You are not logged in.
State:
- Setup:
Sway without Gnome installed.
NetworkManager (wired connection works)
Basic Wifi with WPA3 / SAE authentication.
Gnome Keyring is installed. But I do not want to use it because I find password managers accessible from the same local user to be security theatre.
Stuff that log says:
When I try to connect to a wifi using NetworkManager, it always fails with logs saying that secrets are needed but weren't provided.
The log message before is authentication timeout.
Suspicions:
EDIT: is SAE firstauth maybe too slow to succeed before timeout with some APs?
Not so esoteric suspicion: The whole thing doesn't work without involving a gnome session anymore. But then why does it work on my redhat servers without gui?
Esoteric suspicion that is propably not relevant but I don't trust anything computers to not be annoying: The TLS certificate for the routers webinterface is expired. Does SAE use TLS certificates in any way? I guess not because then any random vodafone box would need to letsencrypt their way around to have a web-pki valid cert or have their own CA. But maybe this connected for some wicked reason and selfsigned certs are allowed but not expired ones.
Every source I've read says certs are like in wpa2 only relevant in enterprise mode.
How I did things:
I tried multiple ways of ading a connection:
- nm-connection-editor as user, ticking the flag to make it a system connection -> doesn't save password in the nmconnection file
- from a root shell: nmcli d wifi connect wifiname password actualpassword --> saves the password in the nmconnection file
- from a root shell: nmcli d wifi connect wifiname --ask -> saves the password in the nmconnection file
In cases where the password is saved, the connection editor gui can not read the secret from the file because its root/root 0600.
Thats propably why the gui can't save it either.
What I want:
I do not want the user involved in network secrets.
This is a single purpose laptop that should have a few networks statically and autoconnecting.
It does not do so at all.
It seems to me that for this to work the local user needs read access to the nmconnection file or some policykit shenanigans.
I dont want any of that. I want to use a root shell if I change anything like that and I want the system to provide NetworkManager with the secrets.
Works on other machines:
I mean this works on my everything under the sun installed laptop with KDE and Gnome to make system connections, where the nmconnection files are root/root 0600, too.
Last edited by RentableBrick (2022-07-21 16:01:26)
Offline