Re: 802.1X: dhclient started before the auth. process ends
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2DFSSGAASRDLLUSXNPUME
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 29.07.2013 15:34, Adrian Chadd wrote:
> I think you were lucky.
I think you're right.
It works perfectly on FreeBSD 9.1, because wpa_supplicant finishes the
auth process really quickly, ie. before dhclient receives an answer from
dhcpd from the unauthenticated network:
Jul 29 15:39:46 - kernel: bge0: link state changed to UP
Jul 29 15:39:46 - dhclient[46150]: DHCPREQUEST on bge0 to
255.255.255.255 port 67
Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-STARTED EAP
authentication started
=2E..
Jul 29 15:39:47 - wpa_supplicant[46119]: CTRL-EVENT-EAP-SUCCESS EAP
authentication completed successfully
Jul 29 15:39:48 - dhclient[46150]: DHCPREQUEST on bge0 to
255.255.255.255 port 67
Jul 29 15:39:48 - dhclient[46150]: DHCPACK from 192.168.200.224
Jul 29 15:39:48 - dhclient: New IP Address (bge0): 192.168.200.91
Jul 29 15:39:48 - dhclient: New Subnet Mask (bge0): 255.255.255.0
Jul 29 15:39:48 - dhclient: New Broadcast Address (bge0): 192.168.200.255=
Jul 29 15:39:48 - dhclient: New Routers (bge0): 192.168.200.254
On -CURRENT, wpa_supplicant is started more than 10 seconds after the
interface is UP and dhclient sent its request
(http://pastebin.com/ZHcbHLQZ). Therefore, a lease from the
unauthenticated network arrives first. It was working with a previous
-CURRENT (buildworld from around April if memory serves).
> dhclient shouldn't start running until wpa_supplicant has completed
> authentication.
Damn, I always thought it worked this way on FreeBSD and happily laughed
at "Linux co-workers" who use some kind of rc.local script to work
around this issue :-) In fact, we're all in the same boat!
I may take a look at the issue. I guess the place to fix this is in the
rc scripts. Does someone have a hint?
--=20
Jean-S=E9bastien P=E9dron
------enig2DFSSGAASRDLLUSXNPUME
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlH2dZAACgkQa+xGJsFYOlOJ2wCgw5haBHblo8F7a4axlOiRGP8p
TFkAoLaxVfQsplwokPuRGMHLgEAXk+n1
=FEy8
-----END PGP SIGNATURE-----
------enig2DFSSGAASRDLLUSXNPUME--
討論串 (同標題文章)
完整討論串 (本文為第 6 之 10 篇):