After two years and countless hours of trying to fix this issue, I was finally able to connect to eduroam (Enterprise WPA) from Arch. I was able to do this by ignoring NetworkManager entirely and using wpa_supplicant explicitly. Today I have learned of the existence of systemd-networkd and it allows me to connect to the internet. As I use NetworkManager on other machines for home WiFi connections, VPNs, etc., I would like to also get eduroam working with my original NetworkManager setup. Here is my current (working) setup:

> cat /etc/wpa_supplicant/wpa_supplicant-wlan0.conf`
network={
        ssid="eduroam"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="username@domain"
        password="********"
        phase2="auth=MSCHAPV2"
}

> systemctl stop NetworkManager.service 
> systemctl start wpa_supplicant@wlan0.service systemd-networkd.service systemd-resolved.service dhcpcd.service

I have the (to my eyes) equivalent NetworkManager config, which doesn't work:

> cat /etc/NetworkManager/system-connections/eduroam.nmconnection
[connection]
id=eduroam
uuid=95580564-0352-438d-9804-364636618a28
type=wifi

[wifi]
mode=infrastructure
ssid=eduroam

[wifi-security]
key-mgmt=wpa-eap

[802-1x]
eap=peap;
identity=username@domain
password=********
phase2-auth=mschapv2

[ipv4]
method=auto

[ipv6]
method=auto

[proxy]

> nmcli con up eduroam
Error: Connection activation failed: The Wi-Fi network could not be found
Hint: use 'journalctl -xe NM_CONNECTION=95580564-0352-438d-9804-364636618a28 + NM_DEVICE=wlan0' to get more details.

> journalctl -xe NM_CONNECTION=95580564-0352-438d-9804-364636618a28 + NM_DEVICE=wlan0
Jun 18 16:15:03 kim-xps13-9343 NetworkManager:   [1718720103.7090] device (wlan0): supplicant interface state: disconnected -> scanning
Jun 18 16:15:08 kim-xps13-9343 NetworkManager:   [1718720108.2210] device (wlan0): supplicant interface state: scanning -> disconnected
Jun 18 16:15:18 kim-xps13-9343 NetworkManager:   [1718720118.2758] device (wlan0): supplicant interface state: disconnected -> scanning
Jun 18 16:15:22 kim-xps13-9343 NetworkManager:   [1718720122.7869] device (wlan0): supplicant interface state: scanning -> disconnected
Jun 18 16:15:25 kim-xps13-9343 NetworkManager:   [1718720125.1830] device (wlan0): Activation: (wifi) association took too long, failing activation
Jun 18 16:15:25 kim-xps13-9343 NetworkManager:   [1718720125.1831] device (wlan0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Jun 18 16:15:25 kim-xps13-9343 NetworkManager:   [1718720125.1843] device (wlan0): Activation: failed for connection 'eduroam'
Jun 18 16:15:25 kim-xps13-9343 NetworkManager:   [1718720125.1845] device (wlan0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Jun 18 16:15:44 kim-xps13-9343 NetworkManager:   [1718720144.8036] device (wlan0): supplicant interface state: disconnected -> inactive
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7364] device (wlan0): Activation: starting connection 'eduroam' (95580564-0352-438d-9804-364636618a28)
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7364] device (wlan0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7369] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7372] device (wlan0): Activation: (wifi) access point 'eduroam' has security, but secrets are required.
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7372] device (wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7382] device (wlan0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7385] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7387] device (wlan0): Activation: (wifi) connection 'eduroam' has security, and secrets exist.  No new secrets needed.
Jun 18 16:17:03 kim-xps13-9343 NetworkManager:   [1718720223.7461] device (wlan0): supplicant interface state: inactive -> disconnected
Jun 18 16:17:13 kim-xps13-9343 NetworkManager:   [1718720233.7945] device (wlan0): supplicant interface state: disconnected -> scanning
Jun 18 16:17:18 kim-xps13-9343 NetworkManager:   [1718720238.3069] device (wlan0): supplicant interface state: scanning -> disconnected
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2291] device (wlan0): state change: config -> deactivating (reason 'new-activation', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2300] device (wlan0): disconnecting for new activation request.
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2312] device (wlan0): state change: deactivating -> disconnected (reason 'new-activation', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2323] device (wlan0): Activation: starting connection 'eduroam' (95580564-0352-438d-9804-364636618a28)
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2330] device (wlan0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2335] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2338] device (wlan0): Activation: (wifi) access point 'eduroam' has security, but secrets are required.
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2338] device (wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2350] device (wlan0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2353] device (wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jun 18 16:17:23 kim-xps13-9343 NetworkManager:   [1718720243.2355] device (wlan0): Activation: (wifi) connection 'eduroam' has security, and secrets exist.  No new secrets needed.

