Re: Network Manager Wifi AP without WPS Pin?

Hello Thomas,

Sorry for the late reply. Georg Müller ( also highlighted the approach of back porting the patch and rebuild Network Manager. 

Regarding the wpa_supplicant I was also not successful in configuring it in such a way that WPS is not activated. If you come across a good idea, let me know.

Thanks a lot and best regards,

Florian Klein

Weilimdorfer Straße 45
70825 Korntal-Münchingen
+49 159 06450487
info smartdings com

Check out our visualisation solution:

On 9. Apr 2021, at 11:48, Thomas Haller <thaller redhat com> wrote:

On Fri, 2021-04-09 at 10:41 +0200, Florian Klein wrote:
Hello Thomas, 

Thanks a lot for your reply. This is really helpful.

In the meantime I found that this issue got fixed last month in
Network Manager:

Oh, I was not aware of this.

But because we do not have a way to use the latest version it would
be wonderful to find a workaround. 

if you rebuild NetworkManager, then it should be simple to backport
this patch. But indeed, it is undesirable to maintain your own

I tried to disable wps in the wpa_supplicant config [1] file but this
did not work. Is this the right way to adjust it? Is this even the
wpa_supplicant config used by network manager?

I thought that might work. I tried, and even with debug logging
wpa_supplicant does not log that it was reading the config file and it
didn't complain about bogus entries in the configuration. But it should
have used the file... I don't know.

I'd suggest to run wpa_supplicant with debug logging (-ddd) and check
the logs, if you didn't already do that.


Thanks a lot and best regards,


[1] Added to

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

On 9. Apr 2021, at 08:42, Thomas Haller <thaller redhat com> wrote:

On Wed, 2021-04-07 at 17:18 +0200, Florian Klein wrote:
Dear Network Manager Experts, 

we are opening an Access Point with network manager (on a RPI4
Raspbian) and everything is working fine except that when
from Windows 10 we are asked for a pin first (probably wps pin)
of getting shown directly the passphrase field to enter. This is
observed on Mac and Linux.

Our wifi-ap configuration:
sudo nmcli c add con-name wifi-ap type wifi ssid test
wlan0 save yes autoconnect yes 802-11-wireless.mode ap 802-11- bg ipv4.method shared wifi-sec.key-mgmt wpa-psk
sec.psk "test1234"

We already tried multiple configurations from the provided page:
- wps-method 1
- proto rsn
- pairwise ccmp

But nothing really helped. Would be fantastic to get your support

Hi Florian,

in another email you said that you are using Version 1.14.6, from
Raspian10. That's is quite an old version and it might be
to try a recent version. But in practice, I don't think your
will be solved by that, so OK.

NetworkManager's "wifi.mode ap" is something simple that is mainly
aimed for simple setups. The reason is that if you run a "serious"
access point, you might want to configure countless parameters
to Wi-Fi, but then also want more control over the DHCP and DNS
NetworkManager does that all, but the configuration options are not
that extended. So, consider whether NetworkManager is the right
here. But we really want NetworkManager to be stellar also in such
cases, so it's not that we say: "such usecase is not supported".
"maybe it doesn't work that well yet, but we'd hope to improve on
(e.g. by adding new configuration options and fix issues in certain

OK, more to your actual question...

NetworkManager uses wpa_supplicant's AP mode. wpa_supplicant is the
sibling of hostapd, and both are highly configurable. Your problem
indeed seems to be related to WPS. I am not familiar with this, so
don't know the solution. I would think you first should understand
to configure this in wpa_supplicant (or hostapd). And then, in a
step, how to bring NetworkManager to get that right.

What NetworkManager does, is relatively simple. Enable
logging (see [1]), then NetworkManager will log the options that it
sets in supplicant, like

  Config: added 'mode' value '2'

('2' means AP mode). NetworkManager configures wpa_supplicant via
D-Bus API.

I think there is a "wps_disabled" option in wpa_supplicant.conf.
not clear whether "wps_disabled" is really the right solution to
problem. But if it is, you might be able to set that in
wpa_supplicant.conf so that it gets honored.

If it's really about wps_disabled, I guess you could also re-
supplicant package without WPS support. Would be at least
as a try.

If that is the right solution, then maybe this should be set by
NetworkManager (but I think the flag is currenlty not configurable
D-Bus(?)). Anyway, it would be interesting later to improve
NetworkManager to get this right.


hope this gave you some ideas,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]