You are not logged in.

#1 2023-02-13 17:20:47

Kippster
Member
Registered: 2023-02-13
Posts: 3

WPA2-Enterprise Hidden Network

Hi,

I am trying to connect to a network with WPA2-Enterprise which does not broadcast its SSID (hidden). I am able to connect to a public WPA2-Enterprise network, but when i try to reuse the same config (changed SSID etc) with nmcli it does not work. Does anyone have any experience with this?

nmcli -p con up "internett"                                     ─╯
Passwords or encryption keys are required to access the wireless network 'internett'.
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: Secrets were required, but not provided

Config:

[connection]
id=internett
uuid=01a50a90-375e-4ad8-8118-ebfc87332c2d
type=wifi

[wifi]
mode=infrastructure
ssid=internett

[wifi-security]
key-mgmt=wpa-eap

[802-1x]
eap=peap;
identity=<redacted>
password=<redacted>
phase2-auth=mschapv2

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

NetworkManager.conf:

[device-mac-randomization]
wifi.scan-rand-mac-address=no

Journal

(wlan0): Activation: starting connection 'internett' (01a50a90-375e-4ad8-8118-ebfc87332c2d)
(wlan0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
(wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
(wlan0): Activation: (wifi) access point 'internett' has security, but secrets are required.
(wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
(wlan0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
(wlan0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
(wlan0): Activation: (wifi) connection 'internett' has security, and secrets exist.  No new secrets needed.
(wlan0): supplicant interface state: disconnected -> scanning
(wlan0): supplicant interface state: scanning -> authenticating
(wlan0): supplicant interface state: authenticating -> associating
(wlan0): supplicant interface state: associating -> associated
(wlan0): supplicant interface state: associated -> disconnected
(wlan0): supplicant interface state: disconnected -> scanning
(wlan0): supplicant interface state: scanning -> authenticating
(wlan0): supplicant interface state: authenticating -> associating
(wlan0): supplicant interface state: associating -> associated
(wlan0): supplicant interface state: associated -> disconnected
(wlan0): supplicant interface state: disconnected -> scanning
(wlan0): Activation: (wifi) association took too long
(wlan0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
(wlan0): Activation: (wifi) asking for new secrets
(wlan0): no secrets: No agents were available for this request.
(wlan0): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
(wlan0): Activation: failed for connection 'internett'

Offline

#2 2023-02-13 19:04:30

Head_on_a_Stick
Member
From: London
Registered: 2014-02-20
Posts: 7,771
Website

Re: WPA2-Enterprise Hidden Network

ArchWiki wrote:

Connect to a hidden Wi-Fi network:

$ nmcli device wifi connect $SSID_or_BSSID password $password hidden yes

https://wiki.archlinux.org/title/Networ … i_examples

Offline

#3 2023-02-14 17:10:08

Kippster
Member
Registered: 2023-02-13
Posts: 3

Re: WPA2-Enterprise Hidden Network

Head_on_a_Stick wrote:
ArchWiki wrote:

Connect to a hidden Wi-Fi network:

$ nmcli device wifi connect $SSID_or_BSSID password $password hidden yes

https://wiki.archlinux.org/title/Networ … i_examples

No luck, still the same error

Offline

#4 2023-02-15 11:45:57

Lone_Wolf
Forum Moderator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,193

Re: WPA2-Enterprise Hidden Network

[802-1x]
eap=peap;
identity=<redacted>
password=<redacted>
phase2-auth=mschapv2

Ask the admin/maintainers of the enterprise network if they do support 802-1x with those authentication methods .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#5 2023-02-16 08:33:47

Kippster
Member
Registered: 2023-02-13
Posts: 3

Re: WPA2-Enterprise Hidden Network

Lone_Wolf wrote:
[802-1x]
eap=peap;
identity=<redacted>
password=<redacted>
phase2-auth=mschapv2

Ask the admin/maintainers of the enterprise network if they do support 802-1x with those authentication methods .

I have, and its the correct methods

Offline

#6 2023-02-16 09:29:16

Lone_Wolf
Forum Moderator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 12,193

Re: WPA2-Enterprise Hidden Network

The error message suggests the problem may be with authenticating to the network.

https://unix.stackexchange.com/question … e-provided mentions a possible workaround : provide the password through a passwd-file, try that method.

This is the relevant part of the nmcli documentation

man nmcli wrote:

passwd-file
some networks may require credentials during activation. You can give these credentials using this option. Each line of the file should contain one password in the form:

setting_name.property_name:the password

For example, for WPA Wi-Fi with PSK, the line would be

802-11-wireless-security.psk:secret12345

For 802.1X password, the line would be

802-1x.password:my 1X password

nmcli also accepts wifi-sec and wifi strings instead of 802-11-wireless-security. When NetworkManager requires a password and it is not given, nmcli will ask for it when run with --ask. If --ask was not passed, NetworkManager can ask another secret agent that may be running (typically a GUI secret agent, such as nm-applet or gnome-shell).


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

Board footer

Powered by FluxBB