wpa_supplicant wont connect to WPA enterprise EAP-PEAP MSCHAPv2

Question

I am trying to authenticate with a Wpa_enterprise network via Wpa_supplicant using PEAP-MSCHAPv2 , the back-end radius server is running what I believe to be free-radius 3.0. I have tried numerous configuration files, the credentials are correct. I am unsure why I'm unable to connect. I will share my previous configuration file attempts as well the output. Please Note , the output information is not in the respective order of the configs, I am simply trying to provide as much information as possible. Additionally I have replaced the hash values with arbitrary values, as I am not familiar with the platforms guidelines

config 1 

    network={
    ssid="lkpop1"
    scan_ssid=1
    key_mgmt=WPA-EAP
    identity="user1"
    password="password123!"
    eap=PEAP
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
}

config 2 

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
#country=US
network={
        ssid="lkpop1"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="user1"
        password=hash:8119935c5f7fa5f57135620c8073aaca
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"


        
      
config 3 

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
#country=US
network={
        ssid="lkpop1"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="user1"
        password="password123!"
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"


}

config 4 

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
#country=US
network={
        ssid="lkpop1"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="user1"
        ca_cert="/etc/cert/ca.pem"
        password="password123!"
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
}
   
config 5

network={
        ssid="lkpop1"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="user1"
        password=hash:8119935c5f7fa5f57135620c8073aaca
        ca_cert="/etc/cert/ca.pem" 
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
}

output 1

WPA_SUPPLICANT output

wpa_supplicant -i wl0 -Dnl80211 -c wpa_supplicant.conf
Successfully initialized wpa_supplicant
rfkill: Cannot open RFKILL control device
rfkill: Cannot get wiphy information
wl0: SME: Trying to authenticate with 00:11:00:be:02:09 (SSID='lkpop1' freq=2452 MHz)
wl0: Trying to associate with 00:11:00:be:02:09 (SSID='lkpop1' freq=2452 MHz)
wl0: Associated with 00:11:00:be:02:09
wl0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wl0: CTRL-EVENT-EAP-STARTED EAP authentication started
wl0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wl0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wl0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=lk/L=hs/O=pk/emailAddress=ca@lkpop1.localdomain/CN=ak Certificate Authority' hash=6d7acb97ebc3d10f265bc9e0cb79ce2f915eb1d78fc9bb9318ca74a30ce67856
wl0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=lk/L=hs/O=pk/emailAddress=ca@lkpop1.localdomain/CN=ak Certificate Authority' hash=6d7acb97ebc3d10f265bc9e0cb79ce2f915eb1d78fc9bb9318ca74a30ce67856
wl0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=GB/ST=lk/O=pk/CN=ak Wi-Fi Radius/emailAddress=wifi-admin@lkpop1.localdomain' hash=6d7acb97ebc3d10f265bc9e0cb79ce2f915eb1d78fc9bb9318ca74a30ce67856
wl0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wl0: CTRL-EVENT-DISCONNECTED bssid=00:11:00:be:02:09 reason=23
wl0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="lkpop1" auth_failures=1 duration=10 reason=AUTH_FAILED
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl0/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
^Cnl80211: deinit ifname=p2p-dev-wl0 disabled_11b_rates=0
p2p-dev-wl0: CTRL-EVENT-TERMINATING
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl0/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl0/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
nl80211: deinit ifname=wl0 direspectivelysabled_11b_rates=0
wl0: CTRL-EVENT-TERMINATING


