Re: WPA Enterprise (EAP-TLS) system connection
John S. Skogtvedt skrev: Dan Williams skrev: Once you have a connection set up in the connection editor, and you have the keyfile plugin enabled, you should be able to check the make available to all users checkbox, hit apply, and it'll be a keyfile. It's quite likely you'll want to be using the final 0.7 NetworkManager release, as a lot of the effort in November went into making this sort of thing actually work, but the Ubuntu snapshots are from mid October. Dan Thanks, once I've been able to test the final 0.7 version I'll get back to you on the the other questions (if still applicable). (The debian experimental package I tested is 0.7.0~svn4191-1 and is from Oct 18.) John. I finally got around to doing more testing today, this time using version 0.7.0-1 from http://debs.michaelbiebl.de/network-manager/. Settings used in nm-connection-editor: SSID: dd-wrt Wireless security: Security: WPA and WPA2 enterprise Authentication: TLS Identity: omni User Certificate: client_cert.pem CA Certificate: cacert.pem Private Key: client_key.pem Private Key Password: (the correct password) If the Available to all users option is _not_ selected, network-manager connects without problems. But if it is selected, I get the message network disconnected. The created keyfile looks like this: [802-11-wireless-security] key-mgmt=wpa-eap wep-tx-keyidx=0 [connection] id=dd-wrt uuid=bdc78c4d-bae8-4b6a-a287-6271cf208307 type=802-11-wireless autoconnect=true timestamp=0 [802-11-wireless] ssid=100;100;45;119;114;116; mode=infrastructure channel=0 rate=0 tx-power=0 mtu=0 security=802-11-wireless-security [ipv4] method=auto ignore-auto-routes=false ignore-auto-dns=false [802-1x] eap=tls; identity=omni ca-cert=... client-cert=... system-ca-certs=false As you can see, the private key is not saved. In syslog, I get the following messages: Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) starting connect ion 'dd-wrt' Dec 18 14:22:15 omni NetworkManager: info (wlan0): device state change: 3 - 4 Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) Stage 1 of 5 (De vice Prepare) scheduled... Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) Stage 1 of 5 (De vice Prepare) started... Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) Stage 2 of 5 (De vice Configure) scheduled... Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) Stage 1 of 5 (De vice Prepare) complete. Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) Stage 2 of 5 (Device Configure) starting... Dec 18 14:22:15 omni NetworkManager: info (wlan0): device state change: 4 -5 Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0/wireless): access point 'dd-wrt' has security, but secrets are required. Dec 18 14:22:15 omni NetworkManager: info (wlan0): device state change: 5 -6 Dec 18 14:22:15 omni NetworkManager: info Activation (wlan0) Stage 2 of 5 (Device Configure) complete. Dec 18 14:22:15 omni nm-system-settings: add_secrets: unhandled secret private-key type GArray_guchar_ Dec 18 14:22:15 omni nm-system-settings: add_secrets: unhandled secret phase2-private-key type GArray_guchar_ Hope this helps, John. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
On Tue, 2008-12-09 at 15:11 -0500, Dan Williams wrote: On Tue, 2008-12-09 at 13:34 -0500, Dan Williams wrote: On Sat, 2008-12-06 at 21:33 +1300, Simon Geard wrote: I know it's a minor thing, but by breaking convention, it makes writing an automated build just that little bit more complicated, where the directory can't be predicted from the package name... Sure. Updated in trunk and stable (0.7). Thanks for that. Simon. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
On Sat, 2008-12-06 at 21:33 +1300, Simon Geard wrote: On Fri, 2008-12-05 at 16:58 -0500, Dan Williams wrote: That's mostly the problem. I fixed the issue in the applet svn this morning. We're planning on doing a 0.7.1 pretty soon which will contain this fix. Any chance that when you do, you can make the tarball name consistent with the contents directory, like most other packages out there? The applet tarball is network-manager-applet-0.7.0, but the contents are in nm-applet-0.7.0. I know it's a minor thing, but by breaking convention, it makes writing an automated build just that little bit more complicated, where the directory can't be predicted from the package name... Sure. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
