Re: nmcli can't astablish connection to radius server with wpa eap tls
On Wed, Mar 07, 2018 at 10:28:18AM +0100, Iris Fiedler wrote: > Hi, > > I found my errror. My radius server had a wrong configuration and didn't send > the accepted response. So the network manager didn't received it and printed > an error. Hi, good to know! > Thank you for your help. You're welcome. Beniamino ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: nmcli can't astablish connection to radius server with wpa eap tls
Hi, I found my errror. My radius server had a wrong configuration and didn't send the accepted response. So the network manager didn't received it and printed an error. Thank you for your help. Iris ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: nmcli can't astablish connection to radius server with wpa eap tls
Hi,That EAP-TLS isn't supporting passwords maybe the case.I configure my freeradius server without passwords and set in nmcli the password-flag to 4 (no password required).I got the same error as if I had before.nmcli device connect wlan0 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. Error: Connection activation failed: (7) Secrets were required, but not providedAlthough my radius server tells me that it accepts the authentication send from nmcli.Is there something else that I'm missing?IrisAm 21.02.2018 09:24 schrieb Beniamino Galvani :On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote: Hi, > freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3) > Konfigured as wpa-eap tls with identity and password. EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS? > radius-tls.log > (35) Invalid user: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > (35) Rejected in post-auth: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > (35) Login incorrect: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > > As you can see the User-Password attribute is missing. Although the password in nmcli was set. > > This is what nmcli is responding with: > nmcli device connect wlan0 > Passwords or encryption keys are required to access the wireless network 'Linksys02355'. > Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. > Error: Connection activation failed: (7) Secrets were required, but not provided. > > nmcli -a device connect wlan0 > Passwords or encryption keys are required to access the wireless network 'Linksys02355'. > Identity (802-1x.identity): testUser1 > Passwords or encryption keys are required to access the wireless network 'Linksys02355'. > Private key password (802-1x.private-key-password): > Passwords or encryption keys are required to access the wireless network 'Linksys02355'. > Identity (802-1x.identity): testUser1 > > Even here no user password is asked!!! > > I created a new user without password. Although the radius server accepted the authentication no connection was established!!! > > It confused me so I checkt if a wpa eap ttls-pap would work. > After reconfiguration of nmcli and radius server it worked without problems. > So I think this is only a tls problem. Yes, EAP-TLS only uses certificates and not passwords. Beniamino ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: nmcli can't astablish connection to radius server with wpa eap tls
On Mon, Feb 19, 2018 at 12:59:04PM +0100, Iris Fiedler wrote: Hi, > freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3) > Konfigured as wpa-eap tls with identity and password. EAP-TLS doesn't support passwords AFAIK. Perhaps you mean EAP-TTLS? > radius-tls.log > (35) Invalid user: [testUser1/] (from client > 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > (35) Rejected in post-auth: [testUser1/] (from > client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > (35) Login incorrect: [testUser1/] (from client > 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) > > As you can see the User-Password attribute is missing. Although the password > in nmcli was set. > > This is what nmcli is responding with: > nmcli device connect wlan0 > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli > cannot ask without '--ask' option. > Error: Connection activation failed: (7) Secrets were required, but not > provided. > > nmcli -a device connect wlan0 > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Identity (802-1x.identity): testUser1 > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Private key password (802-1x.private-key-password): > Passwords or encryption keys are required to access the wireless network > 'Linksys02355'. > Identity (802-1x.identity): testUser1 > > Even here no user password is asked!!! > > I created a new user without password. Although the radius server accepted > the authentication no connection was established!!! > > It confused me so I checkt if a wpa eap ttls-pap would work. > After reconfiguration of nmcli and radius server it worked without problems. > So I think this is only a tls problem. Yes, EAP-TLS only uses certificates and not passwords. Beniamino signature.asc Description: PGP signature ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
nmcli can't astablish connection to radius server with wpa eap tls
Debian: 9.3 network-manager: 1.6.2-3 cat /etc/NetworkManager/system-connections/wlan0 [connection] id=wlan0x0 uuid=ec4bcd13-d3e1-4707-b844-9b8c3821b7ac type=wifi interface-name=wlan0 permissions= [wifi] mac-address=80:1F:02:F2:2B:53 mac-address-blacklist= mode=infrastructure ssid=Linksys02355 [wifi-security] auth-alg=open key-mgmt=wpa-eap [802-1x] ca-cert=/var/opt/telemotive/etc/cert/ca.pem client-cert=/var/opt/telemotive/etc/cert/client.p12 eap=tls; identity=testUser1 password=testUser11 private-key=/var/opt/telemotive/etc/cert/client.p12 private-key-password=testCert1 [ipv4] dns-search= method=auto never-default=true [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto never-default=true freeRADIUS: 3.0.15 (on a different PC with OpenSuse 42.3) Konfigured as wpa-eap tls with identity and password. radius-tls.log (35) Invalid user: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) (35) Rejected in post-auth: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) (35) Login incorrect: [testUser1/] (from client 192.168.2.254/16 port 10 cli 801f02f22b53 via TLS tunnel) As you can see the User-Password attribute is missing. Although the password in nmcli was set. This is what nmcli is responding with: nmcli device connect wlan0 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option. Error: Connection activation failed: (7) Secrets were required, but not provided. nmcli -a device connect wlan0 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Identity (802-1x.identity): testUser1 Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Private key password (802-1x.private-key-password): Passwords or encryption keys are required to access the wireless network 'Linksys02355'. Identity (802-1x.identity): testUser1 Even here no user password is asked!!! I created a new user without password. Although the radius server accepted the authentication no connection was established!!! It confused me so I checkt if a wpa eap ttls-pap would work. After reconfiguration of nmcli and radius server it worked without problems. So I think this is only a tls problem. ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list