On iOS, Windows, and MacOS, when you attempt to connect to a WPA2-Enterpise network, after you enter your credentials, it ***offers* you the certificate, to install**. **The same doesn't apply for *any* [Linux](https://en.wikipedia.org/wiki/Linux) distro**, however. - I have tried on everything from Ubuntu to Kali. - Manually providing the certificate **isn’t** an option. - If relevant, the network uses [PEAP](https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol) , and mschapv2 as it's inner auth. ___ I have edited my question and updated it to "any Linux," because this doesn't just apply to Kali. Even Ubuntu, being considered the most 'user friendly' distro, there is no automatic offer. ***Surely* this is possible?** Hours of research have still left me stumped.

I have to connect to a WPA2 Enterprise network which only works if I don't verify the certificate. I would prefer not to do this, because this way anyone can see the MSCHAPv2 messages. The first step to fixing this would be looking at the certificate offered by the AP, then configuring wpa_supplicant to only trust that one. But I don't know how to get the certificate. The wpa_cli "status" command doesn't show it and it's not in any logs. I'm also curious about which SSL/TLS cipher suites are used. Is it possible to connect manually, maybe with openssl s_client?

Would you please tell me, is it possible to encrypt the identity and password values in a netctl profile configuration file? This profile sets up a connection to a WPA2 Enterprise wireless network. Would you please instruct me on how to encrypt the plain text values, if it is possible? My current netctl profile configuration file is: Description='WiFi' Interface=wlan0 Connection=wireless Security=wpa-configsection IP=dhcp WPAConfigSection=( 'ssid="ssid"' 'proto=WPA RSN' 'key_mgmt=WPA-EAP' 'pairwise=CCMP' 'group=CCMP' 'eap=PEAP' 'anonymous_identity="anonymous@domain.name"' 'identity="USERNAME"' 'password="PASSWORD"' 'ca_cert="/path/to/cert.pem"' 'phase2="auth=MSCHAPV2"' 'priority=1' ) USERNAME and PASSWORD in an example above are plain text values. I know it is possible to [obfuscate the wireless passphrase](https://wiki.archlinux.org/title/Netctl#Obfuscate_wireless_passphrase) when using WPA2-PSK. I'm looking for a similar functionality for WPA2 Enterprise.

at school the wifi network is wpa2 with peap and mschapv2 requireing a certificate to authenticate and connect along with user name and password i have obtained a copy of the certificate from the school's it technitians in ubuntu to add the certificate i copied it into /usr/share/ca-certificates/extra and then ran sudo dpkg-reconfigure ca-certificates which gided me through the screens below and gave the output however i would now like to move from ubuntu to arch linux but have been un able to add the certificate and connect to the network could anyone please tell me what the equivilent command is in arch.

I am trying to setup Gentoo on my laptop and am having trouble connecting to wifi. I've never done this before, so I might be making a simple mistake. I've been following [these instructions](https://wiki.gentoo.org/wiki/Handbook:AMD64/Networking/Wireless) . My /etc/wpa_supplicant/wpa_supplicant.conf file is:

# not sure if all of the next 4 lines are necessary
ctrl_interface=/var/run/wpa_supplicant
update_config=1
ctrl_intrface_group=0
ap_scan=1

network={
    ssid=""
    #psk="
    psk=
}

When I run wpa_supplicant, I see:

# wpa_supplicant -B -i wlp4s0 -c /etc/wpa_suplicant/wpa_supplicant.conf
Successfully initialized wpa_supplicant

# wpa_cli
wpa_cli v2.10
...
Could not connect to wpa_supplicant: (nil) - re-trying

^C

# iw wlp4s0 link
Not connected.

Things I've checked: 1. SSID and password are correct 2. Network interface is up:

# ifconfig
wlp4s0: flags=4099...

The wifi network uses WPA, not WPA2/3, in case that makes a difference.

I tried to connect to WiFi with WPA2 enterprise authentication to default radius server configuration with Linux mint 19.2 but I can't. I set security to WPA2 enterprise, authentication to TTLS, I checked the No CA certification, Inner authentication MSCHAPv2 and correct username and password. I tried this with Ubuntu and fedora gnome version and there was no problem and They were successfully connected.

