Network Manager Cloned MAC Address feature fails on WPA Wireless Networks

Hello, thanks for this post James. This comes quite handy for me because I'm trying to connect to a WPA protected Wireless Network using this feature also for quite some time and it was not working.

I'm using the latest up to date Ubuntu 11.04 also on a Dell Inspiron R14.

I have also noticed that when changing my MAC address manually in a terminal:

>sudo ifconfig wlan0 down
>sudo ifconfig wlan0 hw ether xx:xx:xx:xx:xx:xx
>sudo ifconfig wlan0 up

It successfully changes my wireless MAC address as it can be seen by doing:

>ifconfig -a | grep HWaddr

But, when afterward I try to connect to a wireless network with no security (for testing purpose), instead of connecting with the new MAC address I've set, the network manager seems to reset it and connect with the default hardware MAC address of my wireless card.

Using the Cloned MAC Address feature in Network Manager (with a generic MAC address), the connection failed to establish for a public wireless network with no security in Ubuntu Natty 11.04 on my Dell Inspiron R14.

I tried the same thing on a hp EliteBook 6930p with Ubuntu Maverick 10.10 (not up to date) and it worked.

Hello? Anyone reading this or I'm wasting my time here?

Anyway...I've found 2 post related to this, but no solution yet.

http://ubuntuforums.org/showthread.php?t=1767958&highlight=MAC

http://ubuntuforums.org/showthread.php?t=1766335

Please remain patient and polite. This way it's much more enjoyable for developers to come and look at a problem like this.

For starters, have you tried the workarounds in the message quotes in the original description? I'm under the impression this should work properly. If you haven't, please see http://markmail.org/message/5ary4cvzlirvro73 and try the suggested workaround.

I'm setting a task here against wpasupplicant and assigning it to myself to track down the patch that Jirka wrote.

I agree my comment was a little bit dry after re-reading it. That was not intended. My apologies.

I'm under the impression this is not the same bug as the one being linked in the original description. First, the feature is working in Ubuntu 10.10. Second, actually in Ubuntu 11.04, the feature is not working also for non WPA-protected network.

The following post seems to have a lot of valuable information concerning this issue:
http://ubuntuforums.org/showthread.php?t=1767958&highlight=MAC

I haven't tried the workaround you pointed yet for the reason mentioned above, but I can if you think, Mathieu, that it could solve the problem.

If you need any information to help you define this issue, simply walk me through it and I'll be glad to help.

I'm wondering, am I the only one with this issue? I mean, are you able to connect to a wireless network while using the Cloned MAC address feature of the Network-Manager?

I've tried to do the workaround suggested in http://markmail.org/message/5ary4cvzlirvro73, but unfortunately there is just not enough information for a non-programmer like me to do this right.

On a more specific level, I do not understand where exactly I should add the code lines mentioned in point 3. Anybody can walk me through this please?

On Mon, Jun 6, 2011 at 12:43 PM, Jean-Sébastien Gosselin
<email address hidden> wrote:
> I've tried to do the workaround suggested in
> http://markmail.org/message/5ary4cvzlirvro73, but unfortunately there is
> just not enough information for a non-programmer like me to do this
> right.
>
> On a more specific level, I do not understand where exactly I should add
> the code lines mentioned in point 3. Anybody can walk me through this
> please?

Sure.

Assuming you have a script that changes the MAC address for your
device, you'll need to add it to the upstart script for
NetworkManager. I didn't have a script, so I'm calling macchanger
directly in the example below.

This is what I added to /etc/init.d/network-manager.conf to achieve
the MAC change, but I'm doing it for a wifi device:

pre-start script
 macchanger -m 00:DE:AD:BE:EF:0f wlan0
 /sbin/wpa_supplicant -u -s -O /var/run/wpa_supplicant &
 python -c 'import dbus; print
dbus.SystemBus().call_blocking("fi.epitest.hostap.WPASupplicant",
"/fi/epitest/hostap/WPASupplicant", "fi.epitest.hostap.WPASupplicant",
"addInterface", "sa{sv}", ("wlan0", {"driver":"wext"}))'
end script

post-stop script
 macchanger -p wlan0
end script

And that's it. No need to have config in the dialog for a cloned mac
address in that case. This is for Natty, if you're running on Maverick
it might be slightly different (such as dropping -O
/var/ruin/wpa_supplicant, I think). I think the python call isn't
necessary either in this case, since you're not having cloned MAC
settings in NM itself, everything is done *before* NM is started. For
wired devices, you only need the macchanger part.

To test:

sudo stop network-manager
*edit the file /etc/init/network-manager.conf as above*
sudo start network-manager

If things break, that's what the post-stop script is there to fix:
revert the mac address to what it should be by default: macchanger -p
*device* does this.

Mathieu Trudel-Lapierre <email address hidden>
Freenode: cyphermox, Jabber: <email address hidden>
4096R/EE018C93 1967 8F7D 03A1 8F38 732E FF82 C126 33E1 EE01 8C93

Thank you very much for your help Mathieu. It is much appreciated. FYI I'm running an up to date Ubuntu 11.04 64bit.

I have appended your code at the end of my /etc/init/network-manager.conf file as you suggested and I followed your instructions in order to test it (I attached my network-manager.conf file to this post). The Cloned MAC address config box in NM was left blank for the test.

After restarting NM, the MAC address of my wlan0 device was successfully changed for the one submitted in the code as I could see by doing the ifconfig -a command. Unfortunately, the connection to the wireless network could not be completed with the faked MAC address ( similarly as observed when filling the Cloned MAC address dialog in NM). NM was trying to connect endlessly without any success.

What could I do next to help with this problem?

PS: The Cloned address feature in NW is definitively working on another laptop with Ubuntu 10.10 32bit installed.

Note on my last comment:

The Cloned address feature in NW is working in Ubuntu 10.10 for a non-protected WPA network. For a WPA protected network it is not.

My actual configuration on my Dell Laptop with Ubuntu 11.04 does not even allow me to clone my MAC address on a non-protected network.

I had tried fix from #8 and it worked for my Dell laptop on 11.04 32bit , WPA2-PSK

Mathieu, thanks.

AFAIK this should be fixed now in 11.10; there were some small changes in NetworkManager which should allow this to work properly. Anyone can test this or confirm whether it's the case?

Thanks!

Unassigning from me, I think it's already fixed (and regardless has a workaround, but not one we can include in Ubuntu as-is).

[Expired for network-manager (Ubuntu) because there has been no activity for 60 days.]

Bug still seems to be present in precise but workaround is working fine.

U12.04 64b still there.

To change MAC address - no need to go into NM scripts. I change it in udev.d.
But it is no solution.

I really do not like "janitor".
The Bugs are not solved - it is much easier to let them expire, ... :-[

Running Ubuntu 12.10 and cloned mac still does not seem to work out-of-the-box..

Ubuntu 13.04 i386. Bug is still there.

When I spoof mac via Edit Connections -> (choose connection) -> Cloned MAC address, and after that trying to connect to AP, my connection does not establish. When I trying to connect to WPA2-encrypted AP and open, both have the same issue.

When I spoof MAC with:

sudo ifconfig wlan0 down
sudo macchanger -r wlan0
sudo ifconfig wlan0 up

I have the same issue.
In my /var/log/syslog I have something like:

