On Sun, 2016-05-15 at 22:36 +0200, fo...@sciunto.org wrote: > Thank you Thomas for you quick reply. > > > > > > When you run wpa-supplicant via NetworkManager, NM configures the > > supplicant via D-Bus. While /etc/wpa_supplicant/wpa_supplicant.conf > > still is used (depending on your configuration), I don't think it > > matters nor is does it sound right to do. > OK, so now, I commented these three options in wpa_supplicant.conf, > so > it's back to the default values. > > > > > > > > > > > For my SSID, /etc/NetworkManager/system-connections/TNCAP1CA11F, > > > I > > > put > > > mac-address-randomization=2 (I also empty mac-address at some > > > point). > > > > > > Then, I reload: systemctl reload wpa_supplicant && systemctl > > > reload > > > NetworkManager > > you can edit keyfiles in /etc/NetworkManager/system-connections, > > but > > afterwards you must issue `nmcli connection reload` -- not > > `systemctl > > reload`. The former reloads connections from disk, the latter > > reloads > > NetworkManager configuration. > > > > Well, whatever the details here... Lets just assume after editing > > the > > files you did sufficiently reload the involved components :) > Yes, I always reload both wpa_supplicant and NM before checking a > configuration. It might be overkill... :) > but I took this precaution. > Sorry, I made a typo also, I wanted to write systemctl restart, so > I'm > sure that the process is killed. > > > > > > > > > > to check the MAC address. I noticed that a first address > > > (different > > > to the > > > physical one) was attributed but before the connection was > > > established. > > You mean, during scanning it was randomized? That sounds right as > > NM > > always sets PreassocMacAddr=1 > Yes and yes. That was something positive to me. > > > > > > > > > > And > > > then, a second one corresponding to the physical one was used to > > > establish > > > the connection. Looking at journalctl -xn confirmed what I saw. > > > > > > I checked with > > > nmcli connection show TNCAP1CA11F > > > that the random field (802-11-wireless.mac-address-randomization) > > > was > > > on > > > "always". > > > > > > > > > I noticed that if I added a section [connection] in > > > /etc/NetworkManager/NetworkManager.conf with > > > wifi.mac-address-randomization=1 and in > > > /etc/NetworkManager/system-connections/TNCAP1CA11F, I put > > > mac-address-randomization=1, nmcli connection show TNCAP1CA11F > > > was on > > > "never". > > Editing [connection] section in > > /etc/NetworkManager/NetworkManager.conf > > allows you to configure default-values for connection properties. > > But those default values *only* take effect, when the value in the > > connection itself is set to "default". > > > > That is, if `nmcli connection show TNCAP1CA11F` gives "never" or > > "always", the default value is completely ignored, because the per- > > connection setting is preferred. > Sorry I was not clear here. Let me clarify the config in both files > and > the output of the command + the MAC address. > As I write, I redo the tests. > Case 1: > * [connection] wifi.mac-address-randomization=1 > * mac-address-randomization=0 > -> default and physical MAC address > > Case 2: > * [connection] wifi.mac-address-randomization=1 > * mac-address-randomization=1 > -> never and physical MAC address > > Case 3: > * [connection] wifi.mac-address-randomization=1 > * mac-address-randomization=2 > -> always and physical MAC address > > > If I comment the default option (ie I comment lines [connection] and > the > next line wifi.mac-address-randomization=1), case 1, 2 and 3, give > the > same results. > > The only thing I do not understand is why the mac address is not > randomized for cases 2 or 3, for an established connection? > Do you agree that my expectations are correct?
Hi, don't get confused by the [connection] setting in /etc/NetworkManager/NetworkManger.conf. So, if you explicitly set the value per-connection, the default does not matter. If you want to test this, just set an explicit value to either "never" or "always". nmcli connection modify $CONNECTION \ 802-11-wireless.mac-address-randomization always >>>> DETAILS: As described in `man NetworkManager.conf`, [connection] allows you to overwrite the default-values for certain settings -- iff the setting is left unspecified in the corresponding per-connection setting. E.g. if your connection shows nmcli connection show $CONNECTION 802-11-wireless.mac-address-randomization:default then (and only then), NetworkManager will check whether the default value is overwritten in NetworkManager.conf. If also no default value is found in the [connection] section, it determines the default somehow different: - in case of wifi.mac-address-randomization the fallback value is "never" - in case of ipv6.ip6-privacy it reads /proc/sys/net/ipv6/conf/default/use_tempaddr - etc. Yes, if you want to enable randomization by default, then you could put [connection] wifi.mac-address-randomization=2 to NetworkManager.conf, and all connection that have their value set to "default" will have it enabled. But for testing, that doesn't matter!! <<<<<< > > > > > > > For the default-value to be used, `nmcli connection show > > TNCAP1CA11F` > > must show you "mac-address-randomzation=default". > > > I agree. > > > > > You say that you edit various files, but beware that you have to > > reload > > stuff afterwards. > > For that reason, it's simpler you just do > > > > nmcli connection modify TNCAP1CA11F \ > > 802-11-wireless.mac-address-randomization default > > > > > > -- note that after changing a connection, you must always re- > > activate > > the connection to take effect. > > > > (that is, `nmcli connection up TNCAP1CA11F`). > As said above, I restart(ed) wpa_supp and nm with systemctl. Then, I > always check that nm-applet is connected to that SSID before reading > the > mac address. I also tried your solution but it is the same as we may > guess. > > I probably miss something stupid as it seems to work for you. Oh, I didn't actually test mac-addr-randomization myself :) I am definitely interested whether it works for you (but I still expect it works, if wpa-supplicant has support). best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list