Can't connect to WPA2 Enterprise PEAP network

I know there are about a dozen other questions like this, but so far none have helped me.

My school uses a WPA2 Enterprise PEAP/MSCHAPv2 network without a cert(which I determined from a windows laptop that connected without an issue). I'm trying to connect with my Ubuntu 16.04 LTS machine (which is pretty much a fresh installation).

Unfortunately, it is unsuccessful. It tries to connect for a while, then brings up a username/password reentry dialogue. If you hit submit on this, it simply fails again and brings it back up.

The following shows the settings and the message that keeps coming up:

The following is the /etc/NetworkManager/system-connections/ entry:

[connection]
id=tusd-students
uuid=d815af85-42ad-49b2-b207-1db6359e8c9a
type=wifi
permissions=user:ashwin:;
secondaries=

[wifi]
mac-address={my mac address}
mac-address-blacklist=
mac-address-randomization=0
mode=infrastructure
seen-bssids=
ssid=tusd-students

[wifi-security]
auth-alg=open
group=
key-mgmt=wpa-eap
pairwise=
proto=

[802-1x]
altsubject-matches=
eap=peap;
identity={my username}
password={my password}
phase2-altsubject-matches=
phase2-auth=mschapv2

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto

I've read in many places that adding system-ca-certs=false fixes it, but that didn't work. I also tried adding the domain Domain\username but that didn't work. I've tried everything here and in many other posts. Not sure what to do, I'm new to Linux. Any help is greatly apreciated, if there is some other info I should include please let me know. Thanks!

note: I can't obtain a certificate because I seriously doubt I'll be able to contact someone who'd give me one (as I am a student). Not to mention, I don't think they'd be familiar with a Linux based system as the school issued computers are Windows 10.

edit: I read a lot that the problem was caused by Wpasupplicant 2.4. So, I tried downgrading to 2.1. This actually worked* when I restarted, but after a while disconnected and I couldn't get it to connect again. I even tried reinstalling wpasupplicant 2.1 but it still wouldn't connect. I'm not sure what all that implies, but at least I know that my laptop is capable of connecting to this network and I have the correct security settings/credentials.

*= the connection lasted for aprox. 10 minutes, and was much slower then it should've been. My windows laptop got 60 mbps download while this one got only 15 mbps. Granted however, Windows laptop is 2-3 years newer.

edit 2: My network card in the Ubuntu machine is a Centrino n 1000 Condor Peak from Intel. I'll gather more information on it when I get a chance.

Here is my NetworkManager log https://drive.google.com/file/d/0Bwv36xPVuImIdHQ3bjZvc25SNjg/view?usp=sharing

Here is my /var/log/syslog log https://drive.google.com/file/d/0Bwv36xPVuImIWlRaY2xFdVl1a3M/view?usp=sharing

The relevant portion of both seems to be:

Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8128] device (wlp4s0): Activation: (wifi) association took too long
Jul  6 07:58:10 smashtop NetworkManager[928]: <info>  [1499353090.8129] device (wlp4s0): state change: config -> need-auth (reason 'none') [50 60 0]
Jul  6 07:58:10 smashtop kernel: [36118.979991] wlp4s0: deauthenticating from 64:d8:14:86:09:27 by local choice (Reason: 3=DEAUTH_LEAVING)
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8163] device (wlp4s0): Activation: (wifi) asking for new secrets
Jul  6 07:58:10 smashtop wpa_supplicant[1053]: wlp4s0: CTRL-EVENT-DISCONNECTED bssid=64:d8:14:86:09:27 reason=3 locally_generated=1
Jul  6 07:58:10 smashtop NetworkManager[928]: <warn>  [1499353090.8285] sup-iface[0x292acb0,wlp4s0]: connection disconnected (reason -3)

I can test mon-thurs since I'm near the network on those days.

Ok Alex, I'll give it a shot today at our snack break. I hope that they will give me one. Thanks for the answer. I'll let you know how it goes.

good luck they were very happy to give the certificate to me at my school

What are you basing this off of? At my school no certificate is required for a setup that looks identical to this.

@Alex2012 sigh. So the on site IT person was completely useless. She didn't even know what a cert file or Ubuntu is. I'll be emailing the school district IT department, but it may take a while to get a response so I'll let you know.

@Seth yeah IDK if you need a cert, any alternative ideas?

