Ondrej Famera - top logo

NetworkManager & Fedora 15

As part of preparation for upcoming semester I decided to try configuring NetworkManager on Fedora 15 as primary source of network configuration. There are basically two ways how to accomplish network configuration on Fedora using NetworkManager.

  1. network-scripts way - This is kind a hack that tries to create NetworkManager configuration from network script located in /etc/sysconfig/network-scripts/ifcfg-* and it's also default in Fedora. Despite good intentions there are some caveats in this approach:
    • there is no configuration file that looks related to NetworkManager
    • editing ifcfg-* files causes automatic reload of NetworkManager as soon as the ifcfg-* change
    • there is probably no official documentation for how to setup 802.1X in network-scripts
    This way is default for Fedora-based systems (RHEL/Fedora/CentOS).
  2. keyfile way - For NetworkManager this is the default way which can make use of most NetworkManager's features. In Fedora this way enables us to setup config like "IPv4 through DHCP + IPv6 through DHCPv6 + RADIUS (802.1X)", which was my goal.
To select the way how the NetworkManager should behave you need to edit file /etc/NetworkManager/NetworkManager.conf. In clean Fedora 15 this file would contain only following two lines:
[main]
plugins=ifcfg-rh
This indicates that NetworkManager would behave in "network-scripts way". To change this behavior we change the 'plugins' attribute value. Possible values are ( according to NetworkManager documentation ):
  • keyfile - generic NetworkManager configuration files
  • ifcfg-rh - /etc/sysconfig/network-scripts/ifcfg-* files
  • ifcfg-suse - some backward compatible plugin with SUSE (read deprecated)
  • ifupdown - /etc/network/interfaces file

It's also possible to combine these plugins but I don't recommend it for sane people.

configuring the "IPv4 through DHCP + IPv6 through DHCPv6 + RADIUS (802.1X)" combination using the keyfile and ifcfg-rh coming soon ... :)

network-scripts way
Because IPv4 DHCP is default for network-scripts I will only show additions that are needed for IPv6 DHCP and RADIUS authentication. For following examples the name of network card will be eth0.

/etc/config/sysconfig/ifcfg-eth0
- following undocumented atributes are needed (maybe there is version of Fedora in which this is actually documented, not in Fedora 15).
- despite the fact these are not documented they work as expected (= they actually authenticate to RADIUS server)
KEY_MGMT=IEEE8021X
IEEE_8021X_EAP_METHODS=PEAP
IEEE_8021X_IDENTITY=radius_username
IEEE_8021X_INNER_AUTH_METHODS=MSCHAPV2
/etc/config/sysconfig/keys-eth0
- this file holds password for RADIUS user in plaintext so it is a good idea to set it's permissions properly.
IEEE_8021X_PASSWORD=radius_password
IPv6 DHCP is much trickier than one would expect. DHCPv6 uses DUID identificators instead of MAC addresses which were in DHCPv4 (some types of DUID are constructed from MAC address but lets assume that we would be very lucky if this was a rule and not a random occasion).
more comming soon ...
Last change .