Re: How to activate MAC address randomization?

On Sun, 2016-05-15 at 22:36 +0200, forum sciunto org wrote:
Thank you Thomas for you quick reply.

When you run wpa-supplicant via NetworkManager, NM configures the
supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf
still is used (depending on your configuration), I don't think it
matters nor is does it sound right to do.
OK, so now, I commented these three options in wpa_supplicant.conf,
it's back to the default values.

For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F,
mac-address-randomization=2 (I also empty mac-address at some

Then, I reload: systemctl reload wpa_supplicant && systemctl
you can edit keyfiles in /etc/NetworkManager/system-connections,
afterwards you must issue `nmcli connection reload` -- not
reload`. The former reloads connections from disk, the latter
NetworkManager configuration.

Well, whatever the details here... Lets just assume after editing
files you did sufficiently reload the involved components :)
Yes, I always reload both wpa_supplicant and NM before checking a
configuration. It might be overkill... :)
but I took this precaution.
Sorry, I made a typo also, I wanted to write systemctl restart, so
sure that the process is killed.

to check the MAC address. I noticed that a first address
to the
physical one) was attributed but before the connection was
You mean, during scanning it was randomized? That sounds right as
always sets PreassocMacAddr=1
Yes and yes. That was something positive to me.

then, a second one corresponding to the physical one was used to
the connection. Looking at journalctl -xn confirmed what I saw.

I checked with 
nmcli connection show TNCAP1CA11F
that the random field (802-11-wireless.mac-address-randomization) 

I noticed that if I added a section [connection] in
/etc/NetworkManager/NetworkManager.conf with
wifi.mac-address-randomization=1 and in
/etc/NetworkManager/system-connections/TNCAP1CA11F, I put
mac-address-randomization=1, nmcli connection show TNCAP1CA11F
was on
Editing [connection] section in
allows you to configure default-values for connection properties.
But those default values *only* take effect, when the value in the
connection itself is set to "default".

That is, if `nmcli connection show TNCAP1CA11F` gives "never" or
"always", the default value is completely ignored, because the per-
connection setting is preferred.
Sorry I was not clear  here. Let me clarify the config in both files
the output of the command + the MAC address.
As I write, I redo the tests.
Case 1:
* [connection] wifi.mac-address-randomization=1
* mac-address-randomization=0
-> default and physical MAC address

Case 2:
* [connection] wifi.mac-address-randomization=1
* mac-address-randomization=1
-> never and physical MAC address

Case 3:
* [connection] wifi.mac-address-randomization=1
* mac-address-randomization=2
-> always and physical MAC address

If I comment the default option (ie I comment lines [connection] and
next line wifi.mac-address-randomization=1), case 1, 2 and 3, give
same results.

The only thing I do not understand is why the mac address is not
randomized for cases 2 or 3, for an established connection?
Do you agree that my expectations are correct?


don't get confused by the [connection] setting in

So, if you explicitly set the value per-connection, the default does
not matter. If you want to test this, just set an explicit value to
either "never" or "always".

  nmcli connection modify $CONNECTION \
     802-11-wireless.mac-address-randomization always


As described in `man NetworkManager.conf`, [connection] allows you to
overwrite the default-values for certain settings -- iff the setting is
left unspecified in the corresponding per-connection setting.

E.g. if your connection shows

  nmcli connection show $CONNECTION

then (and only then), NetworkManager will check whether the default
value is overwritten in NetworkManager.conf.

If also no default value is found in the [connection] section, it
determines the default somehow different:
  - in case of wifi.mac-address-randomization the fallback value is 
  - in case of ipv6.ip6-privacy it reads
  - etc.

Yes, if you want to enable randomization by default, then you could put


to NetworkManager.conf, and all connection that have their value set to
"default" will have it enabled.

But for testing, that doesn't matter!!


For the default-value to be used, `nmcli connection show
must show you "mac-address-randomzation=default".

I agree.

You say that you edit various files, but beware that you have to
stuff afterwards.
For that reason, it's simpler you just do

  nmcli connection modify TNCAP1CA11F \
     802-11-wireless.mac-address-randomization default

-- note that after changing a connection, you must always re-
the connection to take effect.

(that is, `nmcli connection up TNCAP1CA11F`).
As said above, I restart(ed)  wpa_supp and nm with systemctl. Then, I
always check that nm-applet is connected to that SSID before reading
mac address. I also tried your solution but it is the same as we may

I probably miss something stupid as it seems to work for you.

Oh, I didn't actually test mac-addr-randomization myself :)
I am definitely interested whether it works for you (but I still expect
it works, if wpa-supplicant has support).


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]