After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 779201 - Network Manager doesn't use 802.1x password entered in GUI
Network Manager doesn't use 802.1x password entered in GUI
Status: RESOLVED INCOMPLETE
Product: NetworkManager
Classification: Platform
Component: API
1.2.x
Other Linux
: Normal minor
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
https://bugs.launchpad.net/ubuntu/+so...
Depends on:
Blocks:
 
 
Reported: 2017-02-24 23:18 UTC by StuS
Modified: 2017-07-28 07:32 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description StuS 2017-02-24 23:18:17 UTC 
This bug was filed with ubuntu, and they requested I file it upstream:

https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1643737

This is a bug that seems to constantly re-surface across multiple versions in Ubuntu, and I've seen it in other distributions as well.

Scenario:
  I want to enable 802.1x on a wired (*not* wireless), ethernet connection. I enter my identity, my computer cert, my ca cert, my private key file, and my password for my private key.

What doesn't work:
I confirm the password works by using openssl. NetworkManager does not save the password. When I am asked to re-enter it, the connection fails. I look in syslog, and it complains about the private key password being blank.

Workaround:
Open the file:

/etc/NetworkManager/system-connections/[Your network connection]
Example:
$> vim /etc/NetworkManager/system-connections/Wired\ connection\ 1

Add the field:
private-key-password=[your password]

Example:
private-key-password=UtterlyPointlessGloballyReadableStoredInPlaintextPassword

Save the file.

Attempt to re-connect. (and it worked for me).
Look in Network Manager UI, the password seems to now be stored.

Expected behavior:
Entering the password in the GUI works (i.e, it is saved to the file, or at least used temporarily when connecting, either way - the latter would be more secure)

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: network-manager 1.2.0-0ubuntu0.16.04.3
ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
Uname: Linux 4.4.0-31-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Nov 21 17:52:44 2016
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
InstallationDate: Installed on 2016-11-21 (0 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
IpRoute:
 default via 10.0.50.1 dev eno1 proto static metric 100
 10.0.50.0/23 dev eno1 proto kernel scope link src 10.0.50.207 metric 100
 10.0.254.32 via 10.0.50.1 dev eno1 proto dhcp metric 100
 169.254.0.0/16 dev eno1 scope link metric 1000
IwConfig:
 lo no wireless extensions.

 eno1 no wireless extensions.
NetworkManager.state:
 [main]
 NetworkingEnabled=true
 WirelessEnabled=true
 WWANEnabled=true
RfKill:

SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-con:
 NAME UUID TYPE TIMESTAMP TIMESTAMP-REAL AUTOCONNECT AUTOCONNECT-PRIORITY READONLY DBUS-PATH ACTIVE DEVICE STATE ACTIVE-PATH
 Wired connection 1 fcbffec0-f9e4-4405-acfa-1cd80dec7362 802-3-ethernet 1479779500 Mon 21 Nov 2016 05:51:40 PM PST yes 4294966297 no /org/freedesktop/NetworkManager/Settings/0 yes eno1 activated /org/freedesktop/NetworkManager/ActiveConnection/0
nmcli-dev:
 DEVICE TYPE STATE DBUS-PATH CONNECTION CON-UUID CON-PATH
 eno1 ethernet connected /org/freedesktop/NetworkManager/Devices/0 Wired connection 1 fcbffec0-f9e4-4405-acfa-1cd80dec7362 /org/freedesktop/NetworkManager/ActiveConnection/0
 lo loopback unmanaged /org/freedesktop/NetworkManager/Devices/1 -- -- --
nmcli-nm:
 RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN
 running 1.2.0 connected started full enabled enabled enabled enabled enabled
Comment 1 StuS 2017-02-24 23:25:18 UTC 
Note this time around, the password seems to re-appear in the GUI after being entered - however, it's not stored in the conf file, and I'm promoted to enter it upon reboot, so it's now:

  - storing it somewhere (maybe somewhere preferrable to a globally readable file!)
  - and then not using it upon reboot.


After entering it in the conf file, it started working again, upon reboot.

Note that this version has been updated to:

root@stuart:/etc/pam.d# apt list network-manager
Listing... Done
network-manager/xenial-updates,now 1.2.2-0ubuntu0.16.04.3 amd64 [installed,automatic]


So it's getting better, but not there yet.
Comment 2 Beniamino Galvani 2017-02-28 07:42:56 UTC 
Can you please show the output of:

 nmcli connection show <con-name>

and attach connection logs captured with:

 nmcli general logging level trace
 nmcli connection up <con-name>
 journalctl -u NetworkManager --since "-120s" > log.txt

? Thanks!
Comment 3 Beniamino Galvani 2017-07-28 07:32:24 UTC 
Closing this bug report as no further information has been provided. Please feel free to reopen this bug report if you can provide the information that was asked for in a previous comment.
Thanks!