On Wed, 2018-06-27 at 13:32 -0700, Joel Goguen via networkmanager-list wrote:
NetworkManager 1.10.10 Fedora 28 x86_64 GNOME Shell network manager (not nm-applet) I have two Ethernet connection profiles defined for NetworkManager, one with 802.1X authentication configured ("Home Ethernet") and one without ("Open Ethernet"). I've noticed when I'm on a non-802.1X Ethernet network it takes a long time to fail, so in the keyfile for Home Ethernet I defined "autoconnect- priority=100" and "autoconnect-retries=2" in the [connection] section and "auth- timeout=5" in the [802-1x] section. In Open Ethernet I haven't defined any of those properties. NetworkManager.conf only defines "dns=default". The first time connecting to Ethernet (neither profile has a "timestamp" entry) on a non-802.1X network it correctly attempts Home Ethernet first and falls back to Open Ethernet after ~10 seconds. But after that, when returning to my authenticated network (sometimes freshly booting, sometimes waking from sleep), NetworkManager is trying Open Ethernet first. Problem is, if 802.1X fails it gives a valid IP address with limited connectivity. So while NetworkManager did successfully configure a connection, it used the wrong profile. How can I convince NetworkManager to either always try Home Ethernet first and only use Open Ethernet iff Home Ethernet fails? It would also be fine (maybe preferable?) to make Home Ethernet try 802.1X but fall back to non- 802.1X after some timeout and only fail the connection if both fail to configure the connection.
Hi, at the time when NM searches for a suitable profile to autoactivate, is the one with the higher available for autoconnect? For example, as it is 802-1x, does it have the required secrets? Either ensure that the secrets are persisted in the profile itself (in plain text, by setting password-flags to 0 (see "Secret flag types" in `man nm-settings`). Alternatively, there needs to be a suitable application around, that can provide the secrets... such an application for example would be nm- applet (which also may not just prompt the user, but get the secrets from the keyring). But nm-applet won't be suitable for you in this case, because it doesn't run yet when NM is starting to autoactivate the profile. So, this is complicated, as it would require you to come up with a suitable secrets provider program... btw, while you are welcome to edit keyfiles by hand, it seems using nmcli would be more convenient (or any other suitable client tool like nm-connection-editor, gnome-control-center, or nmtui). best, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part