Created attachment 1721326 [details]
Backport of upstream fix to 1.27.3
Description of problem:
When creating a bridge, and putting an Ethernet slave and a Wlan slave (which has been configured as an AP), authentication will always fail when connecting to that AP.
Version-Release number of selected component (if applicable):
nmcli conn add con-name "Bridge 0" \
type bridge ifname br0 \
connection.autoconnect true \
ipv4.method "manual" \
ipv4.address "$LOCALIP/$LOCALPREFIX" \
nmcli conn delete "Bridge slave 0"
nmcli conn add con-name "Bridge slave 0" \
master "Bridge 0" \
type ethernet ifname eth1
nmcli conn delete "Bridge slave 1"
nmcli conn add con-name "Bridge slave 1" \
master "Bridge 0" \
type wifi ifname wlan0 \
mode ap ssid "$ssid" \
802-11-wireless.band "bg" \
802-11-wireless-security.key-mgmt "wpa-psk" \
nmcli conn up "Bridge 0"
and now try to authenticate to that AP.
Steps to Reproduce:
1. Create bridge.
2. Add Ethernet and WLAN slaves (WLAN must be configured as AP).
3. Bring up bridge and try to connect to it.
Authentication should succeed.
Upstream commit is ae31b4b.
A bug report against rhel-8 will always be (at earliest) fixed in the next minor rhel-8 release (at this point, that is rhel-8.4 because it's too late for rhel-8.3).
-- Z-stream updates are handled entirely different, but a feature request like this wouldn't qualify for that.
Since we plan to rebase NetworkManager with rhel-8.4, and since this is fixed upstream, it will be fixed automatically.
Moving this bug to POST.
(I think this bug is against CentOS Stream, but CentOS Stream is just a build of rhel-8.4 development snapshots, so overall this is still a RHEL-8 bug)
However, this issue also requires changes to wpa_supplicant. We will anyway add the support to NetworkManager (with the rebase), but it won't be useful, unless also wpa_supplicant has the feature. I will clone this bug for wpa_suppliant.
(In reply to Thomas Haller from comment #1)
> I will clone this bug for wpa_suppliant.
Ah, that already exists as bug 1888050.
The test is passing with wpa_supplicant-2.9-3.el8, moving to verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: NetworkManager and libnma security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.