The keyfile created by Network Manager has the following configuration:
[802-1x]
eap=peap;
When we parse the keyfile to emit Netplan YAML, this setting will become:
networkmanager:
passthrough:
802-1x.eap: "peap;"
Because it's a "networkmanager.passthrough" setting, we don't really interpret it. And because of that, the authentication method will be NETPLAN_AUTH_EAP_NONE in the Netplan state.
The reason we are not properly parsing the method appears to be the trailing ";" in the configuration emitted by Network Manager. The field is a list of string separated by ";