LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page WIRED 802.1x config using NetworkManager/wpa_supplicant CentOS7
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-29-2017, 08:28 AM   #1
hoes
Member
 
Registered: Sep 2005
Distribution: debian, linux from scratch
Posts: 190

Rep: Reputation: 51
WIRED 802.1x config using NetworkManager/wpa_supplicant CentOS7

I am trying to configure a CentOS 7 operating system to use 802.1x authentication on a wired connection.
I configured NetworkManager configuration files using nmcli, as I will be running a headless computer.
Actually, I would like the connection to work both with and without security on the network.

I have configured the following in ifcfg-eno1
Code:
TYPE="Ethernet"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eno1"
UUID="1198061b-1580-46c5-9db1-c8602799d681"
DEVICE="eno1"
ONBOOT="yes"
PERSISTENT_DHCLIENT=1
KEY_MGMT=IEEE8021X
IEEE_8021X_EAP_METHODS=TLS
IEEE_8021X_IDENTITY=myhost
IEEE_8021X_PRIVATE_KEY=/root/myhost.pem
IEEE_8021X_CLIENT_CERT=/root/myhost.pem
PEERDNS=yes
PEERROUTES=yes
DHCP_HOSTNAME=myhost
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
If I try to connect using this configuration I get the following messages in /var/log/messages

Code:
Jun 29 14:54:15 localhost kernel: e1000e: eno1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1868] device (eno1): link connected
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1875] device (eno1): state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1887] policy: auto-activating connection 'eno1'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1902] device (eno1): Activation: starting connection 'eno1' (1198061b-1580-46c5-9db1-c8602799d681)
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1905] device (eno1): state change: disconnected -> prepare (reason 'none') [30 40 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1906] manager: NetworkManager state is now CONNECTING
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1913] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1918] device (eno1): Activation: (ethernet) connection 'eno1' has security, but secrets are required.
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1918] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1982] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1987] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1992] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1995] supplicant: wpa_supplicant running
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.1995] device (eno1): supplicant interface state: init -> starting
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2474] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2475] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2475] Config: added 'eapol_flags' value '0'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2475] Config: added 'eap' value 'TLS'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2475] Config: added 'fragment_size' value '1266'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2475] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2476] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2476] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2476] Config: added 'identity' value 'myhost'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2481] sup-iface[0x7ff96cc4bf70,eno1]: config: set interface ap_scan to 0
Jun 29 14:54:15 localhost NetworkManager[3862]: <info>  [1498740855.2544] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:54:40 localhost NetworkManager[3862]: <warn>  [1498740880.2525] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2528] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:54:40 localhost NetworkManager[3862]: <warn>  [1498740880.2548] device (eno1): Activation: (ethernet) asking for new secrets
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2587] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2591] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2596] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2947] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2948] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2948] Config: added 'eapol_flags' value '0'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2948] Config: added 'eap' value 'TLS'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2948] Config: added 'fragment_size' value '1266'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2948] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2949] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2949] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2949] Config: added 'identity' value 'myhost'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.2955] sup-iface[0x7ff96cc4bc00,eno1]: config: set interface ap_scan to 0
Jun 29 14:54:40 localhost NetworkManager[3862]: <info>  [1498740880.3022] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:55:05 localhost NetworkManager[3862]: <warn>  [1498740905.2443] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2446] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:55:05 localhost NetworkManager[3862]: <warn>  [1498740905.2468] device (eno1): Activation: (ethernet) asking for new secrets
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2507] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2511] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2517] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2852] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2853] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2853] Config: added 'eapol_flags' value '0'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2853] Config: added 'eap' value 'TLS'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2853] Config: added 'fragment_size' value '1266'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2853] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2854] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2854] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2854] Config: added 'identity' value 'myhost'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2860] sup-iface[0x7ff96cc4bc00,eno1]: config: set interface ap_scan to 0
Jun 29 14:55:05 localhost NetworkManager[3862]: <info>  [1498740905.2926] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:55:30 localhost NetworkManager[3862]: <warn>  [1498740930.2527] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2530] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:55:30 localhost NetworkManager[3862]: <warn>  [1498740930.2551] device (eno1): Activation: (ethernet) asking for new secrets
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2590] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2594] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2600] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2930] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2930] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2930] Config: added 'eapol_flags' value '0'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2930] Config: added 'eap' value 'TLS'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2930] Config: added 'fragment_size' value '1266'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2930] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2931] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2931] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2931] Config: added 'identity' value 'myhost'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.2936] sup-iface[0x7ff96ccd4150,eno1]: config: set interface ap_scan to 0
Jun 29 14:55:30 localhost NetworkManager[3862]: <info>  [1498740930.3004] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:55:55 localhost NetworkManager[3862]: <warn>  [1498740955.2524] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:55:55 localhost NetworkManager[3862]: <info>  [1498740955.2527] device (eno1): state change: config -> failed (reason 'no-secrets') [50 120 7]
Jun 29 14:55:55 localhost NetworkManager[3862]: <info>  [1498740955.2530] manager: NetworkManager state is now DISCONNECTED
Jun 29 14:55:55 localhost NetworkManager[3862]: <warn>  [1498740955.2539] device (eno1): Activation: failed for connection 'eno1'
Jun 29 14:55:55 localhost NetworkManager[3862]: <info>  [1498740955.2549] device (eno1): state change: failed -> disconnected (reason 'none') [120 30 0]
So at one point I am getting "Activation: (ethernet) connection 'eno1' requires no security. No secrets needed."
But I also get: "Activation: (ethernet) association took too long." and
"Activation: (ethernet) asking for new secrets"

The wpa_supplicant.log shows:
Code:
eno1: Associated with FF:FF:FF:FF:FF:FF
eno1: CTRL_EVENT-DISCONNECTED bssid=FF:FF:FF:FF:FF:FF reason=3 locally_generated=1
(FF:FF:FF:FF:FF:FF is a placeholder, not the actual value)

Note that I get these results both when I connect to a network with security and a network without security.

I am quite certain that I am missing some configuration.
Could some suggestions what I would need to look at?
Ad please do ask if additional log data is required
 
  


Reply

Tags
80211, networkmanager, wired, wpasupplicant



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
wpa_supplicant don't reach freeradius in wired 802.1x EAP-TLS julie7 Linux - Networking 3 08-21-2015 03:40 AM
Centos7: wireless usb connection shows up as wired. jvermeulen Linux - Software 6 07-29-2015 04:38 PM
NetworkManager + wpa_supplicant Zxarr Linux - Wireless Networking 2 07-07-2008 08:39 AM
A problem with networkmanager and wpa_supplicant flamy Linux - Networking 1 04-13-2007 09:13 AM
Ndiswrapper + NetworkManager + wpa_supplicant lonelydreamer Linux - Wireless Networking 5 06-13-2006 07:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:06 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration