Problem to connect to WPA2/PEAP WIFI - gnome-shell

Status changed to 'Confirmed' because the bug affects multiple users.

This affects me too, 18.04 WPA2/PLEAP connect via phone tether OK but fails as above directly, worked fine under 17.10

Same problem here, standard WPA2 works fine but not WPA2/PEAP.
Worked fine in 17.10.

Just an update, I was in a different office location today using WPA2 / PEAP and wifi connected right away. Same business, NW engineers tell me infrastructure is exactly the same in both locations - so mystery - phone Android connected perfectly but laptop did not (in other building)!
So pity the assignee as it maybe tricky to replicate.

I tried downgrading network-manager and wpasupplicant to the artful versions.
Still can't authenticate.

This could be related https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1761003

Also happens on 17.10

Also got it. Up

This affects me as well. I consider this a security issue because the enterprise I'm connecting to only offers this encryption or no encryption, so until this is fixed, my network traffic is unencrypted. And that's sad.

This affects me as well. And can't connect to my company tools.

Same problem here in Kubuntu 18.04.
The authentication layer works fine, but for some reason it fails in configuring the network.

Same issue with Ubuntu 18.04 on a Dell XPS 15 9560.

I have the same issue with (a clean/full wipe/ fresh install) Ubuntu 18.04 on a Dell XPS 15 9550.

Previously, on Ubuntu 16.04 downgrading wpa_supplicant to version 2.1 helped resolve this. See here: https://askubuntu.com/questions/690032/after-upgrade-to-15-10-wifi-to-a-corporate-network-wpa2-is-not-working-anymore

However, downgrading further then 2.6 is as far as I know not possible on Ubuntu 18.04, see my related question: https://askubuntu.com/questions/1046810/cannot-downgrade-wpa-supplicant-to-fix-wifi-connection-to-a-corporate-network-w

Same issue on a Lenovo T480s.
I tried to apply this without any success : https://askubuntu.com/questions/279762/how-to-connect-to-wpa2-peap-mschapv2-enterprise-wifi-networks-that-dont-use-a-c

same here. A fix would be highly appreciated.

Same problem here. Eduroam cannot be connected. Please solve!

A potential fix has been proposed in my askubuntu quesion:
https://askubuntu.com/questions/1046810/cannot-downgrade-wpa-supplicant-to-fix-wifi-connection-to-a-corporate-network-w

However, I have not been able to test if this works yet. (as I got some deadlines and cannot afford a potentially unstable machine at the moment).

Feel free to try this, otherwise I will in a few weeks time.

This affects all academic users that uses eduroam to connect to the internet. Please fix. Eduroam did work with ubuntu 17.10

Update:

We have made sofar couple of discoveries, thanks to Petr Jediny.

We suspected OpenSSL incompatibility in the OS, so as the PEAP is creating underlying TLS tunnel for auth and we see an error in wpa_supplicant regarding TLS negotiation (hello).

tl;dr - Cypher set of Ubuntu bionic do not match (pass/negotiate) ciphers on our appliance/radius (We uses Aruba appliances, the firmware is not up to date with latest security standards; Aruba is working last three months on an update (obviously without pressure)).

---

The radius/server or Aruba is accepting TLS_RSA_WITH_3DES_EDE_CBC_SHA
The mentioned cipher suite is mandated by https://tools.ietf.org/html/rfc5216#section-2.4, but the TLS_RSA_WITH_AES_128_CBC_SHA should be supported too

It looks like the radius server is not accepting any of these suggested by ubuntu bionic wpa_supplicant:
Cipher Suites (28 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

TLS_RSA_WITH_AES_128_CBC_SHA is mentioned.

We think the issue directly relates to remove 3DES from Bionic:
openssl ciphers -V '3DES'
Error in cipher list
139999040823744:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2129:

---

Note similar issue was discovered on Fedora as well and has this workaround:
https://www.systutorials.com/docs/linux/man/8-update-crypto-policies/
and set "LEGACY" crypto policy
$ update-crypto-policies --set LEGACY

---

I suggest keeping the bug open for a while, just for case somebody will come with a workaround. In a long-term this is not the problem of the Ubuntu or gnome, but ...

I tried downgrading wpa-supplicant (mentioned by Lauwie), and it did not help this.

