Re: Network Manager Wifi AP without WPS Pin?

Hello Thomas, 

Thanks a lot for your reply. This is really helpful.

In the meantime I found that this issue got fixed last month in Network Manager:

But because we do not have a way to use the latest version it would be wonderful to find a workaround. 

I tried to disable wps in the wpa_supplicant config [1] file but this did not work. Is this the right way to adjust it? Is this even the wpa_supplicant config used by network manager?

Thanks a lot and best regards,


[1] Added to

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

On 9. Apr 2021, at 08:42, Thomas Haller <thaller redhat com> wrote:

On Wed, 2021-04-07 at 17:18 +0200, Florian Klein wrote:
Dear Network Manager Experts, 

we are opening an Access Point with network manager (on a RPI4 with
Raspbian) and everything is working fine except that when connecting
from Windows 10 we are asked for a pin first (probably wps pin) instead
of getting shown directly the passphrase field to enter. This is not
observed on Mac and Linux.

Our wifi-ap configuration:
sudo nmcli c add con-name wifi-ap type wifi ssid test ifname
wlan0 save yes autoconnect yes 802-11-wireless.mode ap 802-11- bg ipv4.method shared wifi-sec.key-mgmt wpa-psk wifi-
sec.psk "test1234"

We already tried multiple configurations from the provided page:
- wps-method 1
- proto rsn
- pairwise ccmp

But nothing really helped. Would be fantastic to get your support here.

Hi Florian,

in another email you said that you are using Version 1.14.6, from
Raspian10. That's is quite an old version and it might be interesting
to try a recent version. But in practice, I don't think your question
will be solved by that, so OK.

NetworkManager's "wifi.mode ap" is something simple that is mainly
aimed for simple setups. The reason is that if you run a "serious"
access point, you might want to configure countless parameters related
to Wi-Fi, but then also want more control over the DHCP and DNS server.
NetworkManager does that all, but the configuration options are not
that extended. So, consider whether NetworkManager is the right choice
here. But we really want NetworkManager to be stellar also in such
cases, so it's not that we say: "such usecase is not supported". But:
"maybe it doesn't work that well yet, but we'd hope to improve on that
(e.g. by adding new configuration options and fix issues in certain

OK, more to your actual question...

NetworkManager uses wpa_supplicant's AP mode. wpa_supplicant is the
sibling of hostapd, and both are highly configurable. Your problem
indeed seems to be related to WPS. I am not familiar with this, so I
don't know the solution. I would think you first should understand how
to configure this in wpa_supplicant (or hostapd). And then, in a second
step, how to bring NetworkManager to get that right.

What NetworkManager does, is relatively simple. Enable `level=TRACE`
logging (see [1]), then NetworkManager will log the options that it
sets in supplicant, like

  Config: added 'mode' value '2'

('2' means AP mode). NetworkManager configures wpa_supplicant via the
D-Bus API.

I think there is a "wps_disabled" option in wpa_supplicant.conf. It's
not clear whether "wps_disabled" is really the right solution to your
problem. But if it is, you might be able to set that in
wpa_supplicant.conf so that it gets honored.

If it's really about wps_disabled, I guess you could also re-compile
supplicant package without WPS support. Would be at least interesting
as a try.

If that is the right solution, then maybe this should be set by
NetworkManager (but I think the flag is currenlty not configurable via
D-Bus(?)). Anyway, it would be interesting later to improve
NetworkManager to get this right.


hope this gave you some ideas,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]