wpa_supplicant[1370]: wlan0: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX[AP MAC addr] (SSID='test' freq=2437 MHz)
kernel: [ 180.959024] wlan0: authenticate with XX:XX:XX:XX:XX:XX[AP MAC addr]
kernel: [ 180.960204] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 1/3)
NetworkManager[1300]: <info> (wlan0): supplicant interface state: scanning -> authenticating
kernel: [ 181.162234] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 2/3)
kernel: [ 181.366146] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 3/3)
kernel: [ 181.570031] wlan0: authentication with XX:XX:XX:XX:XX:XX[AP MAC addr] timed out
NetworkManager[1300]: <info> (wlan0): supplicant interface state: authenticating -> disconnected
NetworkManager[1300]: <info> (wlan0): supplicant interface state: disconnected -> scanning
wpa_supplicant[1370]: wlan0: SME: Trying to authenticate with XX:XX:XX:XX:XX:XX[AP MAC addr] (SSID='test' freq=2437 MHz)
kernel: [ 182.534318] wlan0: authenticate with XX:XX:XX:XX:XX:XX[AP MAC addr]
kernel: [ 182.535346] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 1/3)
NetworkManager[1300]: <info> (wlan0): supplicant interface state: scanning -> authenticating
kernel: [ 182.737324] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 2/3)
kernel: [ 182.941221] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 3/3)
kernel: [ 183.145114] wlan0: authentication with XX:XX:XX:XX:XX:XX[AP MAC addr] timed out
NetworkManager[1300]: <info> (wlan0): supplicant interface state: authenticating -> disconnected
NetworkManager[1300]: <info> (wlan0): supplicant interface state: disconnected -> scanning

When I spoof MAC with macchanger utility (or ifconfig hw ether), after some attempts of connection establishing, system resets the wlan0 substituted MAC with the original hardware MAC and after that connects without problems, but with original MAC address:

...
kernel: [ 185.684537] wlan0: authenticate with 5XX:XX:XX:XX:XX:XX[AP MAC addr]
kernel: [ 185.685536] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr]0 (try 1/3)
NetworkManager[1300]: <info> (wlan0): supplicant interface state: scanning -> authenticating
kernel: [ 185.887608] wlan0: send auth to XX:XX:XX:XX:XX:XX[AP MAC addr] (try 2/3)
NetworkManager[1300]: <warn> Activation (wlan0/wireless): association took too long, failing activation.
NetworkManager[1300]: <info> (wlan0): device state change: config -> failed (reason 'SSID not found') [50 120 53]
NetworkManager[1300]: <warn> Activation (wlan0) failed for connection 'test'
NetworkManager[1300]: <info> (wlan0): supplicant interface state: authenticating -> disconnected
NetworkManager[1300]: <info> (wlan0): device state change: failed -> disconnected (reason 'none') [120 30...

U12.04 64b AMD

- NM clone MAC works for OPEN WIFi. Not for WPA2 connection. (WEP not tested).
- It is necessary to change MAC in udev rule -> then works NM WPA2 connection with this (not orig) MAC too.
- But changing MAC with ifconfig down/hw ether/up after NM has seen another MAC (orig or udev set), the WPA connection fails connect.

It would be really kind if developers would finally solve this problem :-/

xubuntu 13.10 32bit, Lenovo IdeaPad S10-2 (Broadcom chipset)

Cloned MAC via Network Manager does not work on WPA2-protected network.

Macchanger setup (per official ubuntu documentation on https://help.ubuntu.com/community/AnonymizingNetworkMACAddresses) does not work.

Haven't tried any other configurations yet.

This feature needs more attention in the post-Snowden era.

As of wpa_supplicant 2.1, it doesn't seem to work even with non protected network.

I'm running Ubuntu 13.10 64bit and it is working fine for me.

The field "Device MAC address" needs to be blank if a new address is given in "Cloned MAC address" in Network Manager. Otherwise, it won't work.

Hi, i solve this problem stoping netwok-manager service, disabling the network inreface, then changing the mac, enabling the interface and finally restarting the network-manager service

Here the step by step (need root)

service network-manager stop
ifconfig $1 down
ifconfig $1 hw ether $2 up
service network-manager start

where $1 is the network interface and $2 is the new mac adress

Ex:
# service network-manager stop
# ifconfig wlan0 down
# ifconfig wlan0 hw ether DE:AD:BE:EF:CA:FE up
# service network-manager start

PS: sorry for my bad english, is not my native language