On Tue, 2021-01-26 at 15:07 +0100, IB Development Team via networkmanager-list wrote:
W dniu 26.01.2021 o 13:49, Beniamino Galvani pisze:Please verify if you have more than one connection for the SSID.Only one connection is defined for this SSID and every file /etc/NetworkManager/system-connections has ist unique UUID.After manually changing connection files, NM must be made aware of the changes with "nmcli connection reload". It's not necessary to restart the service. Please ensure that the modifications you did to the file were picked up by NM; to do that, check if the nmcli output contains the subject-match with:Executing "nmcli connection reload" nor "systemctl restart network-manager" after adding subject requirements does not work. NM shows added subject-match (with wrong value) in nmcli -o connection show <UUID> results but still connects ok. Change is applied only after WIFI connection restart from Gnome GUI or system reboot.
A connection profile is just that: a bunch of settings. Modifying a profile (which is what `nmcli connection reload` does), does not make the changes to the profile effective on an already activated device. If you modify a profile which is currently activated, the changes only take effect after activating the profile anew (which `nmcli connection up`).
Note that instead of changing the file manually and reloading connections, you can instead perform the change directly through nmcli with: nmcli connection modify <UUID> 802-1x.subject-match "foobar"When WIFI connection is established without subject-match in its config I've executed: # nmcli connection modify <UUID> 802-1x.subject-match "wrongname" # nmcli -o connection show <UUID> | grep subject-match 802-1x.subject-match: wrongname # nmcli connection reload # systemctl restart network-manager
Restarting NetworkManager process is almost always the wrong thing to do. If you want to activate a profile, then just do that (nmcli con up). If you modified a profile and want for the changes to take effect, (re) activate the profile.
Connection was established successfully. Then turned off and turned on WIFI from Gnome GUI and connection is not established with TLS: Subject '/CN=myssid' did not match with 'wrongname' in wpa_supplicant log. So NM restart nor "nmcli connection modify" is not enough to apply change (but NM see the change in "nmcli -o connection show <UUID>").
This prints the content of the profile. That of course takes effect immediately (during `nmcli connection modify` or `nmcli connection reload`). If the settings of a profile are not correctly used (when activating the profile), then that needs to be investigated. You'd do so by enabling level=TRACE level in the log ([1]) and see what NetworkManager tells to wpa_supplicant when activating the profile [1] https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/NetworkManager.conf#n28
Change in the opposite direction (removing manually subject-match parameter from connection config when connection is not established because of subject-match requirement) is applied immidiately after # systemctl restart network-manager
Attachment:
signature.asc
Description: This is a digitally signed message part