[09:50] <Jakdaw_> Can anyone advise on more complicated WPA setups? I need to connect to an institution whose AP certificates are signed by a public CA - so I need to do some validation of the AP CN. wpa_supplicant has an option "domain_suffix_match" to do this - but I'm not clear how to describe that in netplan YAML
[09:54] <slyon> Jakdaw_: can you give some more details of your setup? What operating system and version are you using? Are you trying to implement it on Netplan's networkd or NetworkManager backend?
[09:56] <Jakdaw_> Ubuntu 22.04 with systemd-networkd
[10:07] <slyon> Ok. So the "domain_suffix_match" is not natively supported by Netplan/networkd. But it would configure the underlying wpa_supplicant for you (without this specific setting). I wonder if there's some way to append/extend the generated wpa_supplicant.conf
[10:14] <Jakdaw_> Any idea how one makes a feature request?
[10:14] <slyon> Jakdaw_: https://bugs.launchpad.net/netplan/+filebug (choose priority:whishlist)
[10:14] <Jakdaw_> so that we might have it for Ubuntu 26.04 <sigh>
[10:15] <slyon> I guess the best workaround I can come up with right now would be to create a systemd drop-in config:
[10:16] <slyon> E.g. /etc/systemd/system/netplan-wpa-netplan_id.service.d/override.conf
[10:16] <slyon> that starts wpa_supplicant for the specific Netplan interface, taking /run/systemd/system/netplan-wpa-NETPLAN_ID.service as an example
[10:16] <slyon> the override.conf should contain something like this:
[10:18] <slyon> [Service]
[10:18] <slyon> ExecStart= # clear old ExecStart= line
[10:18] <slyon> ExecStart=/sbin/wpa_supplicant -c /etc/netplan/wpa-custom.conf -iIFACE -Dnl80211,wext
[10:18] <slyon> Then copying /run/netplan/wpa-NETPLAN_ID.conf to /etc/netplan/wpa-custom.conf and modifying it the way you need it
[10:19] <slyon> Jakdaw_: Is this an Ubuntu Server or Ubuntu Desktop system?
[10:21] <slyon> If using Ubuntu Desktop, you might consider using Netplan's NetworkManager backend instead. Which does not natively support "domain-suffix-match" either, but has native "passthrough" support: https://netplan.readthedocs.io/en/stable/netplan-yaml/#properties-for-device-type-nm-devices
[10:21] <slyon> So you could keep it all in your netplan YAML configuraiton.
[10:24] <Jakdaw_> it was installed as Ubuntu Server but has Desktop stuff installed on top; though not NM as I've always thought that awful
[10:25] <slyon> fair enough. The networkd workaround described above is a bit more cumbersome, but should work.
[10:26] <Jakdaw_> that said - the bodge for systemd-networkd would also be awful - given that it's not the only AP that I use this network device to connect to; so I'd probably want netplan to generate a config and then have the override service dynamically modify it - rather than replacing it with something static
[10:28] <slyon> Jakdaw_: I like the idea! It's a bit more involved, but should also work. Unfortunately, wpa_supplicant doesn't have an override/drop-in config mechanism similar to systemd itself.