On Sun, 2016-05-15 at 22:36 +0200, forum sciunto org wrote:
Thank you Thomas for you quick reply.When you run wpa-supplicant via NetworkManager, NM configures the supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf still is used (depending on your configuration), I don't think it matters nor is does it sound right to do.OK, so now, I commented these three options in wpa_supplicant.conf, so it's back to the default values.For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, I put mac-address-randomization=2 (I also empty mac-address at some point). Then, I reload: systemctl reload wpa_supplicant && systemctl reload NetworkManageryou can edit keyfiles in /etc/NetworkManager/system-connections, but afterwards you must issue `nmcli connection reload` -- not `systemctl reload`. The former reloads connections from disk, the latter reloads NetworkManager configuration. Well, whatever the details here... Lets just assume after editing the files you did sufficiently reload the involved components :)Yes, I always reload both wpa_supplicant and NM before checking a configuration. It might be overkill... :) but I took this precaution. Sorry, I made a typo also, I wanted to write systemctl restart, so I'm sure that the process is killed.to check the MAC address. I noticed that a first address (different to the physical one) was attributed but before the connection was established.You mean, during scanning it was randomized? That sounds right as NM always sets PreassocMacAddr=1Yes and yes. That was something positive to me.And then, a second one corresponding to the physical one was used to establish the connection. Looking at journalctl -xn confirmed what I saw. I checked with nmcli connection show TNCAP1CA11F that the random field (802-11-wireless.mac-address-randomization) was on "always". I noticed that if I added a section [connection] in /etc/NetworkManager/NetworkManager.conf with wifi.mac-address-randomization=1 and in /etc/NetworkManager/system-connections/TNCAP1CA11F, I put mac-address-randomization=1, nmcli connection show TNCAP1CA11F was on "never".Editing [connection] section in /etc/NetworkManager/NetworkManager.conf allows you to configure default-values for connection properties. But those default values *only* take effect, when the value in the connection itself is set to "default". That is, if `nmcli connection show TNCAP1CA11F` gives "never" or "always", the default value is completely ignored, because the per- connection setting is preferred.Sorry I was not clear here. Let me clarify the config in both files and the output of the command + the MAC address. As I write, I redo the tests. Case 1: * [connection] wifi.mac-address-randomization=1 * mac-address-randomization=0 -> default and physical MAC address Case 2: * [connection] wifi.mac-address-randomization=1 * mac-address-randomization=1 -> never and physical MAC address Case 3: * [connection] wifi.mac-address-randomization=1 * mac-address-randomization=2 -> always and physical MAC address If I comment the default option (ie I comment lines [connection] and the next line wifi.mac-address-randomization=1), case 1, 2 and 3, give the same results. The only thing I do not understand is why the mac address is not randomized for cases 2 or 3, for an established connection? Do you agree that my expectations are correct?
Hi, don't get confused by the [connection] setting in /etc/NetworkManager/NetworkManger.conf. So, if you explicitly set the value per-connection, the default does not matter. If you want to test this, just set an explicit value to either "never" or "always". nmcli connection modify $CONNECTION \ 802-11-wireless.mac-address-randomization always
DETAILS:
As described in `man NetworkManager.conf`, [connection] allows you to overwrite the default-values for certain settings -- iff the setting is left unspecified in the corresponding per-connection setting. E.g. if your connection shows nmcli connection show $CONNECTION 802-11-wireless.mac-address-randomization:default then (and only then), NetworkManager will check whether the default value is overwritten in NetworkManager.conf. If also no default value is found in the [connection] section, it determines the default somehow different: - in case of wifi.mac-address-randomization the fallback value is "never" - in case of ipv6.ip6-privacy it reads /proc/sys/net/ipv6/conf/default/use_tempaddr - etc. Yes, if you want to enable randomization by default, then you could put [connection] wifi.mac-address-randomization=2 to NetworkManager.conf, and all connection that have their value set to "default" will have it enabled. But for testing, that doesn't matter!! <<<<<<
For the default-value to be used, `nmcli connection show TNCAP1CA11F` must show you "mac-address-randomzation=default".I agree.You say that you edit various files, but beware that you have to reload stuff afterwards. For that reason, it's simpler you just do nmcli connection modify TNCAP1CA11F \ 802-11-wireless.mac-address-randomization default -- note that after changing a connection, you must always re- activate the connection to take effect. (that is, `nmcli connection up TNCAP1CA11F`).As said above, I restart(ed) wpa_supp and nm with systemctl. Then, I always check that nm-applet is connected to that SSID before reading the mac address. I also tried your solution but it is the same as we may guess. I probably miss something stupid as it seems to work for you.
Oh, I didn't actually test mac-addr-randomization myself :) I am definitely interested whether it works for you (but I still expect it works, if wpa-supplicant has support). best, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part