Re: How to activate MAC address randomization?

On 18.05.2016 16:49, Thomas Haller wrote:
On Wed, 2016-05-18 at 01:36 +0200, poma wrote:
On 16.05.2016 23:07, Chris Laprise wrote:

On 05/16/2016 12:03 PM, poma wrote:

On 13.05.2016 00:16, Dan Williams wrote:

On Fri, 2016-04-29 at 16:09 -0400, Chris Laprise wrote:


I just installed NetworkManager 1.2 in fedora 23 in the hopes
that I
get mac randomization working. Only problem is there's no
sign of a
setting for this in nmcli or the applet. I found a reference
to a
setting on the NetworkManager.conf manpage which states:

             If left unspecified, MAC address randomization
wpa_supplicant only gained the necessary functionality that
NetworkManager looks for back in late October 2015.  It was
after wpa_supplicant 2.5 but it appears there hasn't been a
since then.  But once that happens, or if you build supplicant
from git, NM will begin to use that capability if you've enable
it in
the NM configuration.


dbus: Expose interface globals via D-Bus properties - 2.5

Professor, your patch your move ;)
LOL, that's great. I hope this means the feature could land in
24, which has wpas 2.5.


# grep rand /etc/NetworkManager/NetworkManager.conf 

the value 2 here means ALWAYS:

typedef enum {
} NMSettingMacRandomization;

# nmcli connection show WiFiRd | grep rand

correct, so it is allowed to fallback to the global configuration

# journalctl -o cat -b -u NetworkManager | grep random
NetworkManager[2081]: <info>  [...] sup-iface[[...],wlp0s2f1u3]:
config: set MAC randomization to 1

here NM logs the value for the supplicant, that is supplicant's
"MacAddr" property, it is either 0 (no-rand) or 1 (randomization).

This is not the numeric value 2 (from NMSettingMacRandomization).

So, above is correct and as expected (albeit confusing).

The problem is that "rand-mac" does not work,
tested with patched 2.5 and 2.6-devel,
mt7601u and rt2800usb driven devices.

Why do you say that "rand-mac" does not work?


I actually have a question for you, and Lubo;

In the wpa_supplicant, Pre-association MAC random-ization is disabled per default:
Pre-association MAC address policy
# MAC address policy for pre-association operations (scanning, ANQP)
# 0 = use permanent MAC address
# 1 = use random MAC address
# 2 = like 1, but maintain OUI (with local admin bit set)

and the same was said, toward NetworkManager, in:
* Added an option to enable use of random MAC addresses for Wi-Fi access
    point scanning (defaults to disabled).  Controlled with
    'wifi.mac-address-randomization' property (MAC_ADDRESS_RANDOMIZATION key in
    ifcfg files).

-but- you said in:
When NM detects support in wpa-supplicant, it always sets
PreassocMacAddr to 1. This setting is only relevant during scanning,
and thus NM *always* enables it.

-and- as "published" by Lubo in:
What seems like a viable option is randomizing the MAC address while scanning,
changing it every now and then,
but still use the hard-wired MAC address for association and actual connectivity. [...]
With the upcoming NetworkManager 1.2 we’re doing this too. [...]
With the upcoming NetworkManager 1.2 (when using wpa_supplicant 2.4 or newer) we’re doing this too.

Is not that, as mentioned in the NEWS, in fact MAC random-ization per connecting, not MAC random-ization per 

That is, in the wpa_supplicant, Connection MAC random-ization:
MAC address policy default
# MAC address policy default
# 0 = use permanent MAC address
# 1 = use random MAC address for each ESS connection
# 2 = like 1, but maintain OUI (with local admin bit set)
# By default, permanent MAC address is used unless policy is changed by
# the per-network mac_addr parameter. Global mac_addr=1 can be used to
# change this default behavior.

toward NetworkManager, what -you- said in:
The mac-address-randomization connection-setting on the other hand,
configures the behavior while being connected.

-and- as "published" by Lubo in:
Could we randomize the permanent address too?
We added option for that to NetworkManager 1.2 too, but are leaving it off. [...]

What is what, and what is not!? :)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]