I am having a small issue with my Wi-Fi adapter. It seems that the GUI interface is struggling to connect, so it does not automatically connect when I start the system. In order to connect, I have to open a command-line shell & execute the following command:

$ sudo iw dev  connect

So the credentials have been stored correctly. It just seems the GUI network manager is having some issues. I am running a 2007 MacBook Pro with Ubuntu MATE 19.04 x86_64. This is a fresh install.

$ lspci
...
0b:00.0 Network controller: Qualcomm Atheros AR5418 Wireless Network Adapter [AR5008E 802.11(a)bgn] (PCI-Express) (rev 01)
...

$ lsmod | grep -i ath
ath9k                 151552  0
ath9k_common           36864  1 ath9k
ath9k_hw              475136  2 ath9k_common,ath9k
ath                    36864  3 ath9k_common,ath9k,ath9k_hw
mac80211              806912  1 ath9k
cfg80211              671744  4 ath9k_common,ath9k,ath,mac80211

**Edit:** I apologize, I did forget to mention that my WiFi uses WPA2 Personal security.

I am trying to integrate WPA2 into open network in AP side, and I managed through quite good so far, I am now able to encrypt and decrypt live traffic. However, stations are ignoring my messages, specifically ARP response (as it is the first message to occur and nothing will work without it.). MIC in the secured frame is correct, sequence number and IV are incremented. I was looking for any kind of log files that would shed some light why are my frames discarded - the very next frame I receive from STA has SN and IV same as mine, thus they ignored my message. I have looked into /var/log/syslog and /var/log/kern.log and journalctl -u NetworkManager, but the information there is not sufficient. I increased logging level to debug by echo "3" > /proc/sys/kernel/printk and nmcli general logging level DEBUG. What I am looking for is kind of output wpa_supplicant provides in -dd mode. It was very helpful to see exactly what steps are taken by the station, like extracting keys, computing values, checking attributes and so on - basically what is the reason station stops processing the frame. But wpa_supplicant only provides logging until successfully connected - till group handshake; any WiFi frames received afterwards are not processed. Is there any tool or way on how to get this kind of deep logging in WPA2 station that would show me how it exactly handles received frames?

I recently updated my system with Pacman and am getting a could not start kdeinit5 error message. After some Googling. It seems I simply need to update Pacman. However, as I am on Wifi and have no means of connecting via Ethernet. I need to connect to my WPA2-PSK protected network before Pacman will function. I'm a new Manjaro user. How can I connect to my network?

I'm running fish shell on TTY in Fedora. I have nmtui (Network Manager with text user interface) installed. I can activate connections. I want to connect to a hidden wireless network with WPA2 security whose credentials I know. Suggestions on nmcli as well as other ways (terminal commands, config) to do that is very much welcome.

I have two brand new Raspberry Pi 3s both running Minibian. I am trying to use the built-in WiFi adapater to connect to my server subnet. I can see the network I'm attempting to connect to with iwlist scan. The network I am attempting to connect to is WPA2 personal. It is setup to only use AES and not TKIP. This is what the /etc/network/interfaces file looks like... auto wlan0 iface wlan0 inet dhcp wpa-ssid Allen_Hundley wpa_psk MY_HASHED_PSK wpa-pairwise CCMP wpa-group CCMP wpa-proto RSN wpa-key-mgmt WPA-PSK One issue I'm thinking may be there is the underscore in my SSID. But I have been unable to find any information on this. What could the issue be?

