Re: How to activate MAC address randomization?



On Sun, 2016-05-15 at 19:28 +0000, François Boulogne wrote:
Hi,

Hi,




I also tried on my side and it didn't work. Here are the details. I'm
using
archlinux and I compiled wpa_supplicant from git (cloned today). I'm
using
networkmanager 1.2.2.

In /etc/wpa_supplicant/wpa_supplicant.conf,

When you run wpa-supplicant via NetworkManager, NM configures the
supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf
still is used (depending on your configuration), I don't think it
matters nor is does it sound right to do.

I turned the options (mac_addr
(x2) and preassoc_mac_addr) to 1 or 2.

When NM detects support in wpa-supplicant, it always sets
PreassocMacAddr to 1. This setting is only relevant during scanning,
and thus NM *always* enables it.

The mac-address-randomization connection-setting on the other hand,
configures the behavior while being connected.


For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, I
put
mac-address-randomization=2 (I also empty mac-address at some point).

Then, I reload: systemctl reload wpa_supplicant && systemctl reload
NetworkManager

you can edit keyfiles in /etc/NetworkManager/system-connections, but
afterwards you must issue `nmcli connection reload` -- not `systemctl
reload`. The former reloads connections from disk, the latter reloads
NetworkManager configuration.

Well, whatever the details here... Lets just assume after editing the
files you did sufficiently reload the involved components :)



Simultaneously, I used

watch ip addr show  wlp3s0

to check the MAC address. I noticed that a first address (different
to the
physical one) was attributed but before the connection was
established.

You mean, during scanning it was randomized? That sounds right as NM
always sets PreassocMacAddr=1

And
then, a second one corresponding to the physical one was used to
establish
the connection. Looking at journalctl -xn confirmed what I saw.

I checked with 
nmcli connection show TNCAP1CA11F
that the random field (802-11-wireless.mac-address-randomization) was
on
"always". 


I noticed that if I added a section [connection] in
/etc/NetworkManager/NetworkManager.conf with
wifi.mac-address-randomization=1 and in
/etc/NetworkManager/system-connections/TNCAP1CA11F, I put
mac-address-randomization=1, nmcli connection show TNCAP1CA11F was on
"never".

Editing [connection] section in /etc/NetworkManager/NetworkManager.conf
allows you to configure default-values for connection properties.
But those default values *only* take effect, when the value in the
connection itself is set to "default".

That is, if `nmcli connection show TNCAP1CA11F` gives "never" or
"always", the default value is completely ignored, because the per-
connection setting is preferred.

For the default-value to be used, `nmcli connection show TNCAP1CA11F`
must show you "mac-address-randomzation=default".


(as explained in `man NetworkManager.conf`).


You say that you edit various files, but beware that you have to reload
stuff afterwards.
For that reason, it's simpler you just do

  nmcli connection modify TNCAP1CA11F \
     802-11-wireless.mac-address-randomization default


-- note that after changing a connection, you must always re-activate
the connection to take effect.

(that is, `nmcli connection up TNCAP1CA11F`).

I'm puzzled with this. I have no clue where I can be wrong. The doc
of both
projects didn't help me much on that. I also tried different
combinations of
option, without any success. Any thought?



Thomas

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]