On Tue, 2008-12-09 at 13:34 -0500, Dan Williams wrote: On Sat, 2008-12-06 at 21:33 +1300, Simon Geard wrote: On Fri, 2008-12-05 at 16:58 -0500, Dan Williams wrote: That's mostly the problem. I fixed the issue in the applet svn this morning. We're planning on doing a 0.7.1 pretty soon which will contain this fix. Any chance that when you do, you can make the tarball name consistent with the contents directory, like most other packages out there? The applet tarball is network-manager-applet-0.7.0, but the contents are in nm-applet-0.7.0. I know it's a minor thing, but by breaking convention, it makes writing an automated build just that little bit more complicated, where the directory can't be predicted from the package name... Sure. Updated in trunk and stable (0.7). Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
On Fri, 2008-12-05 at 16:58 -0500, Dan Williams wrote: That's mostly the problem. I fixed the issue in the applet svn this morning. We're planning on doing a 0.7.1 pretty soon which will contain this fix. Any chance that when you do, you can make the tarball name consistent with the contents directory, like most other packages out there? The applet tarball is network-manager-applet-0.7.0, but the contents are in nm-applet-0.7.0. I know it's a minor thing, but by breaking convention, it makes writing an automated build just that little bit more complicated, where the directory can't be predicted from the package name... Simon. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
Hi, Below some details and updates about EAP-TLS wired connection problems in Network Manager. I was looking into source code for a while and that's what I found: When I fill in all the certs (client cert, CA cert, client key - all in PEM format) and then click Apply I have the following in console for the nm-connection-editor: # ** (nm-connection-editor:29948): WARNING **: Unhandled setting secret type (write) '802-1x/private-key' : 'GArray_guchar_' ** (nm-connection-editor:29948): WARNING **: Unhandled setting secret type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' ** (nm-connection-editor:29948): WARNING **: nma_gconf_connection_changed: Invalid connection /system/networking/connections/4: 'NMSetting8021x' / 'client-cert' invalid: 2 # And no connection settings are stored. I've also checked that nma_gconf_connection_changed function is called in that case (in network-manager-applet/src/gconf-helpers/nma-gconf-connection.c) and function fails on: utils_fill_connection_certs (gconf_connection); I've checked this utils_fill_connection_certs function (in network-manager-applet/src/utils/utils.c) and it seems that getting file names for certificates entered by user in dialogs does not work: filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG); filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CLIENT_CERT_TAG); filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_CA_CERT_TAG); filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_CLIENT_CERT_TAG); All these filename variables are NULL there. The same in case I enter just client key in PKCS12 (in that case client cert is disabled). I'm not sure if I understand the source codes well, but I hope it's just some hint to fix the problem :) Cheers, Rafal Rafał Lichwała wrote: Sorry for the confusion... Some dependency packages were missing... :/ I remembered about apt-get build-dep network-manager, but forgot about apt-get build-dep network-manager-applet :/ I've installed them and network-manager-applet build is fine now! :) So now I have NetworkManager svn4361 and network-manager-applet svn1053 installed, running and ready to test :) Unfortunately EAP-TLS for wired connections still does not work (which is the subject of this topic) :( When I run nm-connection-editor in command line and try to create TLS wired connection I have the following error messages: ** (nm-connection-editor:6664): WARNING **: Invalid setting 802.1x Security: Invalid 802.1x security ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret type (write) '802-1x/private-key' : 'GArray_guchar_' ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' ** (nm-connection-editor:6664): WARNING **: nma_gconf_connection_changed: Invalid connection /system/networking/connections/2: 'NMSetting8021x' / 'client-cert' invalid: 2 All the certs (client cert, client key and CA cert) are in PEM format and stored in separate files. Interesting thing is that after this try a connection file has been created in: /etc/NetworkManager/system-connections/test (test is a name of my test TLS wired connection). and it seems to contain some valuable data. But this connection settings are not visible in nm-connection-editor :( There is only one (that was already there before my try) wired connection named Ifupdown (eth0) which