On Mon, Oct 24, 2022 at 12:52:48PM +0200, Shawn Adams via networkmanager-list 
> All,
> Perhaps I'm missing something, but do not see a UI option to enable 802.11r.
> I can edit the /etc/system/NetworkManager/<connection file> and manally set
> the key-mgmt:
> [wifi-security]
> key-mgmt=FT-EAP FT-EAP-SHA384

This is not a valid key-mgmt from NM point of view. When you restart
NM (or after, a "nmcli connection reload") you should see something like:

  failed to load connection: invalid connection: 
802-11-wireless-security.key-mgmt: 'ft-eap ft-eap-sha384' is not a valid value 
for the property

in logs and the profile is not loaded. The valid values are those
listed in "man nm-settings".

     Key management used for the connection. One of "none" (WEP or no
     password protection), "ieee8021x" (Dynamic WEP), "owe"
     (Opportunistic Wireless Encryption), "wpa-psk" (WPA2 + WPA3
     personal), "sae" (WPA3 personal only), "wpa-eap" (WPA2 + WPA3
     enterprise) or "wpa-eap-suite-b-192" (WPA3 enterprise only).

> Then restart NM and this works (yes provided the driver supports, which it
> does).
> FYI - can set OKC via wpa_cli.
> However; when NM is restarted, the UI config tool shows the ESSID connection
> profile, but is missing
> the certificate selection, i need to reconfigure via the UI.
> am I missing a more elegant method of enabling 802.11r ?

Currently there isn't a way to explicitly enable or disable FT. NM
automatically enables FT when wpa_supplicant reports that the wireless
interface supports it. The detection is based on whether the
"Capabilities" D-Bus field of the wireless interface contains

If you increase NM logging level to trace and restart it, you should
see what capabilities are reported ('+' means supported):

  <debug> [1666943325.0852] sup-iface[ad2675fb588f7c6b,2,wlan0]: interface 
supported features: AP? FT+ SAE+ BIP+

And when connecting, you can see which configuration is passed to

  <info>  [1666943444.7227] Config: added 'ssid' value 'test'
  <info>  [1666943444.7227] Config: added 'key_mgmt' value 'WPA-EAP FT-EAP 
  <info>  [1666943444.7227] Config: added 'password' value '<hidden>'
  <info>  [1666943444.7227] Config: added 'eap' value 'PEAP'


Attachment: signature.asc
Description: PGP signature

networkmanager-list mailing list

Reply via email to