output 2 

 wpa_supplicant -Dnl80211 -i wl1 -c wpa_supplicant.conf
Successfully initialized wpa_supplicant
rfkill: Cannot open RFKILL control device
rfkill: Cannot get wiphy information
nl80211: Could not set interface 'p2p-dev-wl1' UP
nl80211: deinit ifname=p2p-dev-wl1 disabled_11b_rates=0
p2p-dev-wl1: Failed to initialize driver interface
P2P: Failed to enable P2P Device interface
wl1: SME: Trying to authenticate with 00:11:00:be:02:09 (SSID='lkpop1 ' freq=2452 MHz)
wl1: Trying to associate with 00:11:00:be:02:09 (SSID='lkpop1 ' freq=2452 MHz)
wl1: Associated with 00:11:00:be:02:09
wl1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wl1: CTRL-EVENT-EAP-STARTED EAP authentication started
wl1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wl1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wl1: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=lk/L=hs/O=pk/emailAddress=ca@pk.localdomain/CN=pk Certificate Authority' hash=9a1a24894acb1f183e9b290583b9ac48ce94ede298f897197b9c94b9db8eb255
wl1: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=lk/L=hs/O=pk/emailAddress=ca@pk.localdomain/CN=pk Certificate Authority' hash=9a1a24894acb1f183e9b290583b9ac48ce94ede298f897197b9c94b9db8eb255
wl1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=GB/ST=lk/O=pk/CN=pk Wi-Fi Radius/emailAddress=wifi-admin@pk.localdomain' hash=9a1a24894acb1f183e9b290583b9ac48ce94ede298f897197b9c94b9db8eb255
wl1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wl1: CTRL-EVENT-DISCONNECTED bssid=00:11:00:be:02:09 reason=23
wl1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="lkpop1 " auth_failures=1 duration=10 reason=AUTH_FAILED
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl1/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
^Cnl80211: Failed to open /proc/sys/net/ipv4/conf/wl1/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl1/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
nl80211: deinit ifname=wl1 disabled_11b_rates=0
wl1: CTRL-EVENT-TERMINATING

output 3 

Successfully initialized wpa_supplicant
rfkill: Cannot open RFKILL control device
rfkill: Cannot get wiphy information
nl80211: Could not set interface 'p2p-dev-wl1' UP
nl80211: deinit ifname=p2p-dev-wl1 disabled_11b_rates=0
p2p-dev-wl1: Failed to initialize driver interface
P2P: Failed to enable P2P Device interface
wl1: SME: Trying to authenticate with 00:11:00:be:02:09 (SSID='lkpop1 ' freq=2452 MHz)
wl1: Trying to associate with 00:11:00:be:02:09 (SSID='lkpop1 ' freq=2452 MHz)
wl1: Associated with 00:11:00:be:02:09
wl1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wl1: CTRL-EVENT-EAP-STARTED EAP authentication started
wl1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wl1: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wl1: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=GB/ST=lk/L=hs/O=pk/emailAddress=ca@pk.localdomain/CN=pk Certificate Authority' hash=9a1a24894acb1f183e9b290583b9ac48ce94ede298f897197b9c94b9db8eb255
wl1: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=GB/ST=lk/O=pk/CN=pk Wi-Fi Radius/emailAddress=wifi-admin@pk.localdomain' hash=9a1a24894acb1f183e9b290583b9ac48ce94ede298f897197b9c94b9db8eb255
TLS: Certificate verification failed, error 7 (certificate signature failure) depth 0 for '/C=GB/ST=lk/O=pk/CN=pk Wi-Fi Radius/emailAddress=wifi-admin@pk.localdomain'
wl1: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=0 depth=0 subject='/C=GB/ST=lk/O=pk/CN=pk Wi-Fi Radius/emailAddress=wifi-admin@pk.localdomain' err='certificate signature failure'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:decrypt error
OpenSSL: openssl_handshake - SSL_connect error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
OpenSSL: pending error: error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
OpenSSL: pending error: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
OpenSSL: pending error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
wl1: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wl1: CTRL-EVENT-DISCONNECTED bssid=00:11:00:be:02:09 reason=23
wl1: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="lkpop1 " auth_failures=1 duration=10 reason=AUTH_FAILED
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl1/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
^Cnl80211: Failed to open /proc/sys/net/ipv4/conf/wl1/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
nl80211: Failed to open /proc/sys/net/ipv4/conf/wl1/drop_unicast_in_l2_multicast: Read-only file system
nl80211: Failed to set IPv4 unicast in multicast filter
nl80211: deinit ifname=wl1 disabled_11b_rates=0
wl1: CTRL-EVENT-TERMINATING

Hi, did you have a look at https://unix.stackexchange.com/questions/478668/wpa-supplicant-not-connecting-because-ssl3-is-unsupported — Adrien Clerc, Jun 23 '22 at 07:47

wpa_supplicant wont connect to WPA enterprise EAP-PEAP MSCHAPv2

0 Answers0