NetworkManager & Fedora 15
As part of preparation for upcoming semester I decided to try configuring NetworkManager on Fedora 15 as primary source of network configuration. There are basically two ways how to accomplish network configuration on Fedora using NetworkManager.
- network-scripts way - This is kind a hack that tries to create
NetworkManager configuration from network script located in
/etc/sysconfig/network-scripts/ifcfg-*and it's also default in Fedora. Despite good intentions there are some caveats in this approach:
- there is no configuration file that looks related to NetworkManager
ifcfg-*files causes automatic reload of NetworkManager as soon as the
- there is probably no official documentation for how to setup 802.1X in network-scripts
- keyfile way - For NetworkManager this is the default way which can make use of most NetworkManager's features. In Fedora this way enables us to setup config like "IPv4 through DHCP + IPv6 through DHCPv6 + RADIUS (802.1X)", which was my goal.
/etc/NetworkManager/NetworkManager.conf. In clean Fedora 15 this file would contain only following two lines:
[main] plugins=ifcfg-rhThis indicates that NetworkManager would behave in "network-scripts way". To change this behavior we change the 'plugins' attribute value. Possible values are ( according to NetworkManager documentation ):
- keyfile - generic NetworkManager configuration files
- ifcfg-rh -
- ifcfg-suse - some backward compatible plugin with SUSE (read deprecated)
- ifupdown -
It's also possible to combine these plugins but I don't recommend it for sane people.
configuring the "IPv4 through DHCP + IPv6 through DHCPv6 + RADIUS (802.1X)" combination
ifcfg-rh coming soon ... :)
Because IPv4 DHCP is default for network-scripts I will only show additions that are needed for IPv6 DHCP and RADIUS authentication. For following examples the name of network card will be
- following undocumented atributes are needed (maybe there is version of Fedora in which this is actually documented, not in Fedora 15).
- despite the fact these are not documented they work as expected (= they actually authenticate to RADIUS server)
KEY_MGMT=IEEE8021X IEEE_8021X_EAP_METHODS=PEAP IEEE_8021X_IDENTITY=radius_username IEEE_8021X_INNER_AUTH_METHODS=MSCHAPV2
- this file holds password for RADIUS user in plaintext so it is a good idea to set it's permissions properly.
IEEE_8021X_PASSWORD=radius_passwordIPv6 DHCP is much trickier than one would expect. DHCPv6 uses DUID identificators instead of MAC addresses which were in DHCPv4 (some types of DUID are constructed from MAC address but lets assume that we would be very lucky if this was a rule and not a random occasion).
more comming soon ...