What could be happening here?

I was struggling for awhile searching for a good wpa_supplicant.conf to get access to the "eduroam" Wireless LAN network at the TU Berlin. Since I know for sure, that it is not trivial and that the bash-script actually saves your password in plain text I want to present the solution to this problem in the answer. So that anyone in the future can follow a real guide to get eduroam working and not the fuzzy solution the tubIT presents you. ---- *Update - 21 10 2021: Will work with the "updated" auth process* *Update - 04 03 2024: Will work after the AD changes* ---- The tubIT solution (namely Configuration Assistant Tool or direct here for the tubIT version) does not work properly (securely) with wpa_supplicant nor is it build to do so. cat was created with a (the) network manager (GNOME freedesktop NetworkManager) in mind.

I'm on my new Debian Stretch system and I'd like to connect to my university eduroam network. I'm not using GNOME or any DM, so I manage my connections via nmcli. However, from what I gather, it seems that nmcli doesn't support this kind of connections. Too bad. Then I decided to try with just wpa_supplicant and I found this configuration file which supposedly should work out of the box in most cases. But not for me. After editing the relevant parts, I tried with sudo wpa_supplicant -i wlp5s0 -c eduroam.conf And the output is something along these lines: Successfully initialized wpa_supplicant wlp5s0: SME: Trying to authenticate with 64:f6:9d:6a:bd:00 (SSID='eduroam' freq=2412 MHz) wlp5s0: Trying to associate with 64:f6:9d:6a:bd:00 (SSID='eduroam' freq=2412 MHz) wlp5s0: Associated with 64:f6:9d:6a:bd:00 wlp5s0: CTRL-EVENT-EAP-STARTED EAP authentication started wlp5s0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=ES wlp5s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 -> NAK wlp5s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 wlp5s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected wlp5s0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA' hash=3e9099b5015e8f486c00bcea9d111ee721faba355a 89bcf1df69561e3dc6325c wlp5s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=NL/ST=Noord-Holland/L=Amsterdam/O=TERENA/CN=TERENA SSL CA 3' hash=beb8efe9b1a73c841b375a90e5fff8048848e3a2af66f6c4dd7 b938d6fe8c5d8 wlp5s0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=ES/ST=Granada/L=Granada/O=Universidad de Granada/OU=CSIRC/CN=radius.ugr.es' hash=828fbec918c62256ea67a9737ac44b578a6b fb39ff2ef1d6f7cdb3eeea4db8b5 wlp5s0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:radius.ugr.es EAP-TLV: TLV Result - Failure wlp5s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed wlp5s0: Authentication with 64:f6:9d:6a:bd:00 timed out. wlp5s0: CTRL-EVENT-DISCONNECTED bssid=64:f6:9d:6a:bd:00 reason=3 locally_generated=1 wlp5s0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10 reason=AUTH_FAILED and then it goes all over again. I don't really know what the EAP-TLV: TLV Result - Failure message means. I've tried to Google for some troubleshooting to no avail. As per the common advices: * I'm disabling NetworkManager before testing the connection * I'm making sure there is only one wpa_supplicant instance running

