Re: System-Wide 802.1x configuration?

2022-01-03 Thread Jonas Bygdén via networkmanager-list
Yes, you understand correctly, I (and my team) provision and pre-configure 
machines for employees.

What I mean by “globally system-wide” is I want to configure 802.1x and have it 
work regardless of which ethernet interface in the machine that’s used. I’d 
rather not have to have multiple configurations for multiple interfaces.

From what I understand from your reply this should be possible.

This sounds like exactly what I’d like to do:

"For example, if you have an ethernet profile that does not specify
"connection.interface-name", then it would apply to any ethernet device
(unless it's restricted via some other property, like "ethernet.mac-
address", "match.*"). It would sound, that you want that your profile
is applicable to any device.”

Now I just have to figure out how to do it.

Thanks Thomas!

> On 2 Jan 2022, at 10:02, Thomas Haller  wrote:
> 
> Hi,
> 
> On Wed, 2021-12-29 at 14:20 +0100, Jonas Bygdén via networkmanager-list
> wrote:
>> Today we configure our Linux clients to use wired 802.1x on the on-
>> board ethernet interface in the laptops they get.
> 
> If I understand you correctly, you pre-configure machines for others
> (like students or employees).
> 
>> 
>> Some users choose to connect their laptop to a monitor using USB-C,
>> and then using the ethernet interface that's built-in to the monitor.
>> This changes the interface/connection and hence it doesn't have the
>> pre-configured 802.1x, requiring a new configuration of 802.1x for
>> that interface as well.
>> 
>> So, my question is: Is it possible to configure 802.1x for all
>> connections at once, globally "system wide", instead of on a "per
>> connection" basis? Making the 802.1x configuration work regardless of
>> which interface/connection is used to connect to the (wired) network?
> 
> 
> What would mean "globally system-wide"? You need configuration for
> configuring a network interface. That configuration is the connection
> profile. And since there are profiles, there is no need to have a
> concept for "global system-wide" configuration. Just create/predeploy
> such a profile yourself.
> 
> 
> a connection profile "matches" on a device based on certain properties.
> For example, if you have an ethernet profile that does not specify
> "connection.interface-name", then it would apply to any ethernet device
> (unless it's restricted via some other property, like "ethernet.mac-
> address", "match.*"). It would sound, that you want that your profile
> is applicable to any device.
> 
> Usually, a profile can only be activated once at any given moment. You
> could instead configure "connection.multi-connect=multiple", to
> activate on multiple devices at the same time. However, that might not
> make sense for your usecase and is probably not a good idea (because
> it's confusing).
> 
> 
> 
> best,
> Thomas

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list


Re: System-Wide 802.1x configuration?

2022-01-02 Thread Thomas Haller via networkmanager-list
Hi,

On Wed, 2021-12-29 at 14:20 +0100, Jonas Bygdén via networkmanager-list
wrote:
> Today we configure our Linux clients to use wired 802.1x on the on-
> board ethernet interface in the laptops they get.

If I understand you correctly, you pre-configure machines for others
(like students or employees).

> 
> Some users choose to connect their laptop to a monitor using USB-C,
> and then using the ethernet interface that's built-in to the monitor.
> This changes the interface/connection and hence it doesn't have the
> pre-configured 802.1x, requiring a new configuration of 802.1x for
> that interface as well.
> 
> So, my question is: Is it possible to configure 802.1x for all
> connections at once, globally "system wide", instead of on a "per
> connection" basis? Making the 802.1x configuration work regardless of
> which interface/connection is used to connect to the (wired) network?


What would mean "globally system-wide"? You need configuration for
configuring a network interface. That configuration is the connection
profile. And since there are profiles, there is no need to have a
concept for "global system-wide" configuration. Just create/predeploy
such a profile yourself.


a connection profile "matches" on a device based on certain properties.
For example, if you have an ethernet profile that does not specify
"connection.interface-name", then it would apply to any ethernet device
(unless it's restricted via some other property, like "ethernet.mac-
address", "match.*"). It would sound, that you want that your profile
is applicable to any device.

Usually, a profile can only be activated once at any given moment. You
could instead configure "connection.multi-connect=multiple", to
activate on multiple devices at the same time. However, that might not
make sense for your usecase and is probably not a good idea (because
it's confusing).



best,
Thomas

___
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list