Solved Linux not able to connect to wifi network

Solved issue
Mauvve Knight

Mauvve Knight

Member
Joined
Jan 10, 2026
Messages
35
Reaction score
30
Credits
398
Hi, all,

I am running into a problem with network over wifi.

Network itself is a company network for BYOD use only. In able to use the network you have to request an account for logging in. Once you have these credentials you enter them into the creation of connection on your device.

This works fine with my private laptop with MacOS installed and private iPhone 15. Same for Android smartphone. When I want to connect to network I log in standard using the provided credentials. But then the monkey comes out of the sleeve: network itself sends a not-trusted CA certificate which you have to discard accept in order to get a connection. When you accept discard the certificate your connection is denied. Sounds strange, i know. Accepting a not-trusted CA certicate is against all security rules...

When I try to connect to company's network I have to enter the credentials and fill in information into authentication window in accordance with local directives.
  • Wifi-protection: WPA and WPA2 business
  • Authentication: Protected EAP (PEAP)
  • Non anonymous identity
  • No domain
  • Checkbox 'No CA-certificate demanded'
  • PEAP-version: automatic
  • Internal authentication: MSCHAPv2
  • My Username and Password
When I try to connect to network, connection fails with "Connection failed: activation of network connection unsuccessful." I don't get a message which asks me to accept a CA certificate like on other devices. I have set "Error messages' to default so nothing will be suppressed.

Connection of private to other networks and private hotspots works well.

I'm hoping there is a solution for his problem.

(Edit: entered wrong actions: discard instead of accept and vice versa)
 
Last edited:


is your wi-fi working otherwise?
 
I’m not an IT/network admin, but I’ve dealt with enough Wi-Fi auth issues to say this sounds like it may be on the network configuration/policy side (or at least something the network team needs to clarify), not just “Linux being difficult” though I could be wrong.

A few points stand out:
  1. PEAP/MSCHAPv2 normally expects you to validate the server certificate
    On most systems, the secure/normal setup is: you either install/trust the company CA (or point NetworkManager to it) and verify the server cert, or you’ll get a prompt/warning. Running PEAP with “no CA certificate required” is basically “don’t verify the server,” and some networks/security policies will reject that, or behave inconsistently across clients.
  2. The “not-trusted CA certificate” behavior suggests misconfiguration or a captive/inspection chain
    If the company is presenting a cert that isn’t trusted by default, they should provide the CA certificate and instructions to install it, or publish the expected server name / domain to validate. Otherwise, users are forced into insecure “just accept it” behavior, which is exactly what good clients try to prevent.
  3. Linux not showing a prompt often means it’s failing earlier (or configured to require CA validation)
    With NetworkManager, if there’s no CA cert set and “no CA certificate required” isn’t accepted by the network, you can just get an immediate failure with no UI prompt.
What I’d suggest (if you want to test quickly):
  • Ask IT for the correct CA certificate (PEM/DER) for the Wi-Fi RADIUS/EAP server and the expected server name (sometimes “domain” / “subject match”). Then set the CA cert in the Wi-Fi security settings instead of “no CA certificate required.”
  • If you can, try enabling logging to see the real reason:
    journalctl -u NetworkManager -b right after a failed attempt, and/or run nmcli dev wifi connect ... for more feedback.
But based on what you wrote, I’d push this back to the company/network team: a BYOD enterprise Wi-Fi should not rely on “accept an untrusted CA cert” as the normal workflow. If that’s truly required, they need to provide the CA and the correct validation parameters; otherwise you’re being asked to bypass the exact protection that prevents credential theft on PEAP.
f33dm3bits said:
I haven't had to do it recently, had it working at the time without too much trouble but that was a long time ago. Maybe have a look here?
Click to expand...

“Thanks that guide actually lines up with what this sounds like. The big difference is the CA certificate: PEAP/MSCHAPv2 is meant to validate the RADIUS server cert. On Linux, leaving CA blank / using ‘no CA certificate required’ often fails or is intentionally blocked. If the network is presenting an untrusted CA, IT should provide the correct CA cert (and sometimes the expected server name/domain) so it can be selected in NetworkManager. Otherwise you’re being asked to skip the exact protection that prevents MITM/credential theft.

@Mauvve Knight
If you can’t get the CA from them, at least grab logs after a failed attempt (journalctl -u NetworkManager -b) it’ll usually say whether it’s certificate validation, wrong PEAP version, identity format, or something policy-related.”
 
Last edited:
f33dm3bits said:
I haven't had to do it recently, had it working at the time without too much trouble but that was a long time ago. Maybe have a look here?
Click to expand...

I have read the site and followed their directions but I get stuck at supplying the certificate... In iOS and MacOS the certificate is presented when device has connected to wifi. In Linux it isn't presented. I know the problem is the certificate but I cannot get the certificate myself. But then this: when I boot my private laptop with the company's usb drive I can connect onto company's BYOD network. So the certificate will be acknowleged with a locally (on usb drive) stored certificate.

I have tried to find that particular certificate on company's usb drive, without succes... To be continued...:confused:

Brickwizard said:
is your wi-fi working otherwise?
Click to expand...
Wifi is working every other way on every other accesspoint as long it isn't company's BYOD network...

@kibasnowpaw : I have contacted IT department but they won't give me the certifiacte. That's why I'm trying to download that certificate from company's usb drive...
 
Last edited:
This ...may... help.

dos2unix

Thread 'Using nmcli to create wi-fi connections.'

Managing Wi-Fi Connections with nmcli in Linux​

Introduction​

nmcli is a command-line tool for managing NetworkManager, which is the default network management service in most modern Linux distributions. It allows you to create, manage, and troubleshoot network connections, including Wi-Fi. This article will guide you through using nmcli to manage Wi-Fi connections, view Wi-Fi devices using lspci and lsusb, list available SSIDs, create a Wi-Fi connection, and view the capabilities of your Wi-Fi device using iw list.

Viewing Wi-Fi Devices with lspci and lsusb​

To identify...
  • Like
 
Problem solved... Root of the problem was completely different from what I thaught...

I was able to get the certificate which was propietarity for logging in onto the network... Installed it for systemwise use. Same result: 'Cannot connect to network. Connection failed.' My first idea was 'quit trying to connect, it ain't gonna work!'

But, after visiting an AI and trying many, many suggestions I found the problem.

My MacBook Air uses a Broadcom wifi-adapter. During installation of Linux Mint I got a popup with remark if I'd use propietary driver instead of standard Linux driver and I insisted to do so. At my private networks it worked pretty well, fairly fast and stable.

But trying logging in onto BYOD-network at work it went a pain in the ass. Happily AI had a suggestion to remove the Broadcom driver and use standard Linux driver. Tried and hooray, I can use boss' BYOD network!

I'd like to thank everyone who has helped to tackle this problem and added a lot of suggestions!:)
 
Last edited:
Mauvve Knight said:
Problem solved... Root of the problem was completely different from what I thaught...

I was able to get the certificate which was propietarity for logging in onto the network... Installed it for systemwise use. Same result: 'Cannot connect to network. Connection failed.' My first idea was 'quit trying to connect, it ain't gonna work!'

But, after visiting an AI and trying many, many suggestions I found the problem.

My MacBook Air uses a Broadcom wifi-adapter. During installation of Linux Mint I got a popup with remark if I'd use propietary driver instead of standard Linux driver and I insisted to do so. At my private networks it worked pretty well, fairly fast and stable.

But trying logging in onto BYOD-network at work it went a pain in the ass. Happily AI had a suggestion to remove the Broadcom driver and use standard Linux driver. Tried and hooray, I can use boss' BYOD network!

I'd like to thank everyone who has helped to tackle this problem and added a lot of suggestions!:)
Click to expand...
Glad it work out for you.
 
My fault if I had thought to ask what machine then i would have known older Mac use BCM43** Wi-Fi, and could have pointed you to that immediately sorry you wasted time.
 
Last edited:
Brickwizard said:
My fault if I had thought to ask what machine then i would have known older Mac use BCM43** Wi-Fi, and could have pointed you to that immediately sorry you wasted time.
Click to expand...
Well, I cannot and will not blame anyone... This was a case from which I have learned a lot of Linux using CLI. I thought I'd already know a lot of using CLI commands for network settings because I already used these in MacOS but I got wrong.... MacOS != Linux... ;)
 
You must log in or register to reply here.

Similar threads

ImaginaryTango
Setting Up Multiple Wifi Connections with nmcli
Replies
7
Views
1K
dos2unix
dos2unix
S
Just installed Fedora 44 and it will not connect to my WiFi
Replies
12
Views
2K
SuperWookie68
S
H
Wifi Usb stopped working (Arch Linux)
Replies
2
Views
511
AlphaObeisance
AlphaObeisance
garyn
Local WiFi network
Replies
7
Views
926
dos2unix
dos2unix
H
wifi ok; ethernet ok but firefox says "Unable to connect"
Replies
4
Views
1K
Condobloke
Condobloke


Follow Linux.org

Members online

Total: 4,694 (members: 5, guests: 4,689)

Latest posts

Top