If Petr is correct, the fix would actually require downgrading OpenSSL (or whatever used to supply the missing 3DES cipher prior to Bionic), right?

What's the Ubuntu equivalent of the Fedora workaround for this? ($ update-crypto-policies --set LEGACY)

Dell Precision 7520, I also cannot connect to WPA2/PEAP WIFI. Here are my logs - I tried to connect to two slightly different configured wifi networks using that PEAP (I never heard of that before).

Kernel log for the previous attempts.

Any updates on this? I ran into this issue after upgrading from 16.04 to 18.04.

I wanted to try the
  update-crypto-policies --set LEGACY
but I am using Ubuntu 18.04.1 and I could not find an equivalent command.

I also ran into this issue after upgrading from 16.04 to 18.04.
Any updates on this?
What's the Ubuntu equivalent of the Fedora workaround for this? ($ update-crypto-policies --set LEGACY)
If it is not available, is it possible to make a fix by downgrading openSSL? If so, can you please explain the steps?

I can tell you something that doesn't work, to hopefully save you some
time. One of the earlier comments on this bug suggested that the issue was
being caused by support for 3DES being removed from Bionic Beaver. I
downloaded the source code for OpenSSL 1.1.0i, and compiled the code with
the option to enable weak ciphers. My install of OpenSSL now supports 3DES,
but I am still unable to connect to WPA2 Enterprise WiFi networks. I
downloaded the source code for the update-crypto-policies command that
Fedora uses. It looks like it is just a bunch of perl scripts. I am going
to look at what the LEGACY scripts do to see if I can figure out exactly
what option they are using on Fedora to work around this issue.
Unfortunately I haven't been able to look through all of the scripts yet.

On Mon, Sep 17, 2018 at 5:21 AM NAGENDRA PRABHU <email address hidden>
wrote:

> I also ran into this issue after upgrading from 16.04 to 18.04.
> Any updates on this?
> What's the Ubuntu equivalent of the Fedora workaround for this? ($
> update-crypto-policies --set LEGACY)
> If it is not available, is it possible to make a fix by downgrading
> openSSL? If so, can you please explain the steps?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1748839
>
> Title:
> Problem to connect to WPA2/PEAP WIFI - gnome-shell
>
> Status in network-manager package in Ubuntu:
> Confirmed
>
> Bug description:
> This problem is also happened on my desktop.
>
> After upgrading OS from Ubuntu 16.04 to Ubuntu 18.04.1 LTS, my PC
> could not connect and authenticate on WiFi with WPA2/PEAP/MSCHAPv2/no
> CA certificate/true username and password.
>
>
> I tried to solve the problem following URL link; however, it could not
> help me also.
>
> https://askubuntu.com/questions/279762/how-to-connect-to-wpa2-peap-mschapv2-enterprise-wifi-networks-that-dont-use-a-c
>
>
> My PC is HP Compaq Pro 4300, CPU: Intel® Core™ i3-3220 CPU @ 3.30GHz ×
> 4, OS: Ubuntu 18.04.1 (64-bit).
>
> root@joe-UBTPC:/root # lspci
>
> 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core
> processor DRAM Controller (rev 09)
> 00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd
> Gen Core processor Graphics Controller (rev 09)
> 00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series
> Chipset Family MEI Controller #1 (rev 04)
> 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset
> Family USB Enhanced Host Controller #2 (rev 05)
> 00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset
> Family High Definition Audio Controller (rev 05)
> 00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 1 (rev b5)
> 00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 2 (rev b5)
> 00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 3 (rev b5)
> 00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 4 (rev b5)
> 00:1c.4 PCI bridge: Intel Corporation 6 S...

@BrettSkogen - thanks for reporting back. I was going to try the OpenSSL downgrade myself but haven't had the time. I'd be curious to see what you find out by looking at the update-crypto-policies command. Let us know what you find out. Going to take a look at it myself now.

In my case I was able to solve the problem by changing some settings:
Security: WPA & WPA2 Enterprise
* Authentication: Protected EAP (PEAP)
* No certificate is required: Checked
PEAP version: Automatic
* Inner authentication: MSCHAPv2

Now I am not sure, if I am simply not affected by the bug and solely had wrong settings - or if probably this helps also others to solve their wifi issue.

@mwildam : Due to your comment on that it might be resolved, I also checked the bug again.
For me this issue is now also resolved.

I m not sure why this is resolved, but I can think of two reasons:
- The wifi I previously attempt to connect to got updated/upgraded and now supports connections from Ubuntu (and this should then also be the case for @mwildam), or
- A fix was pushed via the regular Ubuntu updates I install.

Either way, I no longer have this previously reported problem.

I am glad that I could help somehow. I had the issue with a wifi provided by a Ubiquity AaccessPoint. I am pretty sure that there was no update on that in the meantime as it was a new install and configuration (however I am not the admin on that net and I have no details).
In the meantime I got an update on openvpn, bind9, dnsutils, liblwres160, libdns-export1100, libdns1100 - which maybe could have an impact (just wild guessing from the library names). No kernel update in the meantime, I am on 4.15.0-34-generic #37-Ubuntu SMP Mon Aug 27 15:21:48.
I am pretty sure that in my case it was only because although I tested with a few different settings on my first attempts, the solution was just using the correct settings (fitting the Access Point configuration).

I m still unable to connect to WPA2 Enterprise Network after installing all the apt updates

Fixed for me, I didn't do anything different or change anything, I guess one of the Ubuntu updates must've fixed it

It is still an issue for me. The wifi authentication works perfectly with Eduroam (that requires a CA certificate) that is not the case with the other Wifi network (without CA certificate but all the same for the other settings).

Bug is also happening on 18.10

With the newest packages on 18.04 I can still not connect to eduroam. In system-settings -> network, when I click on eduroam a round "progress" thing starts to rotate, but no question is asked for credentials. Also no log messages are showed in syslog or kern.log. How to debug this issue?

@VascoT: Delete the configuration and reconnect to the wifi doing the configuration from fresh.

I m still unable to connect to WPA2 Enterprise Network after installing all the apt updates with Ubuntu 18.10.

@Vivien: Most probably they did not tell you the correct settings - please verify with the responsible IT admin that you are using the correct settings.

@Martin: On the same PC, it is impossible to connect to WiFi with Ubuntu 18.10, but it works with a bootable USB key Ubuntu 16.04.05

WiFi-Security :
- Security: WPA2 Enterprise
- Authentification: Protected EAP (PEAP)
- CA certificate : No CA certificate
- PEAP version : version 0
- Inner authentification : MSCHAPv2

Then it really looks like a bug. It would be good to have logfiles for both cases to compare them.

How to activate log to understand what blocks the wifi connection ?

I watched "dmesg," but i saw nothing.

I would have expected something in dmesg. After test, check timestamps of other logfiles in /var/log - maybe you then find a log which contains useful information.

I am facing the same issue with my ubuntu 18.04. My PC gets connected to unprotected wifi easily, however it shows activation error while trying to connect to a protected wifi.

Could be a good idea to report it upstream on https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/

OK, how'd this slip through? No WPA options anywhere? Only 2 WEP options. 2 new installs, on different machines, I can not connect to my WPA (TKIP+AES) network wirelessly!!!

Bug #1761003 also may be related.

Looking at the dmesg | grep wlp2s0 can also put some light on this.
Apparently, TX Power Saver causes connection loss for networks with PEAP authentication.

WiFi works fine on home networks (WPA2/WEP)
Drops at college/work. (PEAP)

This was my last output.

[570105.023727] wlp2s0: Limiting TX power to 20 dBm as advertised by AA:VV:XX:MM:RR:BB
[570236.944083] wlp2s0: disassociated from AA:VV:XX:MM:RR:BB (Reason: 1=UNSPECIFIED)

I have the same problem on Ubuntu 16.04 LTS
WiFi works perfectly from home (WPA2/WEP)
Does not connect to WPA2 Enterprise with PEAP. Checked with IT department , they could not solve it.

Use Firefox to connect to the hotspot is working for me .. need to find out
how to rejig the Ubuntu hotspot connector to use firefox .. might just be a
browser negotiation issue.

