Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • NetworkManager NetworkManager
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 163
    • Issues 163
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 15
    • Merge requests 15
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • NetworkManagerNetworkManager
  • NetworkManagerNetworkManager
  • Issues
  • #4
Closed
Open
Issue created Jul 25, 2018 by Gustaf Johansson@gustafj

NetworkManager does not support Fast BSS Transition (FT, IEEE 802.11r-2008) enabled networks (KeyMgmt wpa-ft-psk or wpa-ft-eap)

Connecting to a Enterprise network that has Fast Transition (FT) fails when using NetworkManager.
This was tested on a PEAP & MSCHAPv2 NW.

The NetworkManager log gives "Activation: failed for connection 'ssid'" and wpa_supplicant log gives "FT: Invalid key management type (1)".
1 is in this case WPA_KEY_MGMT_IEEE8021X, however the active network needs WPA_KEY_MGMT_FT_IEEE8021X for wpa_supplicant to connect.

Adding wpa-ft-eap to the key_mgmt_conf passed to wpa_supplicant fixes this issue and I am able to connect successfully (see patch).

--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -773,19 +773,21 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
                switch (fils) {
                case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
                        key_mgmt_conf = priv->support_pmf
-                               ? "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384"
-                               : "wpa-eap fils-sha256 fils-sha384";
+                               ? "wpa-ft-eap wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384"
+                               : "wpa-ft-eap wpa-eap fils-sha256 fils-sha384";
                        break;
                case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
                        key_mgmt_conf = "fils-sha256 fils-sha384";
                        break;
                default:
                        if (priv->support_pmf)
-                               key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+                               key_mgmt_conf = "wpa-ft-eap wpa-eap wpa-eap-sha256";
                        break;
                }
        }

A proper fix would be nice (that also adds wpa-ft-psk support), possibly with a new setting, though I don't know if that adds any value (why should the user need to specify of even care if FT is present in the nw).

I also tested with the iwd backend, but that also failed to connect, however I did not do any further troubleshooting on what might be the cause for that (if FT is even supported by iwd, if NetworkManager has the same issue with that backend, or if I had something miss-configured).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking