Authenticating to a wired or wireless network using 802.1x is simple using NetworkManager’s GUI client. However, this gets challenging on headless servers without a graphical interface. The
nmcli command isn’t able to store credentials in a keyring and this causes problems when you try to configure an interfaces with 802.1x authentication.
Start by setting some basic configurations on the interface using the
nmcli editor shell:
# nmcli con edit CONNECTION_NAME
nmcli> set ipv4.method auto
nmcli> set 802-1x.eap peap
nmcli> set 802-1x.identity USERNAME
nmcli> set 802-1x.phase2-auth mschapv2
Be sure to set the
802-1x.phase2-auth to the appropriate values for your network. You might have noticed that the password isn’t specified here. That’s because NetworkManager has no access to a keyring where it can store the password. That comes next.
Create a new file called
/etc/NetworkManager/system-connections/CONNECTION_NAME to hold your password. If your connection name has spaces in it, be sure to maintain those spaces in the filename. Add the following to that file:
Save the file and close it. Restart NetworkManager to pick up the changes:
systemctl restart NetworkManager
You may need to bring the interface down and up to test the new changes:
nmcli con down CONNECTION_NAME
nmcli con up CONNECTION_NAME
Once the network settles down, the authentication should complete within a few seconds in most cases. Be sure to check your system journal or other NetworkManager logs for more details if the interface doesn’t work properly.