802.1X: dhclient started before the auth. process ends
Rui Paulo
rpaulo at felyko.com
Wed Jul 31 01:47:20 UTC 2013
On 30 Jul 2013, at 05:43, Jean-Sébastien Pédron <jean-sebastien.pedron at dumbbell.fr> wrote:
> On 29.07.2013 21:56, Rui Paulo wrote:
>> Disable all the configuration settings and run wpa_supplicant -ddd
>> <all your other options...>
>
> I'm not sure I understand what you mean by "disable all the
> configuration settings" but I did some more tests by running
> wpa_supplicant manually (ie. not using netif script) with the same options.
>
> I found that when the interface (here, bge0) is already UP before
> running wpa_supplicant, the authentication process is fast. However,
> when the interface is DOWN, wpa_supplicant "associates" quickly but the
> authentication process starts between 5 and 20 seconds after.
>
> Here's a log with both run (with interface UP then DOWN):
> http://pastebin.com/f5ydiBpV
>
> This delay is new with the recent 10-CURRENT.
>
> A comment about the behavior I would expect (but keep in mind I'm a dumb
> user here, not a network expert at all). I see in the logs that when
> issueing "service netif restart bge0":
> 1. the interface is put DOWN, which terminates a previous dhclient
> 2. wpa_supplicant is stopped
> 3. wpa_supplicant is started again
> 4. wpa_supplicant associates with a remote peer, which puts the
> interface UP and triggers dhclient
>
> I guess that this works for a Wifi network because the association is
> only valid after the authentication finishes successfully. However, with
> 802.1X not involving Wifi (only wired), the association is made right at
> the beginning (see the logs I pasted), putting the interface UP (and
> triggering dhclient) before the authentication starts.
Could you please change the initialisation script rc.d/wpa_supplicant to make it run with the extra options "-dd" ? The messages you sent are not enough to diagnose the problem.
--
Rui Paulo
More information about the freebsd-current
mailing list