Re: Prefer specific Ethernet profile

On Wed, 2018-06-27 at 13:32 -0700, Joel Goguen via networkmanager-list
NetworkManager 1.10.10
Fedora 28 x86_64
GNOME Shell network manager (not nm-applet)

I have two Ethernet connection profiles defined for NetworkManager,
one with
802.1X authentication configured ("Home Ethernet") and one without
Ethernet"). I've noticed when I'm on a non-802.1X Ethernet network it
takes a
long time to fail, so in the keyfile for Home Ethernet I defined
priority=100" and "autoconnect-retries=2" in the [connection] section
and "auth-
timeout=5" in the [802-1x] section. In Open Ethernet I haven't
defined any of
those properties. NetworkManager.conf only defines "dns=default".

The first time connecting to Ethernet (neither profile has a
"timestamp" entry)
on a non-802.1X network it correctly attempts Home Ethernet first and
falls back
to Open Ethernet after ~10 seconds. But after that, when returning to
authenticated network (sometimes freshly booting, sometimes waking
from sleep),
NetworkManager is trying Open Ethernet first. Problem is, if 802.1X
fails it
gives a valid IP address with limited connectivity. So while
NetworkManager did
successfully configure a connection, it used the wrong profile.

How can I convince NetworkManager to either always try Home Ethernet
first and
only use Open Ethernet iff Home Ethernet fails? It would also be fine
preferable?) to make Home Ethernet try 802.1X but fall back to non-
802.1X after
some timeout and only fail the connection if both fail to configure


at the time when NM searches for a suitable profile to autoactivate, is
the one with the higher available for autoconnect?

For example, as it is 802-1x, does it have the required secrets?

Either ensure that the secrets are persisted in the profile itself (in
plain text, by setting password-flags to 0 (see "Secret flag types" in
`man nm-settings`).

Alternatively, there needs to be a suitable application around, that
can provide the secrets... such an application for example would be nm-
applet (which also may not just prompt the user, but get the secrets
from the keyring). But nm-applet won't be suitable for you in this
case, because it doesn't run yet when NM is starting to autoactivate
the profile. So, this is complicated, as it would require you to come
up with a suitable secrets provider program...

btw, while you are welcome to edit keyfiles by hand, it seems using
nmcli would be more convenient (or any other suitable client tool like
nm-connection-editor, gnome-control-center, or nmtui).


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]