On Sat, Mar 23, 2019 at 10:25 AM fossfellow <email address hidden> wrote:

> I have the same problem on Ubuntu 16.04 LTS
> WiFi works perfectly from home (WPA2/WEP)
> Does not connect to WPA2 Enterprise with PEAP. Checked with IT department
> , they could not solve it.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1748839
>
> Title:
> Problem to connect to WPA2/PEAP WIFI - gnome-shell
>
> Status in network-manager package in Ubuntu:
> Confirmed
>
> Bug description:
> This problem is also happened on my desktop.
>
> After upgrading OS from Ubuntu 16.04 to Ubuntu 18.04.1 LTS, my PC
> could not connect and authenticate on WiFi with WPA2/PEAP/MSCHAPv2/no
> CA certificate/true username and password.
>
>
> I tried to solve the problem following URL link; however, it could not
> help me also.
>
> https://askubuntu.com/questions/279762/how-to-connect-to-wpa2-peap-mschapv2-enterprise-wifi-networks-that-dont-use-a-c
>
>
> My PC is HP Compaq Pro 4300, CPU: Intel® Core™ i3-3220 CPU @ 3.30GHz ×
> 4, OS: Ubuntu 18.04.1 (64-bit).
>
> root@joe-UBTPC:/root # lspci
>
> 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core
> processor DRAM Controller (rev 09)
> 00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd
> Gen Core processor Graphics Controller (rev 09)
> 00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series
> Chipset Family MEI Controller #1 (rev 04)
> 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset
> Family USB Enhanced Host Controller #2 (rev 05)
> 00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset
> Family High Definition Audio Controller (rev 05)
> 00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 1 (rev b5)
> 00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 2 (rev b5)
> 00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 3 (rev b5)
> 00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 4 (rev b5)
> 00:1c.4 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 5 (rev b5)
> 00:1c.5 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset
> Family PCI Express Root Port 6 (rev b5)
> 00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset
> Family USB Enhanced Host Controller #1 (rev 05)
> 00:1f.0 ISA bridge: Intel Corporation H61 Express Chipset Family LPC
> Controller (rev 05)
> 00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset
> Family SATA AHCI Controller (rev 05)
> 00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family
> SMBus Controller (rev 05)
> 03:00.0 Network controller: Ralink corp. RT5392 PCIe Wireless Network
> Adapter
> 06:00.0 Ethernet controller: Realtek Sem...

Confirmed the same problem, ubuntu 18.04.2 LTS AMD64, when trying to connect to "eduroam" in several sites in several countries.

I have to say this is pretty annoying.

Same message as mentioned before:
124171.865640] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by ac:a3:1e:c5:84:a0
[124189.157396] wlan0: deauthenticating from ac:a3:1e:c5:84:a0 by local choice (Reason: 3=DEAUTH_LEAVING)
[124204.151294] wlan0: authenticate with ac:a3:1e:c5:d2:b0
[124204.167379] wlan0: send auth to ac:a3:1e:c5:d2:b0 (try 1/3)
[124204.168385] wlan0: authenticated
[124204.169459] wlan0: associate with ac:a3:1e:c5:d2:b0 (try 1/3)
[124204.170668] wlan0: RX AssocResp from ac:a3:1e:c5:d2:b0 (capab=0x11 status=0 aid=2)
[124204.170857] wlan0: associated

then

124204.246197] wlan0: Limiting TX power to 30 (30 - 0) dBm as advertised by ac:a3:1e:c5:d2:b0
[124207.414305] wlan0: deauthenticating from ac:a3:1e:c5:d2:b0 by local choice (Reason: 3=DEAUTH_LEAVING)
[124225.872935] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready

Nothing helpful in this post but can confirm this issue still exists in 19.04. :(

I confirm the issue in 19.04. I just upgraded from 16.04. I used to get in fine on eduroam not anymore.

I confirm this bug on 19.04. Wifi worked well on Ubuntu 16.04. Why doesn't Ubuntu go back to whatever worked in 16.04?