System: archlinux (last updates) I plugged in a USB wireless dongle and basic things seem to work out of the box, however I can't seem to be able to configure wpa_supplicant properly to get a connection. It always tells me I likely have a wrong key - which I know I don't as this is what I use with my other systems, so there is most certainly something I am missing. I use MAC filtering but this is set-up correctly. I can check my interface > iw dev phy#0 Interface wlp0s29f0u1 ifindex 3 wdev 0x1 addr > type managed I can scan the available networks > iw dev wlp0s29f0u1 scan This command gives lots of results and information that matches my other systems. Including my ssid: BSS >(on wlp0s29f0u1) TSF: 5596476527 usec (0d, 01:33:16) freq: 2412 beacon interval: 200 TUs capability: ESS Privacy ShortSlotTime (0x0411) signal: -65.00 dBm last seen: 1430 ms ago Information elements from Probe Response frame: SSID: > Supported rates: 1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 DS Parameter set: channel 1 Country: GB Environment: Indoor/Outdoor Channels [1 - 13] @ 20 dBm ERP: Barker_Preamble_Mode Extended supported rates: 24.0 36.0 48.0 54.0 HT capabilities: Capabilities: 0x1ad RX LDPC HT20 SM Power Save disabled RX HT20 SGI TX STBC RX STBC 1-stream Max AMSDU length: 3839 bytes No DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: No restriction (0x00) HT TX/RX MCS rate indexes supported: 0-15 HT operation: * primary channel: 1 * secondary channel offset: no secondary * STA channel width: 20 MHz * RIFS: 0 * HT protection: non-HT mixed * non-GF present: 1 * OBSS non-GF present: 1 * dual beacon: 0 * dual CTS protection: 0 * STBC beacon: 0 * L-SIG TXOP Prot: 0 * PCO active: 0 * PCO phase: 0 Overlapping BSS scan params: * passive dwell: 20 TUs * active dwell: 10 TUs * channel width trigger scan interval: 300 s * scan passive total per channel: 200 TUs * scan active total per channel: 20 TUs * BSS width channel transition delay factor: 5 * OBSS Scan Activity Threshold: 0.25 % Extended capabilities: HT Information Exchange Supported, 6 WMM: * Parameter version 1 * u-APSD * BE: CW 15-1023, AIFSN 3 * BK: CW 15-1023, AIFSN 7 * VI: CW 7-15, AIFSN 2, TXOP 3008 usec * VO: CW 3-7, AIFSN 2, TXOP 1504 usec RSN: * Version: 1 * Group cipher: CCMP * Pairwise ciphers: CCMP * Authentication suites: PSK * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000) I have a basic profile: > cat /etc/wpa_supplicant/wpa.conf ctrl_interface=/var/run/wpa_supplicant update_config=1 network={ ssid=">" psk=> key_mgmt=WPA-PSK # I tried without, same result ieee80211w=1 # I tried without (both), same result } I tried two ways to start wpa_supplicant with exactly the same results: > wpa_supplicant -B -Dnl80211 -iwlp0s29f0u1 -c /etc/wpa_supplicant/wpa.conf Successfully initialized wpa_supplicant (kill -9 and restart) > wpa_supplicant -B -Dnl80211,wext -iwlp0s29f0u1 -c /etc/wpa_supplicant/wpa.conf Successfully initialized wpa_supplicant Now on to what happens in both cases: > wpa_cli > scan > scan_results > 2412 -65 [WPA2-PSK-CCMP][ESS] > CTRL-EVENT-SCAN-STARTED CTRL-EVENT-SCAN-RESULTS WPS-AP-AVAILABLE CTRL-EVENT-SSID-REENABLED id=0 ssid=">" SME: Trying to authenticate with > (SSID='>' freq=2412 MHz) Trying to associate with > (SSID='>' freq=2412 MHz) Associated with > WPA: Failed to set PTK to the driver (alg=3 keylen=16 bssid=>) CTRL-EVENT-DISCONNECTED bssid=> reason=1 locally_generated=1 WPA: 4-Way Handshake failed - pre-shared key may be incorrect CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=">" auth_failures= duration= reason=WRONG_KEY CTRL-EVENT-SCAN-STARTED CTRL-EVENT-SCAN-RESULTS WPS-AP-AVAILABLE **There are two things that jump out:** WPA: Failed to set PTK to the driver (alg=3 keylen=16 bssid=>) CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=">" auth_failures= duration= reason=WRONG_KEY I believe the second is a symptom of the first. So my real problem is understanding what is wrong with my set-up that it generates the first error message. That's where I am hoping for a bit of help. Thanks.