Support 802.1x auth requirement detection and fallback

Bug #893024 reported by Hannu Teulahti on 2011-11-21
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
NetworkManager
Confirmed
Wishlist
network-manager (Ubuntu)
Wishlist
Unassigned

Bug Description

NetworkManager asks for 802.1x user name and password when there is no 802.1x support on switch port.

Background:

We use 802.1x wired authentication on our campus network. NetworkManager does not fall back nicely when connecting to a non-authenticated switch.

What happens:

NetworkManager asks for user name and password when "Use 802.1x security" is selected in the connection editor and the computer is connected to an unauthenticated port.

What should happen:

Network manager should notice that the port is not access-controlled and do one of the following: (1) ask for connecting unauthenticated or (2) connect unauthenticated without asking.

There should be a setting for selecting #1 or #2.

Now the user is asked about information which has no effect on completing the connection.

Thomas Hood (jdthood) on 2012-07-05
description: updated
Changed in network-manager (Ubuntu):
status: New → Confirmed

Wishlist/Triaged -- We've discussed this on IRC before. It's a little complicated since NM would need to listen to the packets on the interface to figure out if it should be authenticating or not, but it's definitely doable. Just needs someone to do the work.

Writing such a patch would involve listening for EAP messages on the interface before it's brought up; handling fallback if authentication fails (e.g. a captive portal that still works for some amounts of access), and when exactly to start wpasupplicant to handle the actual EAPOL handshake and all.

Some relevant resources:
http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=3
http://www.netcraftsmen.net/resources/archived-articles/429.html

Changed in network-manager (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Wishlist
summary: - NetworkManager asks for 802.1x user name and password when there is no
- 802.1x support on switch port
+ Support 802.1x auth requirement detection and fallback
dwmw2 (dwmw2) wrote :

Is there an upstream bug/RFE filed for this?

Changed in network-manager:
importance: Unknown → Wishlist
status: Unknown → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.