Hi... I have this problem in ubuntu 19.04 right now. Any clue? Thanks

Think it has something to do with the browser used for hotpot
If anyone can find what confi controls in network manager for what browser to use (suspect chromium because it exhibits same behavior and is default install, but Firefox works) can find way to change configuration to use working browser
Maybe have time to look after finals

> On May 6, 2019, at 10:44 PM, Antonio Aguillon <email address hidden> wrote:
>
> Hi... I have this problem in ubuntu 19.04 right now. Any clue? Thanks
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1748839
>
> Title:
> Problem to connect to WPA2/PEAP WIFI - gnome-shell
>
> Status in network-manager package in Ubuntu:
> Confirmed
>
> Bug description:
> This problem is also happened on my desktop.
>
> After upgrading OS from Ubuntu 16.04 to Ubuntu 18.04.1 LTS, my PC
> could not connect and authenticate on WiFi with WPA2/PEAP/MSCHAPv2/no
> CA certificate/true username and password.
>
>
> I tried to solve the problem following URL link; however, it could not help me also.
> https://askubuntu.com/questions/279762/how-to-connect-to-wpa2-peap-mschapv2-enterprise-wifi-networks-that-dont-use-a-c
>
>
> My PC is HP Compaq Pro 4300, CPU: Intel® Core™ i3-3220 CPU @ 3.30GHz × 4, OS: Ubuntu 18.04.1 (64-bit).
>
> root@joe-UBTPC:/root # lspci
>
> 00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor DRAM Controller (rev 09)
> 00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller (rev 09)
> 00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
> 00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 05)
> 00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 05)
> 00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b5)
> 00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 (rev b5)
> 00:1c.2 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 3 (rev b5)
> 00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4 (rev b5)
> 00:1c.4 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 5 (rev b5)
> 00:1c.5 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 6 (rev b5)
> 00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 05)
> 00:1f.0 ISA bridge: Intel Corporation H61 Express Chipset Family LPC Controller (rev 05)
> 00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family SATA AHCI Controller (rev 05)
> 00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 05)
> 03:00.0 Network controller: Ralink corp. RT5392 PCIe Wireless Network Adapter
> 06:00.0 Ethernet controller: Realtek Semiconducto...

I have the problem despite I tried to forget the network and tried connecting again.

snadar@ThinkPad-T480:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.3 LTS
Release: 18.04
Codename: bionic

snadar@ThinkPad-T480:~$ cat /var/log/syslog
Oct 24 11:18:04 ThinkPad-T480 wpa_supplicant[1205]: wlp3s0: CTRL-EVENT-SCAN-STARTED
Oct 24 11:18:07 ThinkPad-T480 NetworkManager[1173]: <info> [1571908687.5057] audit: op="connection-delete" uuid="36692638-6bb6-4bc7-8425-849f3cb9ff70" name="apname" pid=5766 uid=1000 result="success"
Oct 24 11:18:16 ThinkPad-T480 wpa_supplicant[1205]: wlp3s0: CTRL-EVENT-SCAN-STARTED
Oct 24 11:19:04 ThinkPad-T480 wpa_supplicant[1205]: message repeated 3 times: [ wlp3s0: CTRL-EVENT-SCAN-STARTED]
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.3918] keyfile: add connection in-memory (660e7552-b847-4063-803c-6de6da411f0b,"apname")
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.3936] device (wlp3s0): disconnecting for new activation request.
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.3936] device (wlp3s0): state change: activated -> deactivating (reason 'new-activation', sys-iface-state: 'managed')
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.4074] settings-connection[0x55affb554360,660e7552-b847-4063-803c-6de6da411f0b]: write: successfully commited (keyfile: update /etc/NetworkManager/system-connections/apname (660e7552-b847-4063-803c-6de6da411f0b,"apname") and persist connection)
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.4075] audit: op="connection-add-activate" uuid="660e7552-b847-4063-803c-6de6da411f0b" name="apname" pid=5766 uid=1000 result="success"
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.4169] device (wlp3s0): state change: deactivating -> disconnected (reason 'new-activation', sys-iface-state: 'managed')
Oct 24 11:19:09 ThinkPad-T480 avahi-daemon[1120]: Withdrawing address record for fe80::5eb2:7428:835c:e20e on wlp3s0.
Oct 24 11:19:09 ThinkPad-T480 avahi-daemon[1120]: Leaving mDNS multicast group on interface wlp3s0.IPv6 with address fe80::5eb2:7428:835c:e20e.
Oct 24 11:19:09 ThinkPad-T480 avahi-daemon[1120]: Interface wlp3s0.IPv6 no longer relevant for mDNS.
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.4505] dhcp4 (wlp3s0): canceled DHCP transaction, DHCP client pid 8389
Oct 24 11:19:09 ThinkPad-T480 NetworkManager[1173]: <info> [1571908749.4505] dhcp4 (wlp3s0): state changed bound -> done
Oct 24 11:19:09 ThinkPad-T480 kernel: [ 3539.473650] wlp3s0: deauthenticating from a0:04:60:7c:6f:31 by local choice (Reason: 3=DEAUTH_LEAVING)
Oct 24 11:19:09 ThinkPad-T480 wpa_supplicant[1205]: wlp3s0: CTRL-EVENT-DISCONNECTED bssid=a0:04:60:7c:6f:31 reason=3 locally_generated=1
Oct 24 11:19:09 ThinkPad-T480 avahi-daemon[1120]: Withdrawing address record for 192.168.44.148 on wlp3s0.
Oct 24 11:19:09 ThinkPad-T480 avahi-daemon[1120]: Leaving mDNS multicast group on interface wlp3s0.IPv4 with address 192.168.44.148.
Oct 24 11:19:09 ThinkPad-T480 avahi-daemon[1120]: Interface wlp3s0.IPv4 no longer ...

