Impossible to get NetworkManager to connect to 802.1x using wired connection and PKCS#11 device
BALEMBOY Marc
marc.balemboy at cs-soprasteria.com
Tue Jun 17 11:54:44 UTC 2025
Hello,
I can't manage to get NetworkManager connection to a wired 802.1x connection using a PKCS#11 device to store the private key.
The surprising thing is, I can make a WiFi similar setup work fine.
Despite getting a wpa_supplicant-only setup fully working, I encounter the following error when trying the configuration with NM :
Secrets are required to access the wired network 'wired-tpm'
Warning: password for '802-1x.identity' not given in 'passwd-file' and nmcli cannot ask without '--ask' option.
Error: Connection activation failed: Secrets were required, but not provided
which is fully unexpected (the pin to access the private key is provided with the PKCS#11 URI used in the configuration), and I now from the wpa_supplicant test that i did provide the full list of parameters needed for the authentication to succeed.
The configuration look similar to this :
[connection]
id=wired-tpm
uuid=09f60a46-daf1-3b8e-8c24-7a2ae3e48783
type=ethernet
autoconnect=false
autoconnect-priority=-100
[ethernet]
duplex=half
mtu=1420
speed=100
[802-1x]
ca-cert=/usr/share/ca-certificates/RadiusCA.pem
client-cert=/config/etc/swanctl/x509/client.pem
eap=tls;
identity=test
private-key=pkcs11:model=SLB9670%2525252500%2525252500%2525252500%2525252500%2525252500%2525252500%2525252500%2525252500%2525252500;manufacturer=Infineon;serial=0000000000000000;token=tpm2-token;id=%42%42;type=private;pin-value=<0000>"
private-key-password=
[ipv4]
address1=192.168.1.4/24
address2=192.168.1.5/24
method=manual
Any documentation, help or experience regarding this kind of setup would be help !
I have opened a full issue with more details :
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1773
Regards,
Marc
C2 - Usage restreint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/networkmanager/attachments/20250617/f62e757f/attachment-0001.htm>
More information about the Networkmanager
mailing list