| Jakdaw_ | Can anyone advise on more complicated WPA setups? I need to connect to an institution whose AP certificates are signed by a public CA - so I need to do some validation of the AP CN. wpa_supplicant has an option "domain_suffix_match" to do this - but I'm not clear how to describe that in netplan YAML | 09:50 |
|---|---|---|
| slyon | Jakdaw_: can you give some more details of your setup? What operating system and version are you using? Are you trying to implement it on Netplan's networkd or NetworkManager backend? | 09:54 |
| Jakdaw_ | Ubuntu 22.04 with systemd-networkd | 09:56 |
| slyon | Ok. So the "domain_suffix_match" is not natively supported by Netplan/networkd. But it would configure the underlying wpa_supplicant for you (without this specific setting). I wonder if there's some way to append/extend the generated wpa_supplicant.conf | 10:07 |
| Jakdaw_ | Any idea how one makes a feature request? | 10:14 |
| slyon | Jakdaw_: https://bugs.launchpad.net/netplan/+filebug (choose priority:whishlist) | 10:14 |
| Jakdaw_ | so that we might have it for Ubuntu 26.04 <sigh> | 10:14 |
| slyon | I guess the best workaround I can come up with right now would be to create a systemd drop-in config: | 10:15 |
| slyon | E.g. /etc/systemd/system/netplan-wpa-netplan_id.service.d/override.conf | 10:16 |
| slyon | that starts wpa_supplicant for the specific Netplan interface, taking /run/systemd/system/netplan-wpa-NETPLAN_ID.service as an example | 10:16 |
| slyon | the override.conf should contain something like this: | 10:16 |
| slyon | [Service] | 10:18 |
| slyon | ExecStart= # clear old ExecStart= line | 10:18 |
| slyon | ExecStart=/sbin/wpa_supplicant -c /etc/netplan/wpa-custom.conf -iIFACE -Dnl80211,wext | 10:18 |
| slyon | Then copying /run/netplan/wpa-NETPLAN_ID.conf to /etc/netplan/wpa-custom.conf and modifying it the way you need it | 10:18 |
| slyon | Jakdaw_: Is this an Ubuntu Server or Ubuntu Desktop system? | 10:19 |
| slyon | If using Ubuntu Desktop, you might consider using Netplan's NetworkManager backend instead. Which does not natively support "domain-suffix-match" either, but has native "passthrough" support: https://netplan.readthedocs.io/en/stable/netplan-yaml/#properties-for-device-type-nm-devices | 10:21 |
| slyon | So you could keep it all in your netplan YAML configuraiton. | 10:21 |
| Jakdaw_ | it was installed as Ubuntu Server but has Desktop stuff installed on top; though not NM as I've always thought that awful | 10:24 |
| slyon | fair enough. The networkd workaround described above is a bit more cumbersome, but should work. | 10:25 |
| Jakdaw_ | that said - the bodge for systemd-networkd would also be awful - given that it's not the only AP that I use this network device to connect to; so I'd probably want netplan to generate a config and then have the override service dynamically modify it - rather than replacing it with something static | 10:26 |
| slyon | Jakdaw_: I like the idea! It's a bit more involved, but should also work. Unfortunately, wpa_supplicant doesn't have an override/drop-in config mechanism similar to systemd itself. | 10:28 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!