Re: 802.1X: dhclient started before the auth. process ends
On Fri, Jul 26, 2013 at 02:34:51PM +0200, Jean-Sébastien Pédron wrote: Hi! At $WORK, we use 802.1X to authenticate computers on the network. Authenticated computers receive a lease in the 192.168.X.X/24 network. Unauthenticated ones receive a lease in the 172.16.X.X/24 network. Today, I upgraded one computer running 10-CURRENT to latest HEAD and it seems that the interface is brought up to early now: dhclient is started before wpa_supplicant finishes. This was working perfectly before the upgrade. I don't have logs of the working case, but here are the logs of the non-working one: http://pastebin.com/ZHcbHLQZ Was I lucky with wpa_supplicant/dhclient timing? Or is there a real issue here? CC'ed wireless@, that's probably the proper list for the issue. pgp4F5xi9l6jR.pgp Description: PGP signature
Re: 802.1X: dhclient started before the auth. process ends
I think you were lucky. dhclient shouldn't start running until wpa_supplicant has completed authentication. -adrian On 29 July 2013 02:59, Lars Engels lars.eng...@0x20.net wrote: On Fri, Jul 26, 2013 at 02:34:51PM +0200, Jean-Sébastien Pédron wrote: Hi! At $WORK, we use 802.1X to authenticate computers on the network. Authenticated computers receive a lease in the 192.168.X.X/24 network. Unauthenticated ones receive a lease in the 172.16.X.X/24 network. Today, I upgraded one computer running 10-CURRENT to latest HEAD and it seems that the interface is brought up to early now: dhclient is started before wpa_supplicant finishes. This was working perfectly before the upgrade. I don't have logs of the working case, but here are the logs of the non-working one: http://pastebin.com/ZHcbHLQZ Was I lucky with wpa_supplicant/dhclient timing? Or is there a real issue here? CC'ed wireless@, that's probably the proper list for the issue. ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: 802.1X: dhclient started before the auth. process ends
On 29.07.2013 15:34, Adrian Chadd wrote: I think you were lucky. I think you're right. It works perfectly on FreeBSD 9.1, because wpa_supplicant finishes the auth process really quickly, ie. before dhclient receives an answer from dhcpd from the unauthenticated network: Jul 29 15:39:46 - kernel: bge0: link state changed to UP Jul 29 15:39:46 - dhclient[46150]: DHCPREQUEST on bge0 to 255.255.255.255 port 67 Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-STARTED EAP authentication started ... Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Jul 29 15:39:48 - dhclient[46150]: DHCPREQUEST on bge0 to 255.255.255.255 port 67 Jul 29 15:39:48 - dhclient[46150]: DHCPACK from 192.168.200.224 Jul 29 15:39:48 - dhclient: New IP Address (bge0): 192.168.200.91 Jul 29 15:39:48 - dhclient: New Subnet Mask (bge0): 255.255.255.0 Jul 29 15:39:48 - dhclient: New Broadcast Address (bge0): 192.168.200.255 Jul 29 15:39:48 - dhclient: New Routers (bge0): 192.168.200.254 On -CURRENT, wpa_supplicant is started more than 10 seconds after the interface is UP and dhclient sent its request (http://pastebin.com/ZHcbHLQZ). Therefore, a lease from the unauthenticated network arrives first. It was working with a previous -CURRENT (buildworld from around April if memory serves). dhclient shouldn't start running until wpa_supplicant has completed authentication. Damn, I always thought it worked this way on FreeBSD and happily laughed at Linux co-workers who use some kind of rc.local script to work around this issue :-) In fact, we're all in the same boat! I may take a look at the issue. I guess the place to fix this is in the rc scripts. Does someone have a hint? -- Jean-Sébastien Pédron signature.asc Description: OpenPGP digital signature
Re: 802.1X: dhclient started before the auth. process ends
