Re: What is needed for NetworkManager and WPA2 Enterprise?



On Wed, 25 Sep 2019 at 12:33, Paul Menzel <pmenzel molgen mpg de> wrote:
On 25.09.19 12:27, Andrew Zaborowski wrote:
I replied to that issue but provisioning EAP networks other than
through the config files is not currently on IWD's todo list.  You
didn't really explain your use case.  The logic is that the user
shouldn't have to touch that configuration, it should be enough for
them or their admin to drop the network's configuration file into
/var/lib/iwd.  There is specific code in the NM iwd-backend to make
sure no extra NM-side configuration is required after this is done
correctly.

...

There are self-managed devices. In our case these are scientists using
the Eduroam net. It was possible to configure such a network before
using the GNOME WiFi dialog, and I think it should continue to be supported.

So I know Eduroam admins may not be very cooperative but they still
have to provide users with the certificate file, the private key and
hopefully some instructions on the site's Eduroam configuration (the
EAP methods and other details vary between campuses) so it'd actually
be easier for them to provide the config file directly, and it'd also
be easier for their users.  This can also be done by one your users
provided everyone has their certificate and private key already.

I believe there's now also an auto-configuration tool for eduroam
called CAT.  Maybe you should also address proposals to that project.
When I was an eduroam user myself I didn't use CAT, I actually used
the GNOME nm-applet's wifi dialog to configure access but it took me
many attempts and was far from the ideal way to do this.  I remember
the admins did provide mac-compatible config files and today I'd much
prefer to simply convert that using our script (in
tools/ios_convert.py) than to have to guess individual eap settings.

I don't believe the script has been tested with eduroam yet.


Also it looks like, the password is stored in plain text in the iwd
configuration file (in some examples).

While this is not recommended the password can be stored in the config
file so that you don't have to type it through the secrets dialog
every time, it's your or the admin's choice.

Best regards


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]