Re: Pre-configuring an ethernet interface
On 01/09/2013 11:17 AM, Justin Maggard wrote: I have a system with multiple ethernet interfaces, and I'm a bit confused as to how connman is expected to work with this. How can I get connman to give me a list of all interfaces, both with and without a carrier? The You need to use the dbus interfaces to do that. Try to use the scripts that comes with connman. to enable ethernet: test-connman enable ethernet lists all the services: test-connman services ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: connman wlan0 scan gets stuck?
Hi Stan, On 01/03/2013 10:38 PM, Stan Hu wrote: I'm running connman v1.4 and wpa-supplicant v0.73 (old, I know), but before I try upgrading everything--which is not a trivial matter since the software needs to be deployed on hundreds of devices--I want to understand the issue. Can you scan for the first time? Because I had this problem and I fixed updating wpa_supplicant to 1.0 or grater. Regards, Felipe Tonello ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: no wifi services
On 09/21/2012 11:45 AM, Felipe Tonello wrote: Jeff On Thu, Sep 20, 2012 at 5:52 PM, Zheng, Jeff mailto:jeff.zh...@intel.com>> wrote: Hi Felipe > > I made it work now, I just ignored with -I eth0. But there is still a > problem: the ./test-connman scan wifi is not working and when I want to list > the services, it's always empty. > > Then when I do a "iwlist wlan0 scan", the services are listed successfully. I saw same issue on one of my test machine. See http://bugs.meego.com/show_bug.cgi?id=25307 So you don't need -I eth0, just "iwlist wlan0 scan". Could you please submit an new bug? Were you passing any unusual parameters to connmand? Because I tested here in my device with a connmand -I eth0 because I'm using NFS and the scan doesn't work. But I tested in a friend's device, without -I eth0 and consequently without NFS, and the scan worked. I will test here in my device without the NFS to make sure it's a bug related to "-I eth0". Felipe Just for the record, I found out that the scan problem was related to the wpa_supplicant. So basically I updated from 0.7.3 to 1.0 and it worked. Felipe ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Cannot connect to EAP (ieee8021x) without a .config file
Hello Marcel Thank you for your answer. On 11/23/2012 12:26 AM, Marcel Holtmann wrote: Hi Filipe, But in this case, since there is no need of certificate, shouldn't connman be able to try to connect without it? I'm just saying it because when I try to connect to this network with an iPhone it connects without any certificate (it just ask if you want to accept a certificate) and with an Android it just connect without even asking to accept a certificate. It is true that Android (and iPhone) asks you these questions when you click on an 802.1x EAP network. Unfortunately they have to ask the use up front before proceeding with the connection attempt, since the WiFi network information from the Access Point does not contain any information about the used EAP protocol. Thus they are as lost as ConnMan what the EAP method of connecting to the network actually is. Asking the user happens before anything starts connecting. Android does that but not iPhone. iPhone just asks for the user/password, tries to connect and shows a certificate that the user needs to accept. Do you guess what they do? The main problem is that, as we know, users doesn't care about this certificates, eap protocols and so on. And if on iOS they are not asked those informations, they expect the same in other devices. Btw, what is this certificate for and why with connman and Android the user don't need to accept it? that last I have been told is that iOS on purpose does not check these certificates against the global trusted certificates. Simple because non of them are authorized for WiFi usage anyway. So does connman always accept it? How is it handled? The only get trusted if you provide your own CA via device management. Also iOS is kinda stupid. They always show the username/password question for the 802.1x networks. Even if that would not work. There are networks that completely authorize by just using certificates. Since there is no certificate the user expects to connect directly. IMO it's ugly to some Agent (or external program) to write a .config file just so connman can recognize the service. Whether any certificates exist or not needs a user decision as much as the EAP method itself. Thus any UI trying to connect to an 802.1x EAP network must prompt the user, give the information to ConnMan and then connect. The current implementation in ConnMan is such that an EAP network needs to be described as a .config file. Maybe it's less implementation friendly to write a file with the needed information, but it shouldn't be a too big obstacle since the UI has already received all the needed (known) information from the user. Some times the Agent will not have rights to write in /var/lib/connman or whatever where connman is reading those files. The agent should never have access to /var/lib/connman ever. If you do that, then your security model is broken. Well, you need to write there somehow. I said an Agent just for the sake of the argument, but it's a external tool anyway. What about writing there user/password credentials? Is there anyway to secure the password in the .config file? But I agree that knowing this information is not a problem to write a .config file. Another point is the fact that the Agent doesn't know when it should ask those informations to the user. Perhaps by checking the service's security property is ieee8021x? I remember that there was a discussion here and Marcel Holtmann said that Agents shouldn't ask this kind of information to the user, that's why there is no API for that. But as we are discussing now we still need to ask that in case of EAP. So there is clearly an inconsistency here. I am totally fine if we ask username and password for 802.1x from the user, but nothing more. To do that, we need to first know if username and password would actually work in that case. Is there anyway to know that? As you said, there are networks that works fine with the certificate only. Regards, Felipe ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Cannot connect to EAP (ieee8021x) without a .config file
On 11/21/2012 03:28 AM, Patrik Flykt wrote: Hi, On Tue, 2012-11-20 at 15:42 -0800, Felipe Ferreri Tonello wrote: When I add this[1] .config file, the agent receives a request to a Identity and a Passphrase, as expected. [1] [service_engineering] Type = wifi Name = engineering EAP = peap Phase2 = MSCHAPV2 If there is no certificate, shouldn't be possible to connect without the provisioning file? Since it's how it works on iOS and Android. Currently it is not possible to connect to an EAP network without a .config file. Explicitely specifying a .config file without a certificate tells ConnMan that this is the intention. Blindly trying to connect without a certificate would mysteriously work for some of the networks while others wouldn't. It'd look confusinly inconsistent and historically a .config file was always needed. But in this case, since there is no need of certificate, shouldn't connman be able to try to connect without it? I'm just saying it because when I try to connect to this network with an iPhone it connects without any certificate (it just ask if you want to accept a certificate) and with an Android it just connect without even asking to accept a certificate. Since there is no certificate the user expects to connect directly. IMO it's ugly to some Agent (or external program) to write a .config file just so connman can recognize the service. Is there any work to be done here or it's by design this behavior? Regards, Felipe ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Re: Cannot connect to EAP (ieee8021x) without a .config file
On 11/19/2012 04:51 PM, Zheng, Jeff wrote: Hi all, I've read over and over all the discussion about this support to PEAP over the service api and so on. Ok, the thing is: I'm trying to connect to a EAP (ieee8021x) network without the .config file, but it doesn't work(net.connman.Error.InvalidArguments: Invalid arguments). When I add this[1] .config file, the agent receives a request to a Identity and a Passphrase, as expected. [1] [service_engineering] Type = wifi Name = engineering EAP = peap Phase2 = MSCHAPV2 If there is no certificate, shouldn't be possible to connect without the provisioning file? Since it's how it works on iOS and Android. Submitted as a bug: https://bugs.meego.com/show_bug.cgi?id=25868 Thank you Jeff, Please, if someone could explain a little bit about this issue I can take a look on that. Regards, Felipe ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
Cannot connect to EAP (ieee8021x) without a .config file
Hi all, I've read over and over all the discussion about this support to PEAP over the service api and so on. Ok, the thing is: I'm trying to connect to a EAP (ieee8021x) network without the .config file, but it doesn't work(net.connman.Error.InvalidArguments: Invalid arguments). When I add this[1] .config file, the agent receives a request to a Identity and a Passphrase, as expected. [1] [service_engineering] Type = wifi Name = engineering EAP = peap Phase2 = MSCHAPV2 If there is no certificate, shouldn't be possible to connect without the provisioning file? Since it's how it works on iOS and Android. PS: Is there anything that needs to be implemented in this matter? If so, let me know. Thank you in advance, Felipe ___ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
