On Wed, 2018-06-27 at 13:32 -0700, Joel Goguen via networkmanager-list
wrote:
> NetworkManager 1.10.10
> Fedora 28 x86_64
> GNOME Shell network manager (not nm-applet)
>
> I have two Ethernet connection profiles defined for NetworkManager,
> one with
> 802.1X authentication configured ("Home Ethernet") and one without
> ("Open
> Ethernet"). I've noticed when I'm on a non-802.1X Ethernet network it
> takes a
> long time to fail, so in the keyfile for Home Ethernet I defined
> "autoconnect-
> priority=100" and "autoconnect-retries=2" in the [connection] section
> and "auth-
> timeout=5" in the [802-1x] section. In Open Ethernet I haven't
> defined any of
> those properties. NetworkManager.conf only defines "dns=default".
>
> The first time connecting to Ethernet (neither profile has a
> "timestamp" entry)
> on a non-802.1X network it correctly attempts Home Ethernet first and
> falls back
> to Open Ethernet after ~10 seconds. But after that, when returning to
> my
> authenticated network (sometimes freshly booting, sometimes waking
> from sleep),
> NetworkManager is trying Open Ethernet first. Problem is, if 802.1X
> fails it
> gives a valid IP address with limited connectivity. So while
> NetworkManager did
> successfully configure a connection, it used the wrong profile.
>
> How can I convince NetworkManager to either always try Home Ethernet
> first and
> only use Open Ethernet iff Home Ethernet fails? It would also be fine
> (maybe
> preferable?) to make Home Ethernet try 802.1X but fall back to non-
> 802.1X after
> some timeout and only fail the connection if both fail to configure
> the
> connection.Hi, at the time when NM searches for a suitable profile to autoactivate, is the one with the higher available for autoconnect? For example, as it is 802-1x, does it have the required secrets? Either ensure that the secrets are persisted in the profile itself (in plain text, by setting password-flags to 0 (see "Secret flag types" in `man nm-settings`). Alternatively, there needs to be a suitable application around, that can provide the secrets... such an application for example would be nm- applet (which also may not just prompt the user, but get the secrets from the keyring). But nm-applet won't be suitable for you in this case, because it doesn't run yet when NM is starting to autoactivate the profile. So, this is complicated, as it would require you to come up with a suitable secrets provider program... btw, while you are welcome to edit keyfiles by hand, it seems using nmcli would be more convenient (or any other suitable client tool like nm-connection-editor, gnome-control-center, or nmtui). best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
