Static Talk:Network/802.1X client settings

From 34C3_Wiki
Jump to: navigation, search

There should be an advice in the NetworkManager paragraph that the ca_cert path must be customized according to the distro used (e.g. "# ca path on debian 7.x, modify accordingly" like in the wpa_supplicant paragraph).

---

there should be an advise that the /etc/NetworkManager/system-connections/34C3 has to be read-writeable only by root. if it is created with umask 022 and has an octet like 644. the NetworkManager wont read it. 

sudo chmod 600 /etc/NetworkManager/system-connections/34C3

helps.

---

NetworkManager is spelled without the space.

To configure NetworkManager from the command line, use: 

nmcli c add type wifi ifname '*' ssid 34C3 \
        connection.id 34C3 \
        802-11-wireless-security.key-mgmt wpa-eap \ 
        802-1x.eap ttls \ 
        802-1x.phase2-auth pap  \ 
        802-1x.identity edward \ 
        802-1x.password snowden \ 
        802-1x.ca-cert /etc/ssl/certs/DST_Root_CA_X3.pem \ 
        802-11-wireless.mac-address-randomization always

Advantage: The connection is available without having to reload the configuration files.

Disadvantage: The above command does not create a configuration file. This presumably means that the results of the command are not persistent.

That is not correct. On Fedora it might be handled by the ifcfg plugin and end up in /etc/sysconfig/network-scripts instead --Lkundrak (talk) 11:36, 28 December 2017 (CET)

Disadvantage: Lubuntu's indicator applet at least does not display the name of this connection as "34C3"; instead, it shows it as "wifi", which can be confusing. It may help to add this to the command: 

connection.id 34C3
Yes, this helps. I'm editing the command above. --Lkundrak (talk) 11:36, 28 December 2017 (CET)

This does make an appropriate entry appear in NetworkManager's list of hidden networks. However, since I could never get a working connection on my system, I can not test whether this works.

This is likely entirely unrelated. The command in fact creates a network entirely equivalent to the example. Did you check the log? Is your CA certificate correct? --Lkundrak (talk) 11:36, 28 December 2017 (CET)

linux network manager

Terminal command to make the 600 thing: 

sudo chmod 600 /etc/NetworkManager/system-connections/34C3

you may need to restart your OS after the change takes effect, or just restart the NetworkManager service: 

sudo systemctl restart NetworkManager.service

or tell it to reload its configuration: 

sudo nmcli c reload

Jolla / Connman

Does not work for me on Xperia X. anyone had success?--Wuestenschiff (talk) 15:20, 28 December 2017 (CET)

Bug report: section interfaces is not quite correct

The value for "wpa-ca_cert" must not be quoted.

Retrieved from "https://events.ccc.de/congress/2017/wiki/index.php?title=Static_Talk:Network/802.1X_client_settings&oldid=9559"