Re: How to activate MAC address randomization?

From: forum sciunto org
To: Thomas Haller <thaller redhat com>, networkmanager-list gnome org
Subject: Re: How to activate MAC address randomization?
Date: Sun, 15 May 2016 22:36:13 +0200

Thank you Thomas for you quick reply.

When you run wpa-supplicant via NetworkManager, NM configures the
supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf
still is used (depending on your configuration), I don't think it
matters nor is does it sound right to do.


OK, so now, I commented these three options in wpa_supplicant.conf, so
it's back to the default values.

For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, I
put
mac-address-randomization=2 (I also empty mac-address at some point).

Then, I reload: systemctl reload wpa_supplicant && systemctl reload
NetworkManager

you can edit keyfiles in /etc/NetworkManager/system-connections, but
afterwards you must issue `nmcli connection reload` -- not `systemctl
reload`. The former reloads connections from disk, the latter reloads
NetworkManager configuration.

Well, whatever the details here... Lets just assume after editing the
files you did sufficiently reload the involved components :)


Yes, I always reload both wpa_supplicant and NM before checking a
configuration. It might be overkill... :)
but I took this precaution.
Sorry, I made a typo also, I wanted to write systemctl restart, so I'm
sure that the process is killed.

to check the MAC address. I noticed that a first address (different
to the
physical one) was attributed but before the connection was
established.

You mean, during scanning it was randomized? That sounds right as NM
always sets PreassocMacAddr=1


Yes and yes. That was something positive to me.

And
then, a second one corresponding to the physical one was used to
establish
the connection. Looking at journalctl -xn confirmed what I saw.

I checked with 
nmcli connection show TNCAP1CA11F
that the random field (802-11-wireless.mac-address-randomization) was
on
"always". 


I noticed that if I added a section [connection] in
/etc/NetworkManager/NetworkManager.conf with
wifi.mac-address-randomization=1 and in
/etc/NetworkManager/system-connections/TNCAP1CA11F, I put
mac-address-randomization=1, nmcli connection show TNCAP1CA11F was on
"never".

Editing [connection] section in /etc/NetworkManager/NetworkManager.conf
allows you to configure default-values for connection properties.
But those default values *only* take effect, when the value in the
connection itself is set to "default".

That is, if `nmcli connection show TNCAP1CA11F` gives "never" or
"always", the default value is completely ignored, because the per-
connection setting is preferred.


Sorry I was not clear  here. Let me clarify the config in both files and
the output of the command + the MAC address.
As I write, I redo the tests.
Case 1:
* [connection] wifi.mac-address-randomization=1
* mac-address-randomization=0
-> default and physical MAC address

Case 2:
* [connection] wifi.mac-address-randomization=1
* mac-address-randomization=1
-> never and physical MAC address

Case 3:
* [connection] wifi.mac-address-randomization=1
* mac-address-randomization=2
-> always and physical MAC address


If I comment the default option (ie I comment lines [connection] and the
next line wifi.mac-address-randomization=1), case 1, 2 and 3, give the
same results.

The only thing I do not understand is why the mac address is not
randomized for cases 2 or 3, for an established connection?
Do you agree that my expectations are correct?


For the default-value to be used, `nmcli connection show TNCAP1CA11F`
must show you "mac-address-randomzation=default".

I agree.

You say that you edit various files, but beware that you have to reload
stuff afterwards.
For that reason, it's simpler you just do

  nmcli connection modify TNCAP1CA11F \
     802-11-wireless.mac-address-randomization default


-- note that after changing a connection, you must always re-activate
the connection to take effect.

(that is, `nmcli connection up TNCAP1CA11F`).


As said above, I restart(ed)  wpa_supp and nm with systemctl. Then, I
always check that nm-applet is connected to that SSID before reading the
mac address. I also tried your solution but it is the same as we may guess.

I probably miss something stupid as it seems to work for you.

Thanks.

-- 
François Boulogne.
http://www.sciunto.org
GPG: 32D5F22F

Follow-Ups:
- Re: How to activate MAC address randomization?
  - From: Thomas Haller

References:
- Re: How to activate MAC address randomization?
  - From: Dan Williams
- Re: How to activate MAC address randomization?
  - From: Chris Laprise
- Re: How to activate MAC address randomization?
  - From: poma
- Re: How to activate MAC address randomization?
  - From: François Boulogne
- Re: How to activate MAC address randomization?
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]