cannot be modified (all the UI are disabled) and cannot be removed. When I try to remove it I have Removing connection failed: nm-settings.c.333 - Read-only connections may not be deleted.. Could you please take a look at the problem of creating TLS wired connection? :) Thanks! Cheers, Rafal Rafał Lichwała wrote: Dan Williams wrote: Compile error should be fixed in svn4361 on both trunk and 0.7 stable branches. Thanks for this quick fix Dan! :) NetworkManager build is fine now. But network-manager-applet build is failing... :( So I'm still not able to build nm-connection-editor (which is a part of network-manager-applet) to test against EAP-TLS connection setup. The build error is the following (network-manager-applet svn trunk revision 1053): ### if /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/pixman-1
Re: WPA Enterprise (EAP-TLS) system connection
On Fri, 2008-12-05 at 14:25 +0100, Rafał Lichwała wrote: Hi, Below some details and updates about EAP-TLS wired connection problems in Network Manager. I was looking into source code for a while and that's what I found: When I fill in all the certs (client cert, CA cert, client key - all in PEM format) and then click Apply I have the following in console for the nm-connection-editor: # ** (nm-connection-editor:29948): WARNING **: Unhandled setting secret type (write) '802-1x/private-key' : 'GArray_guchar_' ** (nm-connection-editor:29948): WARNING **: Unhandled setting secret type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' ** (nm-connection-editor:29948): WARNING **: nma_gconf_connection_changed: Invalid connection /system/networking/connections/4: 'NMSetting8021x' / 'client-cert' invalid: 2 # And no connection settings are stored. I've also checked that nma_gconf_connection_changed function is called in that case (in network-manager-applet/src/gconf-helpers/nma-gconf-connection.c) and function fails on: utils_fill_connection_certs (gconf_connection); I've checked this utils_fill_connection_certs function (in network-manager-applet/src/utils/utils.c) and it seems that getting file names for certificates entered by user in dialogs does not work: filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CA_CERT_TAG); filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_CLIENT_CERT_TAG); filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_CA_CERT_TAG); filename = g_object_get_data (G_OBJECT (connection), NMA_PATH_PHASE2_CLIENT_CERT_TAG); All these filename variables are NULL there. The same in case I enter just client key in PKCS12 (in that case client cert is disabled). That's mostly the problem. I fixed the issue in the applet svn this morning. We're planning on doing a 0.7.1 pretty soon which will contain this fix. Dan I'm not sure if I understand the source codes well, but I hope it's just some hint to fix the problem :) Cheers, Rafal Rafał Lichwała wrote: Sorry for the confusion... Some dependency packages were missing... :/ I remembered about apt-get build-dep network-manager, but forgot about apt-get build-dep network-manager-applet :/ I've installed them and network-manager-applet build is fine now! :) So now I have NetworkManager svn4361 and network-manager-applet svn1053 installed, running and ready to test :) Unfortunately EAP-TLS for wired connections still does not work (which is the subject of this topic) :( When I run nm-connection-editor in command line and try to create TLS wired connection I have the following error messages: ** (nm-connection-editor:6664): WARNING **: Invalid setting 802.1x Security: Invalid 802.1x security ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret type (write) '802-1x/private-key' : 'GArray_guchar_' ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' ** (nm-connection-editor:6664): WARNING **: nma_gconf_connection_changed: Invalid connection /system/networking/connections/2: 'NMSetting8021x' / 'client-cert' invalid: 2 All the certs (client cert, client key and CA cert) are in PEM format and stored in separate files. Interesting thing is that after this try a connection file has been created in: /etc/NetworkManager/system-connections/test (test is a name of my test TLS wired connection). and it seems to contain some valuable data. But this connection settings are not visible in nm-connection-editor :( There is only one (that was already there before my try) wired connection named Ifupdown (eth0) which cannot be modified (all the UI are disabled) and cannot be removed. When I try to remove it I have Removing connection failed: nm-settings.c.333 - Read-only connections may not be deleted.. Could you please take a look at the problem of creating TLS wired connection? :) Thanks! Cheers, Rafal Rafał Lichwała wrote: Dan Williams wrote: Compile error should be fixed in svn4361 on both trunk and 0.7 stable branches. Thanks for this quick fix Dan! :) NetworkManager build is fine now. But network-manager-applet build is failing... :( So I'm still not able to build nm-connection-editor (which is a part of network-manager-applet) to test against EAP-TLS connection setup. The build error is the following (network-manager-applet svn trunk revision 1053): ### if /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0
