Re: WPA Enterprise (EAP-TLS) system connection

From: Dan Williams <dcbw redhat com>
To: "John S. Skogtvedt" <jss2k2 getmail no>
Cc: networkmanager-list gnome org
Subject: Re: WPA Enterprise (EAP-TLS) system connection
Date: Wed, 03 Dec 2008 22:19:14 -0500

On Wed, 2008-12-03 at 14:52 +0100, John S. Skogtvedt wrote:
> Hello,
> 
> currently it doesn't seem possible to use either EAP-TLS or other WPA
> Enterprise system connections.
> (I'm using network-manager 0.7 packages from Debian Experimental.)
> 
> The connection editor doesn't allow adding a EAP-TLS connection
> ("Invalid connection: NMSetting8021x / client-cert invalid: 2").

What type of certificate is it?  DER?  PEM?  PKCS#12?  What exact
files/values are you filling into what UI elements?

> I've also tried manually putting together a keyfile to put in
> /etc/NetworkManager/system-connections, modeling it on the settings
> visible in GConf and a (working) existing WPA-PSK keyfile. I used a
> decrypted client certificate, but got an error message about missing
> secrets.
> This was 2 months ago, and I've since lost the keyfile. If need be I can
> recreate the keyfile and do more tests.

At the moment, the keyfiles need to contain a byte array of the
certificate or decrypted private key data.  The applet stores them
slightly differently, but we'll make the keyfile plugin support paths
too.

> 
> Has anyone gotten this to work? Or can anyone offer advice on what
> changes might be necessary to get it to work?

Once you have a connection set up in the connection editor, and you have
the keyfile plugin enabled, you should be able to check the "make
available to all users" checkbox, hit apply, and it'll be a keyfile.

It's quite likely you'll want to be using the final 0.7 NetworkManager
release, as a lot of the effort in November went into making this sort
of thing actually work, but the Ubuntu snapshots are from mid October.

Dan

> 
> It's a very useful feature for cases where one needs to have a network
> connection at the login screen, either for authentication or mounting
> remote directories.
> 
> 
> Thanks,
> 
> John.
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: WPA Enterprise (EAP-TLS) system connection
  - From: John S. Skogtvedt

References:
- WPA Enterprise (EAP-TLS) system connection
  - From: John S. Skogtvedt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]