Re: WPA Enterprise (EAP-TLS) system connection

From: Dan Williams <dcbw redhat com>
To: Rafał Lichwała <rafal siliconet pl>
Cc: networkmanager-list gnome org
Subject: Re: WPA Enterprise (EAP-TLS) system connection
Date: Wed, 03 Dec 2008 18:14:37 -0500

On Wed, 2008-12-03 at 16:38 +0100, Rafał Lichwała wrote:
> Hi,
> 
> I must confirm that what John wrote.
> EAP-TLS connections also do not work at all in NetworkManager 0.7 under 
> Ubuntu 8.10 (Interpid).
> 
> Using the newest Ubuntu release 8.10 (Interpid) and Network Manager 
> taken directly from their repositories (version: 
> 0.7~~svn20081018t105859-0ubuntu1.8.10.1) it does not allow to create 
> EAP-TLS connection in nm-connection-editor.
> When running nm-connection-editor in console I have:
> 
> ** (nm-connection-editor:6098): WARNING **: Invalid setting 802.1x 
> Security: Invalid 802.1x security
> ** (nm-connection-editor:6098): WARNING **: Invalid connection: 
> 'NMSetting8021x' / 'client-cert' invalid: 2
> 
> I'd like also to check what is the difference in the latest SVN version 
> of NetworkManager, but...
> a few revisions ago everything seemed to build fine. Now (fresh SVN 
> version of NetworkManager revision 4359) I have the following error 
> during build:
> 
> ##############
> if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../marshallers 
> -I../src/named-manager -I../src/vpn-manager -I../src/dhcp-manager 
> -I../src/supplicant-manager -I../src/dnsmasq-manager -I../libnm-util 
> -I../callouts -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include 
> -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   
> -DDBUS_VERSION_MAJOR=1 -DDBUS_VERSION_MINOR=2 -DDBUS_VERSION_MICRO=4 
> -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include   
> -DDBUS_API_SUBJECT_TO_CHANGE -I/usr/include/hal -I/usr/include/dbus-1.0 
> -I/usr/lib/dbus-1.0/include     -DDBUS_API_SUBJECT_TO_CHANGE 
> -DG_DISABLE_DEPRECATED -DBINDIR=\"/usr/bin\" -DSBINDIR=\"/usr/sbin\" 
> -DLIBEXECDIR=\"/usr/libexec\" -DDATADIR=\"/usr/share\" 
> -DSYSCONFDIR=\"/etc\" -DLOCALSTATEDIR=\"/var\" 
> -DNM_RUN_DIR=\"/var/run/NetworkManager\" 
> -DNMLOCALEDIR=\"/usr/share/locale\" -DARP_DEBUG   -Wall -Werror 
> -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes 
> -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter 
> -Wno-sign-compare -fno-strict-aliasing -MT 
> NetworkManager-nm-netlink-monitor.o -MD -MP -MF 
> ".deps/NetworkManager-nm-netlink-monitor.Tpo" -c -o 
> NetworkManager-nm-netlink-monitor.o `test -f 'nm-netlink-monitor.c' || 
> echo './'`nm-netlink-monitor.c; \
>     then mv -f ".deps/NetworkManager-nm-netlink-monitor.Tpo" 
> ".deps/NetworkManager-nm-netlink-monitor.Po"; else rm -f 
> ".deps/NetworkManager-nm-netlink-monitor.Tpo"; exit 1; fi
> cc1: warnings being treated as errors
> nm-netlink-monitor.c: In function ‘nm_netlink_monitor_error_handler’:
> nm-netlink-monitor.c:488: error: format not a string literal and no 
> format arguments
> make[4]: *** [NetworkManager-nm-netlink-monitor.o] Error 1
> ###########
> 
> What's the problem?

Compile error should be fixed in svn4361 on both trunk and 0.7 stable
branches.

Dan

> In my company I'm able to use EAP-TLS based wired connection only, so I 
> must say that unfortunately NetworkManager is now completely useless for 
> me :( I have to setup this connection manually via wpa-... stuff.
> 
> NetworkManager is a great piece of software! and I found it very useful 
> in other things like ppp GSM connections just out of the box.
> So.. please make this EAP-TLS bug with a high priority and please fix it 
> ASAP :-)
> 
> Bug described for ubuntu:
> 
> https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/245184
> 
> Best regards,
> Rafal Lichwala
> 
> 
> 
> 
> 
> 
> 
> 
> John S. Skogtvedt wrote:
> > Hello,
> >
> > currently it doesn't seem possible to use either EAP-TLS or other WPA
> > Enterprise system connections.
> > (I'm using network-manager 0.7 packages from Debian Experimental.)
> >
> > The connection editor doesn't allow adding a EAP-TLS connection
> > ("Invalid connection: NMSetting8021x / client-cert invalid: 2").
> >
> > I've also tried manually putting together a keyfile to put in
> > /etc/NetworkManager/system-connections, modeling it on the settings
> > visible in GConf and a (working) existing WPA-PSK keyfile. I used a
> > decrypted client certificate, but got an error message about missing
> > secrets.
> > This was 2 months ago, and I've since lost the keyfile. If need be I can
> > recreate the keyfile and do more tests.
> >
> >
> > Has anyone gotten this to work? Or can anyone offer advice on what
> > changes might be necessary to get it to work?
> >
> >
> > It's a very useful feature for cases where one needs to have a network
> > connection at the login screen, either for authentication or mounting
> > remote directories.
> >
> >
> > Thanks,
> >
> > John.
> > _______________________________________________
> > NetworkManager-list mailing list
> > NetworkManager-list gnome org
> > http://mail.gnome.org/mailman/listinfo/networkmanager-list
> >   
> 
> 
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: WPA Enterprise (EAP-TLS) system connection
  - From: =?UTF-8?B?UmFmYcWCIExpY2h3YcWCYQ==?=

References:
- WPA Enterprise (EAP-TLS) system connection
  - From: John S. Skogtvedt
- Re: WPA Enterprise (EAP-TLS) system connection
  - From: =?UTF-8?B?UmFmYcWCIExpY2h3YcWCYQ==?=

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]