Re: WPA Enterprise (EAP-TLS) system connection
Dan Williams wrote: Compile error should be fixed in svn4361 on both trunk and 0.7 stable branches. Thanks for this quick fix Dan! :) NetworkManager build is fine now. But network-manager-applet build is failing... :( So I'm still not able to build nm-connection-editor (which is a part of network-manager-applet) to test against EAP-TLS connection setup. The build error is the following (network-manager-applet svn trunk revision 1053): ### if /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libglade-2.0 -I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter -Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD -MP -MF .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo -c -o libpolkit_helpers_la-polkit-gnome-action.lo `test -f 'polkit-gnome-action.c' || echo './'`polkit-gnome-action.c; \ then mv -f .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo .deps/libpolkit_helpers_la-polkit-gnome-action.Plo; else rm -f .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo; exit 1; fi libtool: compile: gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libglade-2.0 -I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter -Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD -MP -MF .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo -c polkit-gnome-action.c -fPIC -DPIC -o .libs/libpolkit_helpers_la-polkit-gnome-action.o cc1: warnings being treated as errors polkit-gnome-action.c: In function ‘_compute_polkit_result_direct’: polkit-gnome-action.c:816: error: ‘polkit_context_can_caller_do_action’ is deprecated (declared at /usr/include/PolicyKit/polkit/polkit-context.h:173) polkit-gnome-action.c:827: error: ‘polkit_context_can_caller_do_action’ is deprecated (declared at /usr/include/PolicyKit/polkit/polkit-context.h:173) make[3]: *** [libpolkit_helpers_la-polkit-gnome-action.lo] Error 1 ### PolicyKit stuff in Ubuntu 8.10 is in version 0.9-1 Is that possible to apply another quick fix to move the build forward? :) Thanks! Cheers, Rafal ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
Dan Williams skrev: Once you have a connection set up in the connection editor, and you have the keyfile plugin enabled, you should be able to check the make available to all users checkbox, hit apply, and it'll be a keyfile. It's quite likely you'll want to be using the final 0.7 NetworkManager release, as a lot of the effort in November went into making this sort of thing actually work, but the Ubuntu snapshots are from mid October. Dan Thanks, once I've been able to test the final 0.7 version I'll get back to you on the the other questions (if still applicable). (The debian experimental package I tested is 0.7.0~svn4191-1 and is from Oct 18.) John. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
Sorry for the confusion... Some dependency packages were missing... :/ I remembered about apt-get build-dep network-manager, but forgot about apt-get build-dep network-manager-applet :/ I've installed them and network-manager-applet build is fine now! :) So now I have NetworkManager svn4361 and network-manager-applet svn1053 installed, running and ready to test :) Unfortunately EAP-TLS for wired connections still does not work (which is the subject of this topic) :( When I run nm-connection-editor in command line and try to create TLS wired connection I have the following error messages: ** (nm-connection-editor:6664): WARNING **: Invalid setting 802.1x Security: Invalid 802.1x security ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret type (write) '802-1x/private-key' : 'GArray_guchar_' ** (nm-connection-editor:6664): WARNING **: Unhandled setting secret type (write) '802-1x/phase2-private-key' : 'GArray_guchar_' ** (nm-connection-editor:6664): WARNING **: nma_gconf_connection_changed: Invalid connection /system/networking/connections/2: 'NMSetting8021x' / 'client-cert' invalid: 2 All the certs (client cert, client key and CA cert) are in PEM format and stored in separate files. Interesting