[Networkmanager] Howto add 802-1x settings for all new ethernet connections
Andrei Borzenkov
arvidjaar at gmail.com
Mon Feb 13 07:44:42 UTC 2023
On Mon, Feb 13, 2023 at 10:20 AM Till Maas <till at redhat.com> wrote:
>
>
>
> Am So., 12. Feb. 2023 um 21:20 Uhr schrieb Thomas Haller <thaller at redhat.com>:
>>
>> Hi,
>>
>>
>> On Sun, 2023-02-12 at 11:00 +0100, John Doe wrote:
>> > We're currently looking into requiring 802-1x for all wired ethernet
>> > connections.
>> > We have a large number of Linux clients. Mostly slim laptops that
>> > don't have an ethernet adapter. These connect to the wired network
>> > using docking stations or usb to ethernet adapters. All Linux clients
>> > are deployed using PXE boot to deploy the company image.
>> > Problem is during the deploy process there's of course only the
>> > adapter used for the deploy availbale on the client. I can get the
>> > 802-1x settings added for this adapter as part of the deploy.
>> > But then I'm out of control. I can't control NetworkManager to setup
>> > 802-1x for the connection created by NetworkManager when the user
>> > connects to a docking station. Yes, unfortunately it creates a new
>> > wired connection.
>>
>> you can disable that with "[main].no-auto-default=*" in
>> NetworkManager.conf. Of course, the the user plugs in a new ethernet
>> device and NetworkManager isn't doing anything automatically. Whether
>> that is more desirable is unclear.
>
>
> It seems to me that having NM ship a default profile with "connection.multi-connect=multiple" that contains the settings that the automatically created profile simplifies the configuration and makes the behavior accessible via the API and reduces the need to configure this with the NetworkManager-config-server subpackage. What would be the downside of removing the auto-default behavior?
>
I am not aware of the possibility to match only wired interfaces (or
for that matter any other kind of interfaces) in connection profiles.
Auto-default is only done for wired interfaces. If I am wrong and such
a possibility exists, it would certainly be preferable to any hard
coded behavior.
More information about the Networkmanager
mailing list