Unable to connect to WPA2-E PEAP

dweng · December 15, 2018, 11:06pm

I am having an issue connecting to WPA2-Enterprise with PEAP and MSCHEAPv2 authentication. We are using no certificate and using domain credentials.

I manually added the entry system-ca-cert=false to /etc/NetworkManager/system-connections/SSID.nmconnection under [802-1x]

I even tried the suggested and installed wpasupplicant 2.4 per Unable to connect to PEAP MSCHAPv2 WIFI

I am really at lost. Maybe I did something wrong. I will appreciate any suggestions.

What version of Parrot are you running? (include version, edition, and architecture)
Linux parrot 4.18.0-parrot20-amd64 #1 SMP Debian 4.18.20-2parrot20 (2018-12-10) x86_64 GNU/Linux
What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)
Standard
Configured to multiboot with other systems? (yes / no)
no
If there are any similar issues or solutions, link to them below:
n/a
If there are any error messages or relevant logs, post them below:
https://pastebin.com/pbsXtk2S
https://pastebin.com/ZVTLtTMs

san7 · December 16, 2018, 5:20pm

from the provided output:

Dec 14 15:58:20 parrot wpa_supplicant[1109]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version

Dec 14 15:58:20 parrot wpa_supplicant[1109]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

you have definitly another issue
what kind of radius or 802.1x system do you use?

certifcate expired? do you use old ssl version?

dweng · December 16, 2018, 8:44pm

We have Ubiquiti APs that authenticate with our AD server. I checked on the authenticating server logs and noticed it says credentials coming from my computer are invalid. I know the user and password are correct in the nmconnection folder.

I asked put in the setting asking it to ignore certicate but is that still a problem? I am not sure about the SSL version at this time.

san7 · December 16, 2018, 10:23pm

https://duckduckgo.com/?q=wpa_supplicant[1109]%3A+OpenSSL%3A+openssl_handshake+-+SSL_connect+error%3A1425F102%3ASSL+routines%3Assl_choose_client_version%3Aunsupported+protocol&t=ffab&ia=web

have you tried looking for that message in your log??
it is within same second as your association starts - guess what?

dweng · December 17, 2018, 3:40pm

I see the same errors. I followed their example and added the following 2 lines to /etc/ssl/openssl.cnf, still without success:
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=1

The one thing I haven’t done is downgrading OpenSSL. Unless I missed something else.

syslog:Dec 17 10:15:41 parrot wpa_supplicant[1109]: SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
syslog:Dec 17 10:15:41 parrot wpa_supplicant[1109]: OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol