On Fri, 2014-04-04 at 12:07 +0300, Omer Faruk SEN wrote:NetworkManager sends whatever you want it to send, so if you have a
> Hello all,
>
> I see that Ubuntu mistakenly do that.
> http://ubuntuforums.org/showthread.php?t=2202941 Sending
> "host/machine_name" mistakenly then I see that it is achieved
> NetworkManager but i am trying to figure out how can i do that on rhel
> since rhel NetworkManager on RHEL6 uses at
> /etc/NetworkManager/NetworkManager.conf
> [main]
> plugins=ifcfg-rh
>
>
> which uses /etc/sysconfig/network-scripts/ifcfg-* script files.
connection profile stored in /etc/sysconfig/network-scripts/, you can
set the username in the ifcfg file with:
IEEE_8021X_IDENTITY="whatever you want"
The password goes into a "keys-<name>" file with the same suffix as the
parent ifcfg-<name> file, so it would be:
IEEE_8021X_PASSWORD="the password you want"
note that the 'keys' files must be 0600 permissions, so even though the
password is saved there, it is not accessible to users unless that user
has permissions to edit system connections through PolicyKit.
There are more examples if ifcfg/keys files at:
http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/settings/plugins/ifcfg-rh/tests/network-scripts
Let us know if you have any more questions!
Dan
> Regards.
>
>
> On Fri, Apr 4, 2014 at 5:53 AM, Michael Butash <michael butash net> wrote:
>
> > Not as far as I have been able to tell per how windoze handles it. I
> > asked this a while back, and short answer is no.
> >
> > Working in an enterprise wireless environment, of course windoze does this
> > (only at boot/logout), macs do this too (somewhat poorly), but there is
> > nothing analogous in linux directly. I worked with setting up a
> > system-level profile (using the "All users may connect to this network"
> > setting under the profile) for machine certs gotten from M$ Ent CA that
> > would be used by default, but honestly I couldn't get NM to work right with
> > the certs and gave up before leaving the company.
> >
> > I found prior ubuntu 12.04 wouldn't for whatever reason invoke that
> > profile without login, bumping it up to 13.10 fixed it, so ymmv here too.
> > In theory, using a general "machine" or system profile should get the
> > system online, and if doing role derivation ala Clearpass/ISE, should stick
> > you in a suitable quarantine/restricted access to AD, and then once a user
> > logs in, would then switch profiles to theirs specifically for full
> > access. I never got to see this fully work due to apparently certificate
> > bugs with NM for eap-tls, but that's another discussion.
> >
> > I'd love to see this work, we had to do some hacks to get linux users on
> > wireless, as part of our eap server policy was verifying the asset by
> > machine auth, or an MDM in it's place. Since linux really doesn't do or
> > have either, we ended up fudging it in as an MDM-trusted asset for blind
> > trust and staying with PEAP passwords, but in a 3500 user company with 10
> > linux users, it was good enough.
> >
> > Using machine authentication is almost worse anyways, as no client handles
> > the transition well when role determines vlan access at the controller at a
> > L2 level, even windoze without specifically coa bouncing the association
> > hard (dhcp needs a link down/up to readdress). The whole business was
> > messy honestly, and just taught me not to rely on machine auth.
> >
> > It's be great to see this work still, but maybe something a company like
> > Likewise/Powerbroker or Centrify can handle to emulate gpo-ish machine auth
> > function like that for enterprise desktop linux to transition back and
> > forth from computer or user credentials, hopefully working better than
> > either win or mac.
> >
> > -mb
> >
> >
> >
> > On 04/03/2014 07:00 AM, Omer Faruk SEN wrote:
> >
> > Hello,
> >
> > I want to ask how can i use "Computer Authentication" on
> > NetworkManager-0.8.1. Is this a supported mode? If so where can i configure
> > it on the NM GUI?
> >
> > I am using RHEL 6.5 and I use NetworkManager-0.8.1-66.el6.x86_64
> >
> > I want to state that RHEL 6.5 has joined to Microsoft AD environment. On
> > Windows environment we have :
> >
> >
> >
> > As far as I see this is not possible on NM on any version but wanted to> > networkmanager-list mailing listnetworkmanager-list gnome orghttps://mail.gnome.org/mailman/listinfo/networkmanager-list
> > check it.
> >
> > Regards.
> >
> >
> >
> >
> > _______________________________________________
> >
> >
> >
> > _______________________________________________
> > networkmanager-list mailing list
> > networkmanager-list gnome org
> > https://mail.gnome.org/mailman/listinfo/networkmanager-list
> >
> >
> _______________________________________________
> networkmanager-list mailing list
> networkmanager-list gnome org
> https://mail.gnome.org/mailman/listinfo/networkmanager-list