Yesterday I updated my thinkpad with fedora 32 to a thinkpad with fedora 33. Soon I noticed something was amiss, I could no longer connect to eduroam. [Eduroam](https://en.wikipedia.org/wiki/Eduroam) uses WPA and WPA2 Enterprise and fedora 33 updated wpa_supplicant 2.9-3 to wpa_supplicant 2.9-6. Other things of intrest: journalctl -f gives this error a lot:

wpa_supplicant: dbus: wpa_dbus_property_changed: no property SessionLength in object /fi/w1/wpa_supplicant1/Interfaces/0

and this warning:

[1603972716.1890] device (wlp4s0): Deactivation failed: GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not connected.

While trying to connect to eduroam dmesg -wL says this:

[  234.221111] wlp4s0: authenticate with 20:a6:cd:91:52:90
[  234.231722] wlp4s0: send auth to 20:a6:cd:91:52:90 (try 1/3)
[  234.237706] wlp4s0: authenticated
[  234.240025] wlp4s0: associate with 20:a6:cd:91:52:90 (try 1/3)
[  234.241312] wlp4s0: RX AssocResp from 20:a6:cd:91:52:90 (capab=0x411 status=0 aid=1)
[  234.242458] wlp4s0: associated
[  235.139929] wlp4s0: deauthenticated from 20:a6:cd:91:52:90 (Reason: 23=IEEE8021X_FAILED)

I have tried googling a lot of these errors bur I have not found a sollution yet. Other things I tried: - Downgrade wpa_supplicant to a previous version. (didn't do anything) - Downgrade fedora back to 32 (it couldn't). - Submit a bug to bugzilla. - Cry I am a networking noob so if I missed something obvious please be kind .-.

I'm trying to connect to eduroam with iwd, but when I type station wlan0 connect eduroam the only thing I get is "Not configured". The config file I created at /var/lib/iwd/eduroam.8021x looks like this: [Security] EAP-Method=PEAP EAP-Identity=wlan@win.tu-berlin.de EAP-PEAP-CACert=/home/XXXX/eduroam.pem EAP-PEAP-ServerDomainMask=*.tubit.tu-berlin.de EAP-PEAP-Phase2-Method=MSCHAPV2 EAP-PEAP-Phase2-Identity=XXXX@win.tu-berlin.de EAP-PEAP-Phase2-Password=XXXX [Settings] AutoConnect=true iwd works fine with every other network and eduroam shows up in the known-networks list, so I don't really get where the error message comes from. What am I missing here?

