Hi, i already posted this to the wpa_supplicant ML. They pointed me here, though i think the feature itself could reside in both components, but here it goes :D I work for a city administration in the south of germany and we want to migrate to 802.1x for client authentication via cable and wireless LAN. Therefore we created a networkmanager profile with 802.1x with certificates to authenticate to the switch (we use a different profile for wirelesslan). so far so good.
Now we noticed that if the switch is not already set for 802.1x client authentication, networkmanager with wpasupplicant tries for over a minute establishing the connection (3 tries), after that, i stops and networkmanager falls back to a non-802.1x connection. (802.1x authentication and fallback to MacByPass with ACLs if there's no certificate, at least during the migration time). It is even worse, because of PXE-delay, which we need, because we provision clients via PXE. This looks quite bad to Windows in comparison. First the retries occur much faster and it is less of them. Secondly, even with the eapol-request, there is already a dhcp-request to the network if there's a link with resulting in a quicker network connection, even if there's no valid 802.1x connection. So i looked in networkmanager and wpa_supplicant if i could configure the timeout and retries and did not find anything, where i could configure eapol timeouts and retries. Is it possible that this would be implemented? Should i open a ticket? should we try to send patches? My wishes/requirements would be: * possibility to configure timeout for non-successfull connection attempt with 802.1x/wpa supplicant (on cable/wireless) * possibility to configure number of retries for connection attempts with 802.1x/wpa supplicant (on cable/wireless) * possibility for a mixed network to send after the connection attempt (but not waiting for the successfull completion) a dhcp request, so we already get perhaps an IP. Any opinion or information on this matter? We would be glad, if you can help us or tell us, what you need, so this could be integrated into the networkmanager. Yours, Dennis _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
