Re: WPA Enterprise (EAP-TLS) system connection

From: "John S. Skogtvedt" <jss2k2 getmail no>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: WPA Enterprise (EAP-TLS) system connection
Date: Thu, 18 Dec 2008 13:44:16 +0100

John S. Skogtvedt skrev:
> Dan Williams skrev:
>> Once you have a connection set up in the connection editor, and you have
>> the keyfile plugin enabled, you should be able to check the "make
>> available to all users" checkbox, hit apply, and it'll be a keyfile.
>>
>> It's quite likely you'll want to be using the final 0.7 NetworkManager
>> release, as a lot of the effort in November went into making this sort
>> of thing actually work, but the Ubuntu snapshots are from mid October.
>>
>> Dan
>>
> 
> Thanks, once I've been able to test the final 0.7 version I'll get back
> to you on the the other questions (if still applicable).
> 
> (The debian experimental package I tested is 0.7.0~svn4191-1 and is from
> Oct 18.)
> 
> John.


I finally got around to doing more testing today, this time using
version 0.7.0-1 from http://debs.michaelbiebl.de/network-manager/.

Settings used in nm-connection-editor:
SSID: dd-wrt
Wireless security:
Security: WPA and WPA2 enterprise
Authentication: TLS
Identity: omni
User Certificate: client_cert.pem
CA Certificate: cacert.pem
Private Key: client_key.pem
Private Key Password: (the correct password)

If the "Available to all users" option is _not_ selected,
network-manager connects without problems. But if it is selected, I get
the message "network disconnected".
The created keyfile looks like this:
"""
[802-11-wireless-security]
key-mgmt=wpa-eap
wep-tx-keyidx=0

[connection]
id=dd-wrt
uuid=bdc78c4d-bae8-4b6a-a287-6271cf208307
type=802-11-wireless
autoconnect=true
timestamp=0

[802-11-wireless]
ssid=100;100;45;119;114;116;
mode=infrastructure
channel=0
rate=0
tx-power=0
mtu=0
security=802-11-wireless-security

[ipv4]
method=auto
ignore-auto-routes=false
ignore-auto-dns=false

[802-1x]
eap=tls;
identity=omni
ca-cert=...
client-cert=...
system-ca-certs=false
"""

As you can see, the private key is not saved.

In syslog, I get the following messages:
"""
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) starting
connect
ion 'dd-wrt'
Dec 18 14:22:15 omni NetworkManager: <info>  (wlan0): device state
change: 3 ->
4
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) Stage 1
of 5 (De
vice Prepare) scheduled...
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) Stage 1
of 5 (De
vice Prepare) started...
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) Stage 2
of 5 (De
vice Configure) scheduled...
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) Stage 1
of 5 (De
vice Prepare) complete.
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) Stage 2
of 5 (Device Configure) starting...
Dec 18 14:22:15 omni NetworkManager: <info>  (wlan0): device state
change: 4 ->5
Dec 18 14:22:15 omni NetworkManager: <info>  Activation
(wlan0/wireless): access point 'dd-wrt' has security, but secrets are
required.
Dec 18 14:22:15 omni NetworkManager: <info>  (wlan0): device state
change: 5 ->6
Dec 18 14:22:15 omni NetworkManager: <info>  Activation (wlan0) Stage 2
of 5 (Device Configure) complete.
Dec 18 14:22:15 omni nm-system-settings: add_secrets: unhandled secret
private-key type GArray_guchar_
Dec 18 14:22:15 omni nm-system-settings: add_secrets: unhandled secret
phase2-private-key type GArray_guchar_
"""

Hope this helps,

John.

References:
- WPA Enterprise (EAP-TLS) system connection
  - From: John S. Skogtvedt
- Re: WPA Enterprise (EAP-TLS) system connection
  - From: Dan Williams
- Re: WPA Enterprise (EAP-TLS) system connection
  - From: John S. Skogtvedt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]