On Wed, 2018-06-27 at 13:32 -0700, Joel Goguen via networkmanager-list wrote:
NetworkManager 1.10.10
Fedora 28 x86_64
GNOME Shell network manager (not nm-applet)
I have two Ethernet connection profiles defined for NetworkManager,
one with
802.1X authentication configured ("Home Ethernet") and one without
("Open
Ethernet"). I've noticed when I'm on a non-802.1X Ethernet network it
takes a
long time to fail, so in the keyfile for Home Ethernet I defined
"autoconnect-
priority=100" and "autoconnect-retries=2" in the [connection] section
and "auth-
timeout=5" in the [802-1x] section. In Open Ethernet I haven't
defined any of
those properties. NetworkManager.conf only defines "dns=default".
The first time connecting to Ethernet (neither profile has a
"timestamp" entry)
on a non-802.1X network it correctly attempts Home Ethernet first and
falls back
to Open Ethernet after ~10 seconds. But after that, when returning to
my
authenticated network (sometimes freshly booting, sometimes waking
from sleep),
NetworkManager is trying Open Ethernet first. Problem is, if 802.1X
fails it
gives a valid IP address with limited connectivity. So while
NetworkManager did
successfully configure a connection, it used the wrong profile.
How can I convince NetworkManager to either always try Home Ethernet
first and
only use Open Ethernet iff Home Ethernet fails? It would also be fine
(maybe
preferable?) to make Home Ethernet try 802.1X but fall back to non-
802.1X after
some timeout and only fail the connection if both fail to configure
the
connection.
Hi, at the time when NM searches for a suitable profile to autoactivate, is the one with the higher available for autoconnect? For example, as it is 802-1x, does it have the required secrets? Either ensure that the secrets are persisted in the profile itself (in plain text, by setting password-flags to 0 (see "Secret flag types" in `man nm-settings`). Alternatively, there needs to be a suitable application around, that can provide the secrets... such an application for example would be nm- applet (which also may not just prompt the user, but get the secrets from the keyring). But nm-applet won't be suitable for you in this case, because it doesn't run yet when NM is starting to autoactivate the profile. So, this is complicated, as it would require you to come up with a suitable secrets provider program... btw, while you are welcome to edit keyfiles by hand, it seems using nmcli would be more convenient (or any other suitable client tool like nm-connection-editor, gnome-control-center, or nmtui). best, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part