thing is that after this try a connection file has been created in: /etc/NetworkManager/system-connections/test (test is a name of my test TLS wired connection). and it seems to contain some valuable data. But this connection settings are not visible in nm-connection-editor :( There is only one (that was already there before my try) wired connection named Ifupdown (eth0) which cannot be modified (all the UI are disabled) and cannot be removed. When I try to remove it I have Removing connection failed: nm-settings.c.333 - Read-only connections may not be deleted.. Could you please take a look at the problem of creating TLS wired connection? :) Thanks! Cheers, Rafal Rafał Lichwała wrote: Dan Williams wrote: Compile error should be fixed in svn4361 on both trunk and 0.7 stable branches. Thanks for this quick fix Dan! :) NetworkManager build is fine now. But network-manager-applet build is failing... :( So I'm still not able to build nm-connection-editor (which is a part of network-manager-applet) to test against EAP-TLS connection setup. The build error is the following (network-manager-applet svn trunk revision 1053): ### if /bin/bash ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libglade-2.0 -I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter -Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD -MP -MF .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo -c -o libpolkit_helpers_la-polkit-gnome-action.lo `test -f 'polkit-gnome-action.c' || echo './'`polkit-gnome-action.c; \ then mv -f .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo .deps/libpolkit_helpers_la-polkit-gnome-action.Plo; else rm -f .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo; exit 1; fi libtool: compile: gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I/usr/include/PolicyKit -DPOLKIT_VERSION_MAJOR=0 -DPOLKIT_VERSION_MINOR=9 -DPOLKIT_VERSION_MICRO=0 -I/usr/include/PolicyKit -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DORBIT2=1 -pthread -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/NetworkManager -I/usr/include/libnm-glib -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/libglade-2.0 -I/usr/include/libxml2 -I/usr/include/gconf/2 -I/usr/include/orbit-2.0 -I/usr/include/gnome-keyring-1 -Wall -Werror -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter -Wno-sign-compare -MT libpolkit_helpers_la-polkit-gnome-action.lo -MD -MP -MF .deps/libpolkit_helpers_la-polkit-gnome-action.Tpo -c polkit-gnome-action.c -fPIC -DPIC -o .libs/libpolkit_helpers_la-polkit-gnome-action.o cc1: warnings
Re: WPA Enterprise (EAP-TLS) system connection
Hi, I must confirm that what John wrote. EAP-TLS connections also do not work at all in NetworkManager 0.7 under Ubuntu 8.10 (Interpid). Using the newest Ubuntu release 8.10 (Interpid) and Network Manager taken directly from their repositories (version: 0.7~~svn20081018t105859-0ubuntu1.8.10.1) it does not allow to create EAP-TLS connection in nm-connection-editor. When running nm-connection-editor in console I have: ** (nm-connection-editor:6098): WARNING **: Invalid setting 802.1x Security: Invalid 802.1x security ** (nm-connection-editor:6098): WARNING **: Invalid connection: 'NMSetting8021x' / 'client-cert' invalid: 2 I'd like also to check what is the difference in the latest SVN version of NetworkManager, but... a few revisions ago everything seemed to build fine. Now (fresh SVN version of NetworkManager revision 4359) I have the following error during build: ## if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../marshallers -I../src/named-manager -I../src/vpn-manager -I../src/dhcp-manager -I../src/supplicant-manager -I../src/dnsmasq-manager -I../libnm-util -I../callouts -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DDBUS_VERSION_MAJOR=1 -DDBUS_VERSION_MINOR=2 -DDBUS_VERSION_MICRO=4 -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DDBUS_API_SUBJECT_TO_CHANGE -I/usr/include/hal -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DDBUS_API_SUBJECT_TO_CHANGE -DG_DISABLE_DEPRECATED -DBINDIR=\/usr/bin\ -DSBINDIR=\/usr/sbin\ -DLIBEXECDIR=\/usr/libexec\ -DDATADIR=\/usr/share\ -DSYSCONFDIR=\/etc\ -DLOCALSTATEDIR=\/var\ -DNM_RUN_DIR=\/var/run/NetworkManager\ -DNMLOCALEDIR=\/usr/share/locale\ -DARP_DEBUG -Wall -Werror -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter -Wno-sign-compare -fno-strict-aliasing -MT NetworkManager-nm-netlink-monitor.o -MD -MP -MF .deps/NetworkManager-nm-netlink-monitor.Tpo -c -o NetworkManager-nm-netlink-monitor.o `test -f 'nm-netlink-monitor.c' || echo './'`nm-netlink-monitor.c; \ then mv -f .deps/NetworkManager-nm-netlink-monitor.Tpo .deps/NetworkManager-nm-netlink-monitor.Po; else rm -f .deps/NetworkManager-nm-netlink-monitor.Tpo; exit 1; fi cc1: warnings being treated as errors nm-netlink-monitor.c: In function ‘nm_netlink_monitor_error_handler’: nm-netlink-monitor.c:488: error: format not a string literal and no format arguments make[4]: *** [NetworkManager-nm-netlink-monitor.o] Error 1 ### What's the problem? In my company I'm able to use EAP-TLS based wired connection only, so I must say that unfortunately NetworkManager is now completely useless for me :( I have to setup this connection manually via wpa-... stuff. NetworkManager is a great piece of software! and I found it very useful in other things like ppp GSM connections just out of the box. So.. please make this EAP-TLS bug with a high priority and please fix it ASAP :-) Bug described for ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/245184 Best regards, Rafal Lichwala John S. Skogtvedt wrote: Hello, currently it doesn't seem possible to use either EAP-TLS or other WPA Enterprise system connections. (I'm using network-manager 0.7 packages from Debian Experimental.) The connection editor doesn't allow adding a EAP-TLS connection (Invalid connection: NMSetting8021x / client-cert invalid: 2). I've also tried manually putting together a keyfile to put in /etc/NetworkManager/system-connections, modeling it on the settings visible in GConf and a (working) existing WPA-PSK keyfile. I used a decrypted client certificate, but got an error message about missing secrets. This was 2 months ago, and I've since lost the keyfile. If need be I can recreate the keyfile and do more tests. Has anyone gotten this to work? Or can anyone offer advice on what changes might be necessary to get it to work? It's a very useful feature for cases where one needs to have a network connection at the login screen, either for authentication or mounting remote directories. Thanks, John. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
John S. Skogtvedt wrote: currently it doesn't seem possible to use either EAP-TLS or other WPA Enterprise system connections. (I'm using network-manager 0.7 packages from Debian Experimental.) On Wed, Dec 03, 2008 at 04:38:38PM +0100, Rafał Lichwała wrote: I must confirm that what John wrote. EAP-TLS connections also do not work at all in NetworkManager 0.7 under Ubuntu 8.10 (Interpid). https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/245184 As a counter-example, WPA Enterprise/EAP-TLS wireless is/has been working fine for me under Fedora 9 and 10. I just used nm-applet to configure the connection with PEM certificates. NetworkManager-gnome-0.7.0-0.12.svn4326.fc10.i386 NetworkManager-glib-0.7.0-0.12.svn4326.fc10.i386 NetworkManager-0.7.0-0.12.svn4326.fc10.i386 wpa_supplicant-0.6.4-2.fc10.i386 I used to have intermittent troubles, problems after resume, etc. with 2.6.25 and 2.6.26 kernels. All of my troubles went away with the newer 2.6.27-based kernels. This is with the iwl4965 chipset. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: WPA Enterprise (EAP-TLS) system connection
On Wed, 2008-12-03 at 16:38 +0100, Rafał Lichwała wrote: Hi, I must confirm that what John wrote. EAP-TLS connections also do not work at all in NetworkManager 0.7 under Ubuntu 8.10 (Interpid). Using the newest Ubuntu release 8.10 (Interpid) and Network Manager taken directly from their repositories (version: 0.7~~svn20081018t105859-0ubuntu1.8.10.1) it does not allow to create EAP-TLS connection in nm-connection-editor. When running nm-connection-editor in console I have: ** (nm-connection-editor:6098): WARNING **: Invalid setting 802.1x Security: Invalid 802.1x security ** (nm-connection-editor:6098): WARNING **: Invalid connection: 'NMSetting8021x' / 'client-cert' invalid: 2 I'd like also to check what is the difference in the latest SVN version of NetworkManager, but... a few revisions ago everything seemed to build fine. Now (fresh SVN version of NetworkManager revision 4359) I have the following error during build: ## if gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../include -I../marshallers -I../src/named-manager -I../src/vpn-manager -I../src/dhcp-manager -I../src/supplicant-manager -I../src/dnsmasq-manager -I../libnm-util -I../callouts -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DDBUS_VERSION_MAJOR=1 -DDBUS_VERSION_MINOR=2 -DDBUS_VERSION_MICRO=4 -pthread -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -DDBUS_API_SUBJECT_TO_CHANGE -I/usr/include/hal -I/usr/include/dbus-1.0 -I/usr/lib/dbus-1.0/include -DDBUS_API_SUBJECT_TO_CHANGE -DG_DISABLE_DEPRECATED -DBINDIR=\/usr/bin\ -DSBINDIR=\/usr/sbin\ -DLIBEXECDIR=\/usr/libexec\ -DDATADIR=\/usr/share\ -DSYSCONFDIR=\/etc\ -DLOCALSTATEDIR=\/var\ -DNM_RUN_DIR=\/var/run/NetworkManager\ -DNMLOCALEDIR=\/usr/share/locale\ -DARP_DEBUG -Wall -Werror -std=gnu89 -g -O2 -Wshadow -Wmissing-declarations -Wmissing-prototypes -Wdeclaration-after-statement -Wfloat-equal -Wno-unused-parameter -Wno-sign-compare -fno-strict-aliasing -MT NetworkManager-nm-netlink-monitor.o -MD -MP -MF .deps/NetworkManager-nm-netlink-monitor.Tpo -c -o NetworkManager-nm-netlink-monitor.o `test -f 'nm-netlink-monitor.c' || echo './'`nm-netlink-monitor.c; \ then mv -f .deps/NetworkManager-nm-netlink-monitor.Tpo .deps/NetworkManager-nm-netlink-monitor.Po; else rm -f .deps/NetworkManager-nm-netlink-monitor.Tpo; exit 1; fi cc1: warnings being treated as errors nm-netlink-monitor.c: In function ‘nm_netlink_monitor_error_handler’: nm-netlink-monitor.c:488: error: format not a string literal and no format arguments make[4]: *** [NetworkManager-nm-netlink-monitor.o] Error 1 ### What's the problem? Compile error should be fixed in svn4361 on both trunk and 0.7 stable branches. Dan In my company I'm able to use EAP-TLS based wired connection only, so I must say that unfortunately NetworkManager is now completely useless for me :( I have to setup this connection manually via wpa-... stuff. NetworkManager is a great piece of software! and I found it very useful in other things like ppp GSM connections just out of the box. So.. please make this EAP-TLS bug with a high priority and please fix it ASAP :-) Bug described for ubuntu: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/245184 Best regards, Rafal Lichwala John S. Skogtvedt wrote: Hello, currently it doesn't seem possible to use either EAP-TLS or other WPA Enterprise system connections. (I'm using network-manager 0.7 packages from Debian Experimental.) The connection editor doesn't allow adding a EAP-TLS connection (Invalid connection: NMSetting8021x / client-cert invalid: 2). I've also tried manually putting together a keyfile to put in /etc/NetworkManager/system-connections, modeling it on the settings visible in GConf and a (working) existing WPA-PSK keyfile. I used a decrypted client certificate, but got an error message about missing secrets. This was 2 months ago, and I've since lost the keyfile. If need be I can recreate the keyfile and do more tests. Has anyone gotten this to work? Or can anyone offer advice on what changes might be necessary to get it to work? It's a very useful feature for cases where one needs to have a network connection at the login screen, either for authentication or mounting remote directories. Thanks, John. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org
Re: WPA Enterprise (EAP-TLS) system connection
On Wed, 2008-12-03 at 14:52 +0100, John S. Skogtvedt wrote: Hello, currently it doesn't seem possible to use either EAP-TLS or other WPA Enterprise system connections. (I'm using network-manager 0.7 packages from Debian Experimental.) The connection editor doesn't allow adding a EAP-TLS connection (Invalid connection: NMSetting8021x / client-cert invalid: 2). What type of certificate is it? DER? PEM? PKCS#12? What exact files/values are you filling into what UI elements? I've also tried manually putting together a keyfile to put in /etc/NetworkManager/system-connections, modeling it on the settings visible in GConf and a (working) existing WPA-PSK keyfile. I used a decrypted client certificate, but got an error message about missing secrets. This was 2 months ago, and I've since lost the keyfile. If need be I can recreate the keyfile and do more tests. At the moment, the keyfiles need to contain a byte array of the certificate or decrypted private key data. The applet stores them slightly differently, but we'll make the keyfile plugin support paths too. Has anyone gotten this to work? Or can anyone offer advice on what changes might be necessary to get it to work? Once you have a connection set up in the connection editor, and you have the keyfile plugin enabled, you should be able to check the make available to all users checkbox, hit apply, and it'll be a keyfile. It's quite likely you'll want to be using the final 0.7 NetworkManager release, as a lot of the effort in November went into making this sort of thing actually work, but the Ubuntu snapshots are from mid October. Dan It's a very useful feature for cases where one needs to have a network connection at the login screen, either for authentication or mounting remote directories. Thanks, John. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list