Ubuntu 20.04 LTS on Lenovo Thinkpad E480 is not roaming in EAP-TLS

LondonB
Just browsing

Ubuntu 20.04 LTS on Lenovo Thinkpad E480 is not roaming in EAP-TLS

Hi.

 

We have lots of MR45's.

We use EAP-TLS, 802.11r is enabled, 802.11w is enabled (allow unsupported clients).

 

The issue is that Ubuntu is stuck on the first AP and does not roam to another AP.

MacBook's and Windows computers roam fine.

 

From the logs I can see:

wpa_supplicant: FT: Failed to set PTK to the driver

kernel: wifiinterface: mac_addess denied authentication (status 53)

 

also

kernel: wifiinterface: mac_address unexpected authentication state: alg 2 (expected 0) transact 2 (expected 2)

What might be the root cause here/ how to solve this problem?

 

Merakis AP's are running MR 26.6.1

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

This is almost certainly going to be a driver bug on the Ubuntu side.

 

You'll need to experiment to find which component the driver is not handling, like:

* Disabling 802.11r

* Disabling EAP-fast reconnect on the RADIUS server

* Try a different WiFI card

Found the root cause. Ubuntu, for a long time now, randomizes MAC address when scanning for WiFi availability. When it scans for WiFi, the connection will break.

 

Not sure if it's Meraki's problem, network-manager problem, wpa_supplicant problem or it's the integration problem, but the bottom line is that connection will break.

 

The solution is to disable MAC address randomization when scanning for WiFi availability. This is longer explained here: https://askubuntu.com/a/905019 and to avoid data loss caused by link rot, I will paste the solution here too:

Open a terminal and run:

sudo tee /etc/NetworkManager/conf.d/wifi.scan-rand-mac-address.conf > /dev/null <<EOF
[device]
wifi.scan-rand-mac-address=no
EOF
sudo service network-manager restart 

Actually - the problem is still there. 

 

Dec 1 14:04:11 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-AUTH-REJECT mac_address_1 auth_type=2 auth_transaction=2 status_code=53
Dec 1 14:04:12 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_2 (SSID='ssid_name' freq=2437 MHz)
Dec 1 14:04:12 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-AUTH-REJECT mac_address_2 auth_type=2 auth_transaction=2 status_code=53
Dec 1 14:04:12 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_3 (SSID='ssid_name' freq=2412 MHz)
Dec 1 14:04:12 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-AUTH-REJECT mac_address_3 auth_type=2 auth_transaction=2 status_code=53
Dec 1 14:04:12 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_4 (SSID='ssid_name' freq=2412 MHz)
Dec 1 14:04:12 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-AUTH-REJECT mac_address_4 auth_type=2 auth_transaction=2 status_code=53
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_5 (SSID='ssid_name' freq=2412 MHz)
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-AUTH-REJECT mac_address_5 auth_type=2 auth_transaction=2 status_code=53
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_6 (SSID='ssid_name' freq=5220 MHz)
Dec 1 14:04:13 hostname wpa_supplicant[1117]: FT: Failed to set PTK to the driver
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: Trying to associate with mac_address_6 (SSID='ssid_name' freq=5220 MHz)
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: Associated with mac_address_6
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: WPA: Key negotiation completed with mac_address_6 [PTK=CCMP GTK=CCMP]
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-CONNECTED - Connection to mac_address_6 completed [id=0 id_str=]
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Dec 1 14:04:13 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-72 noise=9999 txrate=6000
Dec 1 14:04:17 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=mac_address_6 reason=4 locally_generated=1
Dec 1 14:04:17 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_7 (SSID='ssid_name' freq=5540 MHz)
Dec 1 14:04:17 hostname wpa_supplicant[1117]: wlp0s20f3: Trying to associate with mac_address_7 (SSID='ssid_name' freq=5540 MHz)
Dec 1 14:04:17 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-ASSOC-REJECT bssid=mac_address_7 status_code=53
Dec 1 14:04:17 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Deauth request to the driver failed
Dec 1 14:04:17 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Trying to authenticate with mac_address_8 (SSID='ssid_name' freq=5200 MHz)
Dec 1 14:04:18 hostname wpa_supplicant[1117]: wlp0s20f3: Trying to associate with mac_address_8 (SSID='ssid_name' freq=5200 MHz)
Dec 1 14:04:18 hostname wpa_supplicant[1117]: wlp0s20f3: CTRL-EVENT-ASSOC-REJECT bssid=mac_address_8 status_code=53
Dec 1 14:04:18 hostname wpa_supplicant[1117]: wlp0s20f3: SME: Deauth request to the driver failed

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels