WPA2-Enterprise Hidden Network

Kippster · 2023-02-13 17:20:47

Hi,

I am trying to connect to a network with WPA2-Enterprise which does not broadcast its SSID (hidden). I am able to connect to a public WPA2-Enterprise network, but when i try to reuse the same config (changed SSID etc) with nmcli it does not work. Does anyone have any experience with this?

nmcli -p con up "internett"                                     ─╯
Passwords or encryption keys are required to access the wireless network 'internett'.
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: Secrets were required, but not provided

Config:

[connection]
id=internett
uuid=01a50a90-375e-4ad8-8118-ebfc87332c2d
type=wifi

[wifi]
mode=infrastructure
ssid=internett

[wifi-security]
key-mgmt=wpa-eap

[802-1x]
eap=peap;
identity=<redacted>
password=<redacted>
phase2-auth=mschapv2

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

NetworkManager.conf:

[device-mac-randomization]
wifi.scan-rand-mac-address=no

Journal

(wlan0): Activation: starting connection 'internett' (01a50a90-375e-4ad8-8118-ebfc87332c2d)
(wlan0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
(wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
(wlan0): Activation: (wifi) access point 'internett' has security, but secrets are required.
(wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
(wlan0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
(wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
(wlan0): Activation: (wifi) connection 'internett' has security, and secrets exist.  No new secrets needed.
(wlan0): supplicant interface state: disconnected -> scanning
(wlan0): supplicant interface state: scanning -> authenticating
(wlan0): supplicant interface state: authenticating -> associating
(wlan0): supplicant interface state: associating -> associated
(wlan0): supplicant interface state: associated -> disconnected
(wlan0): supplicant interface state: disconnected -> scanning
(wlan0): supplicant interface state: scanning -> authenticating
(wlan0): supplicant interface state: authenticating -> associating
(wlan0): supplicant interface state: associating -> associated
(wlan0): supplicant interface state: associated -> disconnected
(wlan0): supplicant interface state: disconnected -> scanning
(wlan0): Activation: (wifi) association took too long
(wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
(wlan0): Activation: (wifi) asking for new secrets
(wlan0): no secrets: No agents were available for this request.
(wlan0): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
(wlan0): Activation: failed for connection 'internett'

Head_on_a_Stick · 2023-02-13 19:04:30

ArchWiki wrote:

Connect to a hidden Wi-Fi network:
$ nmcli device wifi connect $SSID_or_BSSID password $password hidden yes

https://wiki.archlinux.org/title/Networ … i_examples

Kippster · 2023-02-14 17:10:08

Head_on_a_Stick wrote:

ArchWiki wrote:
Connect to a hidden Wi-Fi network:
$ nmcli device wifi connect $SSID_or_BSSID password $password hidden yes
https://wiki.archlinux.org/title/Networ … i_examples

No luck, still the same error

Lone_Wolf · 2023-02-15 11:45:57

[802-1x]
eap=peap;
identity=<redacted>
password=<redacted>
phase2-auth=mschapv2

Ask the admin/maintainers of the enterprise network if they do support 802-1x with those authentication methods .

Kippster · 2023-02-16 08:33:47

Lone_Wolf wrote:

[802-1x]
eap=peap;
identity=<redacted>
password=<redacted>
phase2-auth=mschapv2
Ask the admin/maintainers of the enterprise network if they do support 802-1x with those authentication methods .

I have, and its the correct methods

Lone_Wolf · 2023-02-16 09:29:16

The error message suggests the problem may be with authenticating to the network.

https://unix.stackexchange.com/question … e-provided mentions a possible workaround : provide the password through a passwd-file, try that method.

This is the relevant part of the nmcli documentation

man nmcli wrote:

passwd-file
some networks may require credentials during activation. You can give these credentials using this option. Each line of the file should contain one password in the form:
setting_name.property_name:the password
For example, for WPA Wi-Fi with PSK, the line would be
802-11-wireless-security.psk:secret12345
For 802.1X password, the line would be
802-1x.password:my 1X password
nmcli also accepts wifi-sec and wifi strings instead of 802-11-wireless-security. When NetworkManager requires a password and it is not given, nmcli will ask for it when run with --ask. If --ask was not passed, NetworkManager can ask another secret agent that may be running (typically a GUI secret agent, such as nm-applet or gnome-shell).

Arch Linux

#1 2023-02-13 17:20:47

WPA2-Enterprise Hidden Network

#2 2023-02-13 19:04:30

Re: WPA2-Enterprise Hidden Network

#3 2023-02-14 17:10:08

Re: WPA2-Enterprise Hidden Network

#4 2023-02-15 11:45:57

Re: WPA2-Enterprise Hidden Network

#5 2023-02-16 08:33:47

Re: WPA2-Enterprise Hidden Network

#6 2023-02-16 09:29:16

Re: WPA2-Enterprise Hidden Network

Board footer