Support 802.1x auth requirement detection and fallback
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NetworkManager |
Confirmed
|
Wishlist
|
|||
network-manager (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
NetworkManager asks for 802.1x user name and password when there is no 802.1x support on switch port.
Background:
We use 802.1x wired authentication on our campus network. NetworkManager does not fall back nicely when connecting to a non-authenticated switch.
What happens:
NetworkManager asks for user name and password when "Use 802.1x security" is selected in the connection editor and the computer is connected to an unauthenticated port.
What should happen:
Network manager should notice that the port is not access-controlled and do one of the following: (1) ask for connecting unauthenticated or (2) connect unauthenticated without asking.
There should be a setting for selecting #1 or #2.
Now the user is asked about information which has no effect on completing the connection.
description: | updated |
Changed in network-manager (Ubuntu): | |
status: | New → Confirmed |
Changed in network-manager: | |
importance: | Unknown → Wishlist |
status: | Unknown → Confirmed |
Wishlist/Triaged -- We've discussed this on IRC before. It's a little complicated since NM would need to listen to the packets on the interface to figure out if it should be authenticating or not, but it's definitely doable. Just needs someone to do the work.
Writing such a patch would involve listening for EAP messages on the interface before it's brought up; handling fallback if authentication fails (e.g. a captive portal that still works for some amounts of access), and when exactly to start wpasupplicant to handle the actual EAPOL handshake and all.
Some relevant resources: www.ciscopress. com/articles/ article. asp?p=369223& seqNum= 3 www.netcraftsme n.net/resources /archived- articles/ 429.html
http://
http://