I have this same issue. What's very curious though is that I can connect to my work's network with Fedora 29+ (28 didn't work) as well as Arch/Manjaro based distros but not any Ubuntu version (including most recently 19.10) I can't. Just get repeated authentication failures. It's something to do with wpa_supplicant (or downstream) rather than anything upstream like network manager.
For instance using wpa_supplicant on fedora 28 to connect manually it goes through the error but in

I have documented extensively what I did to try to find the problem on a reddit post ( https://www.reddit.com/r/linuxquestions/comments/b1b8jo/psa_for_people_struggling_with_wifi_on_linux_on/eitv4oh/ ) but ultimately was unsuccessful at figuring out the issue. I even tried compiling wpa_supplicant from source from the github for wpa_supplicant on Ubuntu but it didn't fix the problem.

Note that the problem also occurs in all debian distros including the most recent testing (but again not fedora 29+/arch ones). I feel like if we can find the difference in how the MSCHAPV2 or etc is handled, we can solve this pesky bug.

I also have the problem with 18.04.4 LTS (up to date at time of writting). It seems to be related to the Wifi infrastructure since the problem appeared for me a few months ago (running successfully from May 2018 to Oct 2019).
However many other devices can connect successfully to the Wifi Infrastructure so there should be an incompatibility with it.
The problem is with the following Auth: WPA2 Enterprise, PEAP, No CA check, automatic PEAP version, MSCHAPv2.

Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: SME: Trying to authenticate with F2-28-3C-99-C2-78 (SSID='ACME-staff' freq=5220 MHz)
Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: Trying to associate with F2-28-3C-99-C2-78 (SSID='ACME-staff' freq=5220 MHz)
Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: Associated with F2-28-3C-99-C2-78
Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-STARTED EAP authentication started
Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Feb 1 12:21:34 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='***HIDDEN****' hash=2ac69dd2691f34f4408106fa96dd4da66dca716d3068cc33f54d1c8887cc325a
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:***HIDDEN****
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:***HIDDEN****
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='***HIDDEN****' hash=2ac69dd2691f34f4408106fa96dd4da66dca716d3068cc33f54d1c8887cc325a
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:***HIDDEN****
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:***HIDDEN****
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: OpenSSL: tls_connection_decrypt - Decryption failed - SSL_read error:00000000:lib(0):func(0):reason(0)
Feb 1 12:21:35 ubuntu wpa_supplicant[1203]: SSL: Failed to decrypt Phase 2 data
Feb 1 12:21:59 ubuntu wpa_supplicant[1203]: wifi: CTRL-EVENT-DISCONNECTED bssid=F2-28-3C-99-C2-78 reason=3 locally_generated=1
Feb 1 12:22:11 ubuntu wpa_supplicant[1203]: FT: Invalid key management type (1)

So there is definitely a problem in LTS which is still not fixed.

Affects me too at WeWork in 2021!

Hi,

I really do not remember any more how that somehow disappeared. Could
it be that changing the channel at the wifi router could help?
Unfortunately I did not remember that I reported the problem otherwise
I would have immediately reported a possible workaround.

Best regards, Martin.

Still not fixed on 2022-12-27. Ubuntu 20.04 LTS 64-bits. NetworkManager version 1.22.10.