Failed to add connection via nmcli

Bug #2016625 reported by James Paton-Smith
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
netplan
Fix Released
Medium
Unassigned

Bug Description

As part of the call for testing NetworkManager YAML: https://discourse.ubuntu.com/t/call-for-testing-networkmanager-yaml-settings/32420

I have NetworkManager (1.36.6-0ubuntu3+netplan20221129+783~gitrd64dc5d5~ubuntu22.04.1) installed for testing

I attempted to add the eduroam wifi connection on our campus using the below nmcli command:

nmcli connection add con-name eduroam type wifi ssid eduroam wifi-sec.key-mgmt wpa-eap 802-1x.eap peap 802-1x.identity <email address hidden> 802-1x.password testing123 802-1x.phase2-auth mschapv2 802-1x.ca-cert /home/user/.config/cat_installer/ca.pem

However, I simply receive the following error:

Error: Failed to add 'eduroam' connection: failure adding connection: settings plugin does not support adding connections

This same command works on another device running Ubuntu 22.04.2 with the standard NetworkManager package from the stable repos (1.36.6-0ubuntu2)

Although the command fails with an error, a netplan yaml file is still created. However, the connection never appears in nmcli output.

Related branches

Revision history for this message
James Paton-Smith (jamesps) wrote :
Lukas Märdian (slyon)
tags: added: netplan-everywhere
Lukas Märdian (slyon)
Changed in netplan:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

Ok, I think I see what's going on.

The keyfile created by Network Manager has the following configuration:

[802-1x]
eap=peap;

When we parse the keyfile to emit Netplan YAML, this setting will become:

networkmanager:
  passthrough:
    802-1x.eap: "peap;"

Because it's a "networkmanager.passthrough" setting, we don't really interpret it. And because of that, the authentication method will be NETPLAN_AUTH_EAP_NONE in the Netplan state.

As we check if the method is not NONE, we end up not writing the auth parameters to the keyfile: https://github.com/canonical/netplan/blob/main/src/nm.c#L450

Adding the key "auth.method:"peap" to the YAML file manually will make Netplan emit the auth configuration:

 [wifi-security]
 key-mgmt=wpa-eap
-psk=testing123

 [802-1x]
-#Netplan: passthrough setting
+#Netplan: passthrough override
 eap=peap;
+<email address hidden>
+password=testing123
+ca-cert=/user/.config/cat_installer/ca.pem
+phase2-auth=mschapv2

The reason we are not properly parsing the method appears to be the trailing ";" in the configuration emitted by Network Manager. The field is a list of string separated by ";" but we currently parse it as only one scalar value.

Because of the ";", we don't find the proper method and this setting end up in the passthrough block: https://github.com/canonical/netplan/blob/main/src/parse-nm.c#L358

Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

PR addressing this issue https://github.com/canonical/netplan/pull/358

With this patch, the "nmcli con add ..." command used in the bug description works fine.

Lukas Märdian (slyon)
Changed in netplan:
status: Triaged → In Progress
Lukas Märdian (slyon)
Changed in netplan:
status: In Progress → Fix Committed
Lukas Märdian (slyon)
Changed in netplan:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.