On Wed, 2021-04-07 at 17:18 +0200, Florian Klein wrote:
Dear Network Manager Experts,
we are opening an Access Point with network manager (on a RPI4 with
Raspbian) and everything is working fine except that when connecting
from Windows 10 we are asked for a pin first (probably wps pin) instead
of getting shown directly the passphrase field to enter. This is not
observed on Mac and Linux.
Our wifi-ap configuration:
sudo nmcli c add con-name wifi-ap type wifi ssid test ifname
wlan0 save yes autoconnect yes 802-11-wireless.mode ap 802-11-
wireless.band bg ipv4.method shared wifi-sec.key-mgmt wpa-psk wifi-
sec.psk "test1234"
We already tried multiple configurations from the provided page:
https://developer.gnome.org/NetworkManager/stable/settings-802-11-wireless-security.html
like:
- wps-method 1
- proto rsn
- pairwise ccmp
But nothing really helped. Would be fantastic to get your support here.
Thanks
Hi Florian,
in another email you said that you are using Version 1.14.6, from
Raspian10. That's is quite an old version and it might be interesting
to try a recent version. But in practice, I don't think your question
will be solved by that, so OK.
NetworkManager's "wifi.mode ap" is something simple that is mainly
aimed for simple setups. The reason is that if you run a "serious"
access point, you might want to configure countless parameters related
to Wi-Fi, but then also want more control over the DHCP and DNS server.
NetworkManager does that all, but the configuration options are not
that extended. So, consider whether NetworkManager is the right choice
here. But we really want NetworkManager to be stellar also in such
cases, so it's not that we say: "such usecase is not supported". But:
"maybe it doesn't work that well yet, but we'd hope to improve on that
(e.g. by adding new configuration options and fix issues in certain
use-cases)".
OK, more to your actual question...
NetworkManager uses wpa_supplicant's AP mode. wpa_supplicant is the
sibling of hostapd, and both are highly configurable. Your problem
indeed seems to be related to WPS. I am not familiar with this, so I
don't know the solution. I would think you first should understand how
to configure this in wpa_supplicant (or hostapd). And then, in a second
step, how to bring NetworkManager to get that right.
What NetworkManager does, is relatively simple. Enable `level=TRACE`
logging (see [1]), then NetworkManager will log the options that it
sets in supplicant, like
Config: added 'mode' value '2'
('2' means AP mode). NetworkManager configures wpa_supplicant via the
D-Bus API.
I think there is a "wps_disabled" option in wpa_supplicant.conf. It's
not clear whether "wps_disabled" is really the right solution to your
problem. But if it is, you might be able to set that in
wpa_supplicant.conf so that it gets honored.
If it's really about wps_disabled, I guess you could also re-compile
supplicant package without WPS support. Would be at least interesting
as a try.
If that is the right solution, then maybe this should be set by
NetworkManager (but I think the flag is currenlty not configurable via
D-Bus(?)). Anyway, it would be interesting later to improve
NetworkManager to get this right.
[1]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/contrib/fedora/rpm/NetworkManager.conf#L49
hope this gave you some ideas,
best,
Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part