| Hello Thomas,
Regarding the wpa_supplicant I was also not successful in configuring it in such a way that WPS is not activated. If you come across a good idea, let me know.
Thanks a lot and best regards,
Florian Klein smartdings Weilimdorfer Straße 45 70825 Korntal-Münchingen +49 159 06450487 info smartdings comwww.smartdings.com Check out our visualisation solution: www.easyvis.io
On Fri, 2021-04-09 at 10:41 +0200, Florian Klein wrote: Hello Thomas,
Thanks a lot for your reply. This is really helpful.
In the meantime I found that this issue got fixed last month in
Network Manager:
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/756
Oh, I was not aware of this. But because we do not have a way to use the latest version it would
be wonderful to find a workaround.
if you rebuild NetworkManager, then it should be simple to backport this patch. But indeed, it is undesirable to maintain your own package... I tried to disable wps in the wpa_supplicant config [1] file but this
did not work. Is this the right way to adjust it? Is this even the
wpa_supplicant config used by network manager?
I thought that might work. I tried, and even with debug logging wpa_supplicant does not log that it was reading the config file and it didn't complain about bogus entries in the configuration. But it should have used the file... I don't know. I'd suggest to run wpa_supplicant with debug logging (-ddd) and check the logs, if you didn't already do that. best, Thomas
Thanks a lot and best regards,
Florian
[1] Added to
/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
wps_disabled=1
update_config=1
country=DE
On 9. Apr 2021, at 08:42, Thomas Haller <thaller redhat com> wrote:
On Wed, 2021-04-07 at 17:18 +0200, Florian Klein wrote:
Dear Network Manager Experts,
we are opening an Access Point with network manager (on a RPI4
with
Raspbian) and everything is working fine except that when
connecting
from Windows 10 we are asked for a pin first (probably wps pin)
instead
of getting shown directly the passphrase field to enter. This is
not
observed on Mac and Linux.
Our wifi-ap configuration:
sudo nmcli c add con-name wifi-ap type wifi ssid test
ifname
wlan0 save yes autoconnect yes 802-11-wireless.mode ap 802-11-
wireless.band bg ipv4.method shared wifi-sec.key-mgmt wpa-psk
wifi-
sec.psk "test1234"
We already tried multiple configurations from the provided page:
https://developer.gnome.org/NetworkManager/stable/settings-802-11-wireless-security.html
like:
- wps-method 1
- proto rsn
- pairwise ccmp
But nothing really helped. Would be fantastic to get your support
here.
Thanks
Hi Florian,
in another email you said that you are using Version 1.14.6, from
Raspian10. That's is quite an old version and it might be
interesting
to try a recent version. But in practice, I don't think your
question
will be solved by that, so OK.
NetworkManager's "wifi.mode ap" is something simple that is mainly
aimed for simple setups. The reason is that if you run a "serious"
access point, you might want to configure countless parameters
related
to Wi-Fi, but then also want more control over the DHCP and DNS
server.
NetworkManager does that all, but the configuration options are not
that extended. So, consider whether NetworkManager is the right
choice
here. But we really want NetworkManager to be stellar also in such
cases, so it's not that we say: "such usecase is not supported".
But:
"maybe it doesn't work that well yet, but we'd hope to improve on
that
(e.g. by adding new configuration options and fix issues in certain
use-cases)".
OK, more to your actual question...
NetworkManager uses wpa_supplicant's AP mode. wpa_supplicant is the
sibling of hostapd, and both are highly configurable. Your problem
indeed seems to be related to WPS. I am not familiar with this, so
I
don't know the solution. I would think you first should understand
how
to configure this in wpa_supplicant (or hostapd). And then, in a
second
step, how to bring NetworkManager to get that right.
What NetworkManager does, is relatively simple. Enable
`level=TRACE`
logging (see [1]), then NetworkManager will log the options that it
sets in supplicant, like
Config: added 'mode' value '2'
('2' means AP mode). NetworkManager configures wpa_supplicant via
the
D-Bus API.
I think there is a "wps_disabled" option in wpa_supplicant.conf.
It's
not clear whether "wps_disabled" is really the right solution to
your
problem. But if it is, you might be able to set that in
wpa_supplicant.conf so that it gets honored.
If it's really about wps_disabled, I guess you could also re-
compile
supplicant package without WPS support. Would be at least
interesting
as a try.
If that is the right solution, then maybe this should be set by
NetworkManager (but I think the flag is currenlty not configurable
via
D-Bus(?)). Anyway, it would be interesting later to improve
NetworkManager to get this right.
[1]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/contrib/fedora/rpm/NetworkManager.conf#L49
hope this gave you some ideas,
best,
Thomas
|
