cut]
On 5 July 2011 14:01, Andreas Reschke <Andreas.Reschke at behrgroup.com> wrote:
> rhelv6-list-bounces at redhat.com schrieb am 01.07.2011 07:59:24:
>
>> Kurt Keller <kkathag at gmail.com>
>> Gesendet von: rhelv6-list-bounces at redhat.com
>>
>> 01.07.2011 08:01
>>
>> Bitte antworten an
>> "Red Hat Enterprise Linux 6 \(Santiago\) discussion mailing-list"
>> <rhelv6-list at redhat.com>
>>
>> An
>>
>> "Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list"
>> <rhelv6-list at redhat.com>
>>
>> Kopie
>>
>> Thema
>>
>> Re: [rhelv6-list] WLAN with RHEL6 with auth against Windows ADS
>>
>> Hi Andreas,
>>
>> Here the notes from how I got my Fedora 14 box connected to the
>> company wireless network. Hope it helps. But you might also need to
>> talk to your ADS guys to find out what exactly is required in your
>> specific environment.
>>
>> * I actually configured the connection in NetworkManager (instructions
>> might not be completely accurate, as it is documented after the fact
>> and after quite a number of failures, probably due to an older kernel
>> version)
>> + add a new wireless connection
>> # Security: WPA & WPA2 Enterprise
>> # Authentication: TLS
>> # Identity: <my-user-id>
>> # User Certificate: blank
>> # CA certificate: the file with the chain to the
>> CA certificate
>> # Private key: the exported key/certificate
>> combo in pkcs12 format (could not get it to run at all with
>> certificate and key in pem format)
>> # Private key password: well, the password for
>> the pkcs12 package
>> # ignore the messages about the private key
>> being unencrypted (even though it is encrypted)
>>
>> Cheers,
>>
>> Kurt
>>
>> On 27 June 2011 13:39, Andreas Reschke <Andreas.Reschke at behrgroup.com>
>> wrote:
>> > Hi,
>> >
>> > I want to use WLAN in our office. I've 2 certificate (userid.cer)
>> >
>> > a)
>> > cat RESCH.cer
>> > -----BEGIN CERTIFICATE-----
>> > MIIGhDCCBe2gAwIBAgIKI7sHqAAAAAE5czANBgkqhkiG9w0BAQUFADA/MQswCQYD
>> > ......
>> >
>> > b)
>> > cat RESCH.cer
>> > 0��0���
>> >
>> > 0?19s0 *�H��
>> >
>> > 0 0 UDE10U Stuttgart1
>> >
>> > U
>> >
>> > 0ehr1
>> >
>> > 120111083751Z0y10
>> >
>> > �&���,dnet10
>> >
>> > �&���,d behrgroup1
>> > ......
>> >
>> > Which one is there right one? The more ascii-like or the binary version?
>> > And
>> > which settings in NetworkManager are required?
>> >
>> > Authentication: TLS, LEAP, Tunneld TLS, Protected EAP (PEAP)?
>> >
>> > Thanks for your help
>> >
>> >
>> > Andreas Reschke
>> > _______________________________________________
>> > rhelv6-list mailing list
>> > rhelv6-list at redhat.com
>> > https://www.redhat.com/mailman/listinfo/rhelv6-list
>> >
>> >
>>
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> Hello Kurt,
>
> now I've created the both certificate files. This is what I get from
> /var/log/messages:
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
> Stage 1 of 5 (Device Prepare) scheduled...
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
> Stage 1 of 5 (Device Prepare) started...
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
> state change: 6 -> 4 (reason 0)
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
> Stage 2 of 5 (Device Configure) scheduled...
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
> Stage 1 of 5 (Device Prepare) complete.
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
> Stage 2 of 5 (Device Configure) starting...
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
> state change: 4 -> 5 (reason 0)
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation
> (wlan0/wireless): connection 'B3hr--36' has security, and secrets exist. No
> new secrets needed.
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added 'ssid'
> value 'B3hr--36'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'scan_ssid' value '1'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'key_mgmt' value 'WPA-EAP'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added 'eap'
> value 'TLS'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'fragment_size' value '1300'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'ca_cert' value '/home/resch/Zertifikate/resch.pem'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'private_key' value '/home/resch/Zertifikate/resch.p12'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'private_key_passwd' value '<omitted>'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: added
> 'identity' value 'resch'
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Activation (wlan0)
> Stage 2 of 5 (Device Configure) complete.
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> Config: set
> interface ap_scan to 1
>
> Jul 5 13:57:40 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> scanning
>
> Jul 5 13:57:43 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: scanning -> associating
>
> Jul 5 13:57:43 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associating -> associated
>
> Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associated -> disconnected
>
> Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> scanning
>
> Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: scanning -> disconnected
>
> Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> associating
>
> Jul 5 13:57:46 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associating -> associated
>
> Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associated -> disconnected
> Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> scanning
> Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: scanning -> disconnected
> Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> associating
> Jul 5 13:57:48 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associating -> associated
> Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associated -> disconnected
> Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> scanning
> Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: scanning -> disconnected
> Jul 5 13:57:50 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: disconnected -> associating
> Jul 5 13:58:05 st00ni0029 NetworkManager[2505]: <warn> Activation
> (wlan0/wireless): association took too long.
> Jul 5 13:58:05 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
> state change: 5 -> 6 (reason 0)
> Jul 5 13:58:06 st00ni0029 NetworkManager[2505]: <warn> Activation
> (wlan0/wireless): asking for new secrets
> Jul 5 13:58:06 st00ni0029 NetworkManager[2505]: <info> (wlan0): supplicant
> connection state: associating -> disconnected
> Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
> state change: 6 -> 9 (reason 7)
> Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <warn> Activation (wlan0)
> failed for access point (B3hr--36)
> Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> Marking connection
> 'B3hr--36' invalid.
> Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <warn> Activation (wlan0)
> failed.
> Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> (wlan0): device
> state change: 9 -> 3 (reason 0)
> Jul 5 13:58:08 st00ni0029 NetworkManager[2505]: <info> (wlan0):
> deactivating device (reason: 0).
>
>
> But it didn't work
>
> Andreas
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
>
More information about the rhelv6-list
mailing list