|
Bugzilla – Full Text Bug Listing |
| Summary: | Yast2 should allow PAP authentication for WPA-EAP with TTLS | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | Bernhard Schmidt <berni> |
| Component: | YaST2 | Assignee: | Will Stephenson <wstephenson> |
| Status: | RESOLVED WORKSFORME | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Enhancement | ||
| Priority: | P5 - None | CC: | jeremy.figgins |
| Version: | Beta 2 | ||
| Target Milestone: | --- | ||
| Hardware: | i686 | ||
| OS: | All | ||
| Whiteboard: | |||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | Sample patch | ||
OK, we'll have a look. But only after 10.0 is out. Created attachment 46873 [details]
Sample patch
The attached patch adds a variable WIRELESS_TTLS_MODE. When set to PAP, it sets
the appropriate line in the configuration file.
Tested and seems to work, not very beautiful though
Reassigning to the new maintainer of yast2-network. move to later mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy) mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy) mass reopening all SuSE Linux bugs that are set to REMIND+LATER to change the resolution to WONTFIX (adapting to new policy) Closing old LATER+REMIND bugs as WONTFIX - if you still plan to work on it, feel free to reopen and set to ASSIGNED. In case the report saw repeated reopen comments, it's due to bugzilla timing out on the huge request ;( The University of Illinois at Chicago's wireless network requires PAP as a phase 2 authentication mechanism. Currently, I must manually edit ~/.kde/share/config/knetworkmanagerrc and add the following line: Value_phase2-auth=<string>pap</string>\n This should be an option inside knetworkmanager. This should be implemented in sysconfig first Jeremy: please open a new bugreport for knetworkmanager Sysconfig supports at least since 10.3 via the WIRELESS_EAP_AUTH$SUFFIX variable, e.g. WIRELESS_EAP_AUTH=PAP will set phase2="auth=PAP" in the 0th network. WIRELESS_EAP_AUTH_1=PAP in the 1st one (when in use). Further, you can set PEAP version using WIRELESS_PEAP_VERSION$SUFFIX too. A WIRELESS_PEAP_VERSION=1 will result in phase1="peaplabel=0 peapver=1" instead of just phase1="peaplabel=0" in the 0-th network. The variables are in ifcfg.template: ## Type: string ## Default: "" # # WPA-EAP can use different authentication modes. Supported # values are TLS, PEAP, and TTLS. Default is to allow any. # When using WIRELESS_AP_SCANMODE 2, this variable needs to be set. WIRELESS_EAP_AUTH='' ## Type: string ## Default: '' # # When using WPA-EAP with PEAP authentication, you can use # this variable to force which PEAP version (0 or 1) to be used. # Default is to allow both. WIRELESS_PEAP_VERSION='' Back to yast2 network. (In reply to comment #9) > The University of Illinois at Chicago's wireless network requires PAP as a > phase 2 authentication mechanism. Currently, I must manually edit > ~/.kde/share/config/knetworkmanagerrc and add the following line: > > Value_phase2-auth=<string>pap</string>\n > > This should be an option inside knetworkmanager. In SLED10 SP3 I can see PAP authentication method option in both Yast "Traditional method ifup" in WPA-EAP Details and NetworkManager WPA-Enterprise Phase2 Type. I believe this bug should be reassigned to the maintainer of the knetworkmanager. Bernhard, could you comment it? reassigner to NetworkManager-kde4 maintainer (there's nothing to do with YaST) EAP + TTLS + PAP is supported in NetworkManager-kde4 as found in openSUSE 11.2 and SLE11SP1 and later. Jeremy, what OS are you using? Noresponse, feature supported as above |
OpenSUSE Beta2 (and probably all older SuSE releases with WPA support as well) build a wpa_supplicant.conf in /etc/sysconfig/network/scripts/ifup-wireless which only allows PEAP authentication inside a TTLS tunnel. Many users (all users using the international DFN roaming for example) need PAP inside the tunnel for various design reasons. There should be a dropdown menu in Yast2 to select the inner authentication protocol. It should have at least PEAP (which is the same thing as currently, network={ [...] phase1="peaplabel=0" } and PAP network={ [...] phase2="auth=PAP" } (without phase1).