Pi 4 Raspbian Buster PEAP connection failed

[alexzace]

Hi, currently i have a Pi 4 with Buster OS.

Please help to solve this issue. Thanks

This is my wpa_supplicant.conf which work in any model of Raspberry Pi(Jessie/Stretch) except Raspberry Pi 4 model B (Buster).

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid="MYSSID"
key_mgmt=WPA-EAP
eap=PEAP1
identity="ID"
password="PASSWORD"
}

[swahren]

Do you have this kernel warning?
What version of wpa_supplicant do you have?

[Andyroo]

Welcome to the forum.

Try adding a country code in the file - the release notes for Buster state:

* On-board 5GHz WiFi blocked by rfkill by default
The block is removed when taking one of the following actions:
- Selecting a locale in the first run wizard
- Setting the WiFi country in the Raspberry Pi Configuration tool or the Network Settings applet
- Setting the WiFi country in raspi-config
- Providing a wpa_supplicant.conf file through the boot partition
- Running 'rfkill unblock wifi'

I guess you dropped the file into /boot before the first boot - I've found that the country code needs to be in the file even if you are not using 5Ghz

[alexzace]

Thanks for your reply.

To make sure, the wifi is work. I'm able to connect my personal hotspot(WPA-PSK).

The Pi successfully connect the network via the external Wifi adapter.
But when connect via the build-in wifi , it keep failed and retry. (WPA2-Enterprise)

@swahren my wpa_supplicant version is v2.8-devel.
@Andyroo rfkill show bluetooth and wlan unblocked. After added country code in wpa_supplicant, it still failed to connect.

[alexzace]

I found that have the bug in Raspbian Buster.
wpa_supplicant (v2.8-devel) in Raspbian Buster can't connect to WPA2-Enterprise.

Its works, while install the wpa_supplicant(v2.4) from Stretch repository.

[Tavan]

I have been trying to solve this exact problem with "eduroam" since getting my Rasperry Pi 4 and flashing Raspbian Buster for it. This has so far been the only solution I have gotten to work so I'm going to post instructions here and link to this topic from a few other places.

My /etc/wpa_supplicant/wpa_supplicant.conf file contains the following settings:

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US

network={
        ssid="eduroam"
        scan_ssid=1
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="*****@*****.edu"
        password=hash:**************************************
        phase1="peaplabel=auto peapver=auto"
        phase2="auth=MSCHAPV2"
}

Take the following steps to install the Stretch version of wpa_supplicant (2:2.4-1+deb9u4):

Create the following apt preference files:
/etc/apt/preferences.d/stretch.pref:

Code: Select all

Package: *
Pin release n=stretch
Pin-Priority: 750

/etc/apt/preferences.d/buster.pref:

Code: Select all

Package: *
Pin release n=buster
Pin-Priority: 900

Create the following apt list file:
/etc/apt/sources.list.d/stretch.list:

Code: Select all

deb http://mirrordirector.raspbian.org/raspbian/ stretch main contrib non-free rpi

Update the apt lists, double check that the stretch version is available, then install the stretch version over the buster version. I don't know if the version number might change for the Stretch release... if so, just copy it from the output of the apt-cache command and paste it over the version number in the apt-get install command

Code: Select all

sudo apt-get update
apt-cache policy wpasupplicant
sudo apt-get install wpasupplicant=2:2.4-1+deb9u4 -t stretch

*EDIT*
After installing the Stretch version of wpa_supplicant, you'll also want to put a version hold on it so that it doesn't get updated automatically when you perform other update/upgrade operations. You can do this using the following command:

Code: Select all

sudo apt-mark hold wpasupplicant

If you need or want to remove the hold later do so with the similar command:

Code: Select all

sudo apt-mark unhold wpasupplicant

*/EDIT*

The fix involving adding the following entries into the wpa_supplicant.conf file DID NOT WORK for me.

Code: Select all

tls_disable_tlsv1_0=1
tls_disable_tlsv1_1=1
openssl_ciphers=DEFAULT@SECLEVEL=2

[bschermerhorn]

Thank you so much for posting this. I understood that I needed to downgrade 'wpasupplicant', but I'm too much of a linux newbie to know how to do that. This was very helpful.

[alexzace]

Hi ,@bschermerhorn

1)

Code: Select all

sudo apt-get remove wpasupplicant

( to remove current wpasupplicant)
2) u could edit the /etc/apt/sources.list
from

Code: Select all

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

to

Code: Select all

deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi

3)

Code: Select all

sudo apt-get update

( get the sources list from stretch)
and

Code: Select all

sudo apt-get install wpasupplicant 

Now you should have the wpa_supplicant with (v2.4).
you could check the version by issue 'wpa_supplicant -v'

****
4) After successful installed, please edit '/etc/apt/sources.list' back to

Code: Select all

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

and

Code: Select all

sudo apt-get update

(to change back buster sources list, as you only want downgrade wpasupplicant).

[RobinGreig]

Thanks @alexzace and everyone for your help with this!
Worked like a charm!
Robin

[GreatLeader_Technus]

Does SSH work on your Pi @Tavan? Your suggestion worked and my Pi connected to Eduroam, but I can't SSH into it.

[GreatLeader_Technus]

I think I need to get Stretch's SSH, how would I do that?

[AgentRev]

Had the same problem on my 3B+, I combined Tavan's and alexzace's answers into this script:

Code: Select all

#!/bin/sh
# temporary fix for WPA Enterprise on Raspbian Buster, connect Ethernet before running
sudo apt-get remove wpasupplicant -y
sudo mv -f /etc/apt/sources.list /etc/apt/sources.list.bak
sudo bash -c "echo 'deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi' > /etc/apt/sources.list"
sudo apt-get update
sudo apt-get install wpasupplicant -y
sudo apt-mark hold wpasupplicant
sudo cp -f /etc/apt/sources.list.bak /etc/apt/sources.list
sudo apt-get update

[benolayinka]

I can confirm that using the Raspbian Stretch wpasupplicant fixed the issue for me as well. I was tearing my hair out trying to connect to eduroam. My symptoms were:

wpa_cli -i wlan status reported AUTHENTICATED
ping reported temporary dns lookup failure

and my wpa_supplicant, which was authenticating but not giving network access until I downgraded wpa_supplicant, looks like:

network = {
ssid = "eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="[email protected]"
anonymous_identity="[email protected]"
password="xxx"
ca_cert="/home/pi/cert/cert.pem" #this I had to copy from a python script at https://cat.eduroam.org/
phase2="auth=MSCHAPV2"

[gcans]

This did the trick for me too!

Thanks
Gcans

[jfalzon]

Hi!

I am having very similar issues. My problem is that I know that an external interface with my wpa_supplicant file works and it manages to connect to my EAP 8021x wlan network.

However I am trying to connect using the internal wifi chip of my Raspberry PI 4 that is running Buster (4.19.97-v7l+).

One oddity is that the raspberry pi can connect (with the adapter) directly after a reboot but never using the wpa_supplicant command even when run in the background.

Have tried rolling back the version of wpa_supplicant from 2.7 to 2.4 and made modifications for wpa_supplicant to use wext by default, but nothing has worked.

[siddhartha91]

Same here as for jfalzon.

I'm running:

Code: Select all

pi@raspberrypi:~ $ uname -a
Linux raspberrypi 4.19.118-v7l+ #1311 SMP Mon Apr 27 14:26:42 BST 2020 armv7l GNU/Linux

and is not working. It seems to connect to the network but no internet is available. Cannot ping anywhere. Actually, I already managed to connect without having to downgrade wpa_supplicant...

This is being now a nightmare. Hope someone came up with a solution for this.

Best guys!

[erikosterholm]

Same here as for jfalzon.

I'm running:

Code: Select all

pi@raspberrypi:~ $ uname -a
Linux raspberrypi 4.19.118-v7l+ #1311 SMP Mon Apr 27 14:26:42 BST 2020 armv7l GNU/Linux

and is not working. It seems to connect to the network but no internet is available. Cannot ping anywhere. Actually, I already managed to connect without having to downgrade wpa_supplicant...

This is being now a nightmare. Hope someone came up with a solution for this.

Best guys!

I got mine working by doing the following:

Created /etc/system/systemd/[email protected]:

Code: Select all

[Service]
ExecStart=
ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I -Dwext

Created /etc/wpa_supplicant/wpa_supplicant-wlan0.conf with my SSID settings, etc.

Ran the following:

Code: Select all

 systemctl daemon-reload
systemctl disable --now wpa_supplicant
systemctl enable --now wpa_supplicant@wlan0

May version of raspbian-lite.

[Tranks27]

Hi ,@bschermerhorn

1)

Code: Select all

sudo apt-get remove wpasupplicant

( to remove current wpasupplicant)
2) u could edit the /etc/apt/sources.list
from

Code: Select all

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

to

Code: Select all

deb http://raspbian.raspberrypi.org/raspbian/ stretch main contrib non-free rpi

3)

Code: Select all

sudo apt-get update

( get the sources list from stretch)
and

Code: Select all

sudo apt-get install wpasupplicant 

Now you should have the wpa_supplicant with (v2.4).
you could check the version by issue 'wpa_supplicant -v'

****
4) After successful installed, please edit '/etc/apt/sources.list' back to

Code: Select all

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi

and

Code: Select all

sudo apt-get update

(to change back buster sources list, as you only want downgrade wpasupplicant).

You guys saved the day! Thanks a lot