Not possible to change username for connection WPA2 Enterprise TTLS with option "Ask for this password every time"

You really should use a different user for each person who needs this connection and make the connection "per-user", by unchecking "Available to all users". This should cover this particular issue well.

However, I do agree that the username field perhaps doesn't need to be unsensitive; we'll see about fixing this.

Same problem here.

This "bug" has a huge impact on us. We have 20 netbook's with around 400 potential users of each netbook. Netbooks are "rented" by our students at our library. Students are expected to use their own credentials to connect to "eduroam" per eduroam's terms of use. It's very impractical to make 400 local user accounts for each student on every netbook and new/old accounts have to be added/deleted often. The netbooks currently have Windows installed but we would like to make a transition to Linux and this "bug" is a show stopper for us.

We'd like to be able to just define parameters like "Security", "Authentication", "CA certificate" and "Inner authentication" for "eduroam" connection and leave "Username" and "Password" fields blank. That way every student will be asked for both it's username and password when connecting to "eduroam" and ideally username and password should never be remembered/stored.

I wrote simple secret agent for NM to resolve that problem, he start after logon and ask user for username and password when NM connecting to network with EAP-TTLS autentication, some times NM ask password via self interface but after cancel my agent will activated (agent can work when user have access to modify connection)

But now we are using LDAP authentication on machines (same username and password as on authentication for WiFi), which allowed me to write PAM module + D-Bus service that automatically connect to WiFi during system logon

I'm currently in the middle of writing such "agent" myself. Still, I'm very interested in your solution.

Is your agent using NetworkManager D-Bus interface or some other method to make connections. Since I don't have experience with D-Bus, using D-Bus interface seemed too complicated to me so I have an idea of generating NetworkManager connection profile in /etc/NetworkManager/system-connections/ and using "nmcli" to connect/disconnect.

LDAP + PAM module looks even more interesting. That's something I planed all along but never had enough time to invest into making it work (I also have student credentials stored in LDAP). Questions: Do all of your users get shared local account (like Guest session) when they log in? Or does separate local accounts and home directories get created on first login? Or maybe home directories are on a network share? I'd really like to see how you implemented this.

Thanks.

My agent written on python and use NM D-Bus interface, it just responds when NM need password for EAP-TTLS autentication, ask user for username and password, edit connection on the fly to set username and return password to NM, agent attached to this message, it should work for all connections with EAP-TTLS autentication

Home directory for LDAP user get created on first login by pam_mkhomedir, PAM module + В-Bus service works like my agent but in the background and does a lot of specific for our environment actions and checks to ensure connectivity before the LDAP authentication, otherwise authentication on the machine will be failed

Thanks. This will certainly be helpful.