I am trying to configure a CentOS 7 operating system to use 802.1x authentication on a wired connection.
I configured NetworkManager configuration files using nmcli, as I will be running a headless computer.
Actually, I would like the connection to work both with and without security on the network.
I have configured the following in ifcfg-eno1
Code:
TYPE="Ethernet"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eno1"
UUID="1198061b-1580-46c5-9db1-c8602799d681"
DEVICE="eno1"
ONBOOT="yes"
PERSISTENT_DHCLIENT=1
KEY_MGMT=IEEE8021X
IEEE_8021X_EAP_METHODS=TLS
IEEE_8021X_IDENTITY=myhost
IEEE_8021X_PRIVATE_KEY=/root/myhost.pem
IEEE_8021X_CLIENT_CERT=/root/myhost.pem
PEERDNS=yes
PEERROUTES=yes
DHCP_HOSTNAME=myhost
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
If I try to connect using this configuration I get the following messages in /var/log/messages
Code:
Jun 29 14:54:15 localhost kernel: e1000e: eno1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1868] device (eno1): link connected
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1875] device (eno1): state change: unavailable -> disconnected (reason 'carrier-changed') [20 30 40]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1887] policy: auto-activating connection 'eno1'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1902] device (eno1): Activation: starting connection 'eno1' (1198061b-1580-46c5-9db1-c8602799d681)
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1905] device (eno1): state change: disconnected -> prepare (reason 'none') [30 40 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1906] manager: NetworkManager state is now CONNECTING
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1913] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1918] device (eno1): Activation: (ethernet) connection 'eno1' has security, but secrets are required.
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1918] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1982] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1987] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1992] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1995] supplicant: wpa_supplicant running
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.1995] device (eno1): supplicant interface state: init -> starting
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2474] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2475] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2475] Config: added 'eapol_flags' value '0'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2475] Config: added 'eap' value 'TLS'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2475] Config: added 'fragment_size' value '1266'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2475] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2476] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2476] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2476] Config: added 'identity' value 'myhost'
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2481] sup-iface[0x7ff96cc4bf70,eno1]: config: set interface ap_scan to 0
Jun 29 14:54:15 localhost NetworkManager[3862]: <info> [1498740855.2544] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:54:40 localhost NetworkManager[3862]: <warn> [1498740880.2525] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2528] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:54:40 localhost NetworkManager[3862]: <warn> [1498740880.2548] device (eno1): Activation: (ethernet) asking for new secrets
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2587] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2591] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2596] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2947] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2948] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2948] Config: added 'eapol_flags' value '0'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2948] Config: added 'eap' value 'TLS'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2948] Config: added 'fragment_size' value '1266'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2948] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2949] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2949] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2949] Config: added 'identity' value 'myhost'
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.2955] sup-iface[0x7ff96cc4bc00,eno1]: config: set interface ap_scan to 0
Jun 29 14:54:40 localhost NetworkManager[3862]: <info> [1498740880.3022] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:55:05 localhost NetworkManager[3862]: <warn> [1498740905.2443] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2446] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:55:05 localhost NetworkManager[3862]: <warn> [1498740905.2468] device (eno1): Activation: (ethernet) asking for new secrets
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2507] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2511] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2517] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2852] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2853] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2853] Config: added 'eapol_flags' value '0'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2853] Config: added 'eap' value 'TLS'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2853] Config: added 'fragment_size' value '1266'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2853] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2854] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2854] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2854] Config: added 'identity' value 'myhost'
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2860] sup-iface[0x7ff96cc4bc00,eno1]: config: set interface ap_scan to 0
Jun 29 14:55:05 localhost NetworkManager[3862]: <info> [1498740905.2926] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:55:30 localhost NetworkManager[3862]: <warn> [1498740930.2527] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2530] device (eno1): state change: config -> need-auth (reason 'none') [50 60 0]
Jun 29 14:55:30 localhost NetworkManager[3862]: <warn> [1498740930.2551] device (eno1): Activation: (ethernet) asking for new secrets
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2590] device (eno1): state change: need-auth -> prepare (reason 'none') [60 40 0]
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2594] device (eno1): state change: prepare -> config (reason 'none') [40 50 0]
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2600] device (eno1): Activation: (ethernet) connection 'eno1' requires no security. No secrets needed.
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2930] device (eno1): supplicant interface state: starting -> ready
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2930] Config: added 'key_mgmt' value 'IEEE8021X'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2930] Config: added 'eapol_flags' value '0'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2930] Config: added 'eap' value 'TLS'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2930] Config: added 'fragment_size' value '1266'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2930] Config: added 'private_key' value '/root/myhost.pem'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2931] Config: added 'private_key_passwd' value '<omitted>'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2931] Config: added 'client_cert' value '/root/myhost.pem'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2931] Config: added 'identity' value 'myhost'
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.2936] sup-iface[0x7ff96ccd4150,eno1]: config: set interface ap_scan to 0
Jun 29 14:55:30 localhost NetworkManager[3862]: <info> [1498740930.3004] device (eno1): supplicant interface state: ready -> associated
Jun 29 14:55:55 localhost NetworkManager[3862]: <warn> [1498740955.2524] device (eno1): Activation: (ethernet) association took too long.
Jun 29 14:55:55 localhost NetworkManager[3862]: <info> [1498740955.2527] device (eno1): state change: config -> failed (reason 'no-secrets') [50 120 7]
Jun 29 14:55:55 localhost NetworkManager[3862]: <info> [1498740955.2530] manager: NetworkManager state is now DISCONNECTED
Jun 29 14:55:55 localhost NetworkManager[3862]: <warn> [1498740955.2539] device (eno1): Activation: failed for connection 'eno1'
Jun 29 14:55:55 localhost NetworkManager[3862]: <info> [1498740955.2549] device (eno1): state change: failed -> disconnected (reason 'none') [120 30 0]
So at one point I am getting "Activation: (ethernet) connection 'eno1' requires no security. No secrets needed."
But I also get: "Activation: (ethernet) association took too long." and
"Activation: (ethernet) asking for new secrets"
The wpa_supplicant.log shows:
Code:
eno1: Associated with FF:FF:FF:FF:FF:FF
eno1: CTRL_EVENT-DISCONNECTED bssid=FF:FF:FF:FF:FF:FF reason=3 locally_generated=1
(FF:FF:FF:FF:FF:FF is a placeholder, not the actual value)
Note that I get these results both when I connect to a network with security and a network without security.
I am quite certain that I am missing some configuration.
Could some suggestions what I would need to look at?
Ad please do ask if additional log data is required