Re: PEAP and keyfile
On Mon, 2013-08-26 at 11:53 -0500, Dan Williams wrote: > On Fri, 2013-08-16 at 19:31 -0500, Jerry Vonau wrote: > > Hi All: > > > > I've ran into a situation that I'm not sure in how to handle with these > > packages[1] I was able to use nm-connection-editor with only the keyfile > > plugin to create the system connection with ease and resulted in this > > configuration: > > > > [802-1x] > > eap=peap; > > identity=x > > phase2-auth=mschapv2 > > password=y > > > > [802-11-wireless-security] > > key-mgmt=wpa-eap > > > > After updating the rpms[2] using nm-connection-editor results in this > > configuration: > > > > [802-11-wireless-security] > > key-mgmt=wpa-eap > > > > [802-1x] > > eap=peap; > > identity=x > > phase2-auth=mschapv2 > > password-flags=1 > > system-ca-certs=true > > > > > > I'm at a bit of a loss as to what to do about this, any help or pointers > > would be grateful. I understand that password-flags=1 hands this over to > > an auth agent for the secrets, gnome keyring is running but with an > > empty password. I clicked ignore when prompted for the certs file. I've > > tried to downgrade back to [1] but with the same results. Am I running > > into some polkit issue here? What other dependencies might I have to > > downgrade to return to the same functionality? > > If you change password-flags to "0" and put the password back in, does > the editor preserve it? > > Dan > When I have access to that network again that is one of the first things I was going to try. I'll let you know how I make out. Thanks a bunch, Jerry > > Thank, > > > > Jerry > > > > > > 1. > > NetworkManager-0.9.7.0-8.git20121004.fc18.armv7hl > > network-manager-applet-0.9.7.0-4.git20121016.fc18.armv7hl > > NetworkManager-glib-0.9.7.0-8.git20121004.fc18.armv7hl > > nm-connection-editor-0.9.7.0-4.git20121016.fc18.armv7hl > > > > 2. > > NetworkManager-0.9.8.1-3.git20130514.fc18.armv7hl > > network-manager-applet-0.9.8.1-3.git20130430.fc18.armv7hl > > NetworkManager-glib-0.9.8.1-3.git20130514.fc18.armv7hl > > nm-connection-editor-0.9.8.1-3.git20130430.fc18.armv7hl > > > > > > > > ___ > > networkmanager-list mailing list > > networkmanager-list@gnome.org > > https://mail.gnome.org/mailman/listinfo/networkmanager-list > > ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
PEAP and keyfile
Hi All: I've ran into a situation that I'm not sure in how to handle with these packages[1] I was able to use nm-connection-editor with only the keyfile plugin to create the system connection with ease and resulted in this configuration: [802-1x] eap=peap; identity=x phase2-auth=mschapv2 password=y [802-11-wireless-security] key-mgmt=wpa-eap After updating the rpms[2] using nm-connection-editor results in this configuration: [802-11-wireless-security] key-mgmt=wpa-eap [802-1x] eap=peap; identity=x phase2-auth=mschapv2 password-flags=1 system-ca-certs=true I'm at a bit of a loss as to what to do about this, any help or pointers would be grateful. I understand that password-flags=1 hands this over to an auth agent for the secrets, gnome keyring is running but with an empty password. I clicked ignore when prompted for the certs file. I've tried to downgrade back to [1] but with the same results. Am I running into some polkit issue here? What other dependencies might I have to downgrade to return to the same functionality? Thank, Jerry 1. NetworkManager-0.9.7.0-8.git20121004.fc18.armv7hl network-manager-applet-0.9.7.0-4.git20121016.fc18.armv7hl NetworkManager-glib-0.9.7.0-8.git20121004.fc18.armv7hl nm-connection-editor-0.9.7.0-4.git20121016.fc18.armv7hl 2. NetworkManager-0.9.8.1-3.git20130514.fc18.armv7hl network-manager-applet-0.9.8.1-3.git20130430.fc18.armv7hl NetworkManager-glib-0.9.8.1-3.git20130514.fc18.armv7hl nm-connection-editor-0.9.8.1-3.git20130430.fc18.armv7hl ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: [PATCH] Re: IP4Config and routes
On Tue, 2010-06-08 at 14:08 -0700, Dan Williams wrote: > Patch looks good; lets push it into master, NM_0_8_1, and > NETWORKMANAGER_0_7 branches. And something else I found today, the > Fedora network scripts add a 169.254 route by default for IPv4 > connections even if they aren't LL-only. Not sure why or if that's > something we want to or why it was added to the Fedora initscripts in > the first place, but might be worth finding out. Funny I asked the same thing awhile ago: https://bugzilla.redhat.com/show_bug.cgi?id=455186 On a different note, could your review the concept of creating multi-hop gateways that I filed at: https://bugzilla.redhat.com/show_bug.cgi?id=171763 Think there might be some interest in having multiple gateways active with NM, is there? If so, would the above ifcfg layout be OK once the rh-plugin has the support? Sorry, I didn't take that idea farther then, too many packages to patch(NM being one of them), and I don't have the connections to get all the packages that touch the main routing table patched. On a side note, shorewall has been able to support multiple gateways for a while, with two distinct ways of configuring the routing tables, one using the "main" and the other using the "default" routing tables for the gateways, note the USE_DEFAULT_RT part, have a look at: http://www.shorewall.net/MultiISP.html What's your take on the use of the routing tables? just some thoughts, Jerry ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: multiple-device questions
Dan Williams wrote: > On Thu, 2008-05-15 at 02:12 -0600, Andrew Jorgensen wrote: >> What are the plans for UI for controlling multiple-device behavior? > > There's an applet re-write on the table for 0.7.1. The current > menu-based design pretty much falls over for multiple devices. > >> Right now nm-applet just connects to all networks that have automatic >> configurations. This is potentially confusing. A few people have filed >> bugs or asked questions on this list. > > Right; though this isn't so much different than current networking > systems. If you want complete manual control of your connecitons, then > you don't mark those connections as "autoconnect", and then you get to > manually activate and deactivate those connections as you see fit. > >> If the fastest device does not have a gateway defined (none offered by >> DHCP, link-local only, or none configured in static config) will NM >> choose a slower device for the default route? > > Yes. > >> What signaling is given the listeners (like Pidgin or Evolution) when a >> device goes down but there are other devices up? > > As Tambet said, there are two mechanisms: > > a) Simple overall network state such as DISCONNECTED, CONNECTING, and > CONNECTED, which is a composite of all the current device states. If at > least one device is connected and there is a default route, the state > will be CONNECTED. > > b) The ActiveConnection API. Each current connection has an > ActiveConnection object which clients can use to figure out the state of > individual network connections and devices. Each active connection has > one or more devices assigned to it, and a device cannot be assigned to > more than one active connection. It's important to remember that NM > deals with _connections_, not really individual devices, though NM does > provide state for individual devices as well. > >> Is the signaling different when it's the default route (or not) that has >> gone down? > > Yes; you get org.freedesktop.DBus.PropertyChanged signals for the > ActiveConnection objects when their 'default' property changes. Only > one ActiveConnection object will have a True 'default' property, and > that is the connection that has the default route. > That is my issue at the moment, you can't have 2 different isp's default gateways active at the same time without intervention. I'm testing with 2 wired nic's connected to the same LAN, if I do a ping/traceroute stating the interface to use, only the one that has the gateway will reach the internet. I have to issue an "ip route replace table main nexthop via dev eth0 nexthop via dev eth1" in order to have both gateways active at the same time. I have not read though all the source yet, got some pointers to the code involved, and I'll see what I can come up with. Jerry ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Multi-active devices
Hi All: What support is planned for multiple gateways? I build firewalls that don't run X (so no runlevel 5 here), with the recent CLI support, I might just try to use NM in the future. I setup multi-gateway (2+ ISPs) support using my own scripts or Shorewall's built-in support. I have had a small hand in the development of Shorewall's multi-isp support, and the supporting of the same on Shorewall's mailing list. In past have submitted patches to initscripts for this support (BZ171763), I have working experence with iproute and what is needed to make this work in real life, is there any interest in having NM support this? Jerry ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list