since a few weeks (probably after a dist-upgrade) my machine can't connect anymore to 802.1x networks. I'm using Debian Buster with i3, but using nm-applet. I've also tryied to connect directly with wpa_supplicant but it doesn't work either. This is my configuration: [connection] id=eduroam uuid=a86d2f21-990c-4a55-b7e4-933ffcffe0cd type=wifi permissions=user:root:; [wifi] mac-address-blacklist= ssid=eduroam [wifi-security] group=ccmp;tkip; key-mgmt=wpa-eap pairwise=ccmp; proto=rsn; [802-1x] altsubject-matches=DNS:nps1.unitn.it;DNS:nps2.unitn.it;DNS:nps3.unitn.it; anonymous-identity= ca-cert=/root/.cat_installer/ca.pem eap=peap; identity=[removed] password=[secret] phase2-auth=mschapv2 [ipv4] dns-search= method=auto [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto This is the output of syslog: wpa_supplicant: wlan0: CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam" wpa_supplicant: wlan0: SME: Trying to authenticate with 00:26:0b:ac:91:d2 (SSID='eduroam' freq=2412 MHz) wpa_supplicant: wlan0: Trying to associate with 00:26:0b:ac:91:d2 (SSID='eduroam' freq=2412 MHz) wpa_supplicant: wlan0: Associated with 00:26:0b:ac:91:d2 wpa_supplicant: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 wpa_supplicant: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wpa_supplicant: wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=IT wpa_supplicant: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 -> NAK wpa_supplicant: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 wpa_supplicant: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected wpa_supplicant: wlan0: CTRL-EVENT-DISCONNECTED bssid=00:26:0b:ac:91:d2 reason=4 locally_generated=1 wpa_supplicant: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD wpa_supplicant: wlan0: SME: Trying to authenticate with 54:75:d0:3f:4d:2d (SSID='eduroam' freq=5200 MHz) wpa_supplicant: wlan0: Trying to associate with 54:75:d0:3f:4d:2d (SSID='eduroam' freq=5200 MHz) wpa_supplicant: wlan0: Associated with 54:75:d0:3f:4d:2d wpa_supplicant: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 wpa_supplicant: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wpa_supplicant: wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=IT wpa_supplicant: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 -> NAK wpa_supplicant: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 wpa_supplicant: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected wpa_supplicant: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=eduradius-dr-2018' hash=86fdb85978a8d3c9ba28e40f1f10415d49c0a595b8752556906d37ac9d1884fc wpa_supplicant: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=eduradius-dr-2018' hash=86fdb85978a8d3c9ba28e40f1f10415d49c0a595b8752556906d37ac9d1884fc wpa_supplicant: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed wpa_supplicant: wlan0: Authentication with 54:75:d0:3f:4d:2d timed out. wpa_supplicant: wlan0: CTRL-EVENT-DISCONNECTED bssid=54:75:d0:3f:4d:2d reason=3 locally_generated=1 wpa_supplicant: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=2 duration=23 reason=AUTH_FAILED wpa_supplicant: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD Apart from waiting for an update what could I do? Update, dmseg -wL output: [72642.755504] wlan0: authenticate with 54:75:d0:3f:4d:22 [72642.757856] wlan0: send auth to 54:75:d0:3f:4d:22 (try 1/3) [72642.761033] wlan0: authenticated [72642.763678] wlan0: associate with 54:75:d0:3f:4d:22 (try 1/3) [72642.766431] wlan0: RX AssocResp from 54:75:d0:3f:4d:22 (capab=0x431 status=0 aid=3) [72642.768628] wlan0: associated [72642.863828] wlan0: Limiting TX power to 17 dBm as advertised by 54:75:d0:3f:4d:22 [72647.757757] wlan0: deauthenticated from 54:75:d0:3f:4d:22 (Reason: 3=DEAUTH_LEAVING) UPDATE: Seems that' the problem is wpa_supplicant 2.6 I solved the problem by downgrading to 2.4

I am a student at an university which has eduroam, a WPA2-Enterprise wireless network. On my account this is configured using NetworkManager. This is the overview of nm-connection-editor: I have marked that this is a system connection by saying “All users may connect to this network”. In practice this does not work: - When I get logged into my Awesome WM session automatically, my (GNOME?) keyring is not unlocked. It asks for my password before it attempts to connect. This is annoying, my disk is encrypted anyway. So I would like to store the password as root, so to speak. - When I log into another account with KDE, the connection does not work there. So I think there are two potential problems here: 1. The certificate file is in my home directory. Other user accounts cannot read my home directory. If I would move that certificate to a central place (like /usr/share/ I guess?), other accounts could use this since the certificate would no longer be missing. 2. The password is stored in my local keyring in my home directory. The password would have to be stored system wide. I don't see any configuration files anyway. From what [I read](https://blogs.gnome.org/dcbw/2010/04/30/what-you-dont-know-about-networkmanager-part-1-configuration/) , NetworkManager stores its data in some service it communicates with via D-Bus. Therefore the data is stored *somewhere*. How can I make this a system wide configuration that just works automatically for every user of the system? ---- If it is of concern, the distribution is Fedora 24.