@Seth most of the information regarding to how windows and the way the certificates worked I found out from the school it technitians as our network also uses wpa 2 enterprise with peap and mschapv2

@AshwinGupta Unfortunately no. On my campus it tends to work off and on, but I've never been able to figure out what makes it work and what breaks it.

@Alex2012 My school uses the exact same setup (WPA2 Enterprise with PEAP/MSCHAPv2) and no certificate is required..

from supportforums.cisco.com/discussion/11370366/… in the correct answer it says "The client, doesn't need to have the certificate. With PEAP, it is optional for the client to validate the certificate."

@Seth I also found this "In case you use PEAP method for authentication, client validates the server identity with a certificate, and the client authenticates with a user/password combination." in post 6 here learningnetwork.cisco.com/thread/66042

So to conclude from my last 2 comments I would probably say that at my school and AshwinGupta school we are required to have the certificate to authenticate but at @Seth school you are not required to have a certificate

@Seth and Alex, thanks for the help, seems like us 3 are the only ones interested in the issue. I've emailed the head IT guy, but idk if I'll get a response during summer. We'll see.

It's also worth noting, the IT organization at my school is in fact operating in chaos mode from what I have observed. The last IT person I talked to couldn't even provide a superior's email, claiming she didn't really know one.

@Seth My own campus uses WPA2 Enterprise + PEAP/MSCHAPv2 as well, and it works far more reliably with a certificate than without for whatever reason.

Do whatever makes you happy. I posted my top suspects based on my own experience. I've been in the computer field for 50 years and I've lost track of how many times I tried and failed to log into the wrong server, wrong network or wrong whatever. No personal slight was intended. It's just that with problems like these you can often get tunnel vision and lose sight of the obvious. Since you obviously don't actually want help or advice, flag away.

that's fair enough, I do agree with what you said about tunnel vision. However, this still isn't really the type of answer I'm looking for.

@KazWolfe That's great, but in my experience and from all that I've read the school is rarely willing to issue you a certificate for the wifi.

Whatever. Be wary of insulting and flagging someone who is trying to help you... at least until after the problem source has been discovered. Otherwise you could spend a lot of time eating crow. No worries here. I wasn't aware that you had a specific answer you were looking for. I thought you just wanted help solving your problem. Best to you.

@Seth My school didn't either. I just needed to download the CA (they had that publicly) and select it on the network preferences. Of course, my campus is... odd.

Jones, I think we got off on the wrong foot here. Please understand: I absolutely didn't intend to insult you. I've retracted the flag. I apologize, I realize you are trying to help me, I reacted too strongly after I misinterpreted the situation. That is my bad, please forgive me. (ironically enough, I do appear to be "eating crow" now.) Your recent edit is very helpful information. As a beginner at networking myself, I wouldn't understand the log portion you posted without the explanation you gave. Thanks for this. Any suggestion as to how to have the client "request" the DHCP lease?

No worries. According to the log, the connection seems to go south right after the wireless card limits the transmit power. Perhaps lowering it enough to drop the connection. 25 seconds later it complains that the connection association is lost and retries to authenticate. I'd be suspicious of the wifi hardware, driver or perhaps low signal strength from the wireless router you are trying to connect to. The DHCP lease process never initiates... possibly because you have only a feeble connection to the wireless router.

Hmm, its probably on my end from all the indicators I've seen. The network is pretty strong on my other laptop. The ubuntu laptop is fairly old, the network hardware is not great. Is their anyway to allow the wireless card more power? Or perhaps I could manually trigger the DHCP lease process?

It looks to me like you are losing your connection to the wireless router shortly after successfully connection to it. You can see the signal strength on the wifi icon. You should have 4-5 bars. You can't get a DHCP address unless you are connected to the wireless router. Assuming you have a very strong signal from the wifi router I'd look at installing the correct, latest driver for your wifi device.

Oddly enough, I do have 5 bars showing for the network. I'm going to look at drivers. The device did originally run Windows 7, so perhaps there are some incompatibilities with Ubuntu. Or maybe running Windows scarred my poor computer beyond all repair, which isn't alltogether unlikely :P

Do you think updating from 16.04 LTS too 17.04 has any chance of helping? I might try that because I think my driver is up to date. I don't particularly care about LTS for the time being.

@AshwinGupta Yes I'd say it does have a chance in helping. Updates have helped before.

@Seth updated to 17.04. I'll be able to test it again on monday morning.