On Mon, Jul 29, 2013 at 04:00:44PM +0200, Jean-Sébastien Pédron wrote: On 29.07.2013 15:34, Adrian Chadd wrote: I think you were lucky. I think you're right. It works perfectly on FreeBSD 9.1, because wpa_supplicant finishes the auth process really quickly, ie. before dhclient receives an answer from dhcpd from the unauthenticated network: Jul 29 15:39:46 - kernel: bge0: link state changed to UP Jul 29 15:39:46 - dhclient[46150]: DHCPREQUEST on bge0 to 255.255.255.255 port 67 Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-STARTED EAP authentication started ... Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Jul 29 15:39:48 - dhclient[46150]: DHCPREQUEST on bge0 to 255.255.255.255 port 67 Jul 29 15:39:48 - dhclient[46150]: DHCPACK from 192.168.200.224 Jul 29 15:39:48 - dhclient: New IP Address (bge0): 192.168.200.91 Jul 29 15:39:48 - dhclient: New Subnet Mask (bge0): 255.255.255.0 Jul 29 15:39:48 - dhclient: New Broadcast Address (bge0): 192.168.200.255 Jul 29 15:39:48 - dhclient: New Routers (bge0): 192.168.200.254 On -CURRENT, wpa_supplicant is started more than 10 seconds after the interface is UP and dhclient sent its request (http://pastebin.com/ZHcbHLQZ). Therefore, a lease from the unauthenticated network arrives first. It was working with a previous -CURRENT (buildworld from around April if memory serves). AFAIK rui@ imported a new version of wpa_supplicant into -CURRENT. dhclient shouldn't start running until wpa_supplicant has completed authentication. Damn, I always thought it worked this way on FreeBSD and happily laughed at Linux co-workers who use some kind of rc.local script to work around this issue :-) In fact, we're all in the same boat! I may take a look at the issue. I guess the place to fix this is in the rc scripts. Does someone have a hint? pgpRp3HKsAKPe.pgp Description: PGP signature
Re: 802.1X: dhclient started before the auth. process ends
On Mon, Jul 29, 2013 at 04:00:44PM +0200, Jean-Sébastien Pédron wrote: On 29.07.2013 15:34, Adrian Chadd wrote: I think you were lucky. I think you're right. It works perfectly on FreeBSD 9.1, because wpa_supplicant finishes the auth process really quickly, ie. before dhclient receives an answer from dhcpd from the unauthenticated network: Jul 29 15:39:46 - kernel: bge0: link state changed to UP Jul 29 15:39:46 - dhclient[46150]: DHCPREQUEST on bge0 to 255.255.255.255 port 67 Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-STARTED EAP authentication started ... Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Jul 29 15:39:48 - dhclient[46150]: DHCPREQUEST on bge0 to 255.255.255.255 port 67 Jul 29 15:39:48 - dhclient[46150]: DHCPACK from 192.168.200.224 Jul 29 15:39:48 - dhclient: New IP Address (bge0): 192.168.200.91 Jul 29 15:39:48 - dhclient: New Subnet Mask (bge0): 255.255.255.0 Jul 29 15:39:48 - dhclient: New Broadcast Address (bge0): 192.168.200.255 Jul 29 15:39:48 - dhclient: New Routers (bge0): 192.168.200.254 On -CURRENT, wpa_supplicant is started more than 10 seconds after the interface is UP and dhclient sent its request (http://pastebin.com/ZHcbHLQZ). Therefore, a lease from the unauthenticated network arrives first. It was working with a previous -CURRENT (buildworld from around April if memory serves). AFAIK rpaulo@ imported a new version of wpa_supplicant into -CURRENT. dhclient shouldn't start running until wpa_supplicant has completed authentication. Damn, I always thought it worked this way on FreeBSD and happily laughed at Linux co-workers who use some kind of rc.local script to work around this issue :-) In fact, we're all in the same boat! I may take a look at the issue. I guess the place to fix this is in the rc scripts. Does someone have a hint? pgpm7oqupoex7.pgp Description: PGP signature
Re: 802.1X: dhclient started before the auth. process ends
... wait, so the new version of wpa_supplicant takes 10 seconds to even start doing anything? Or are the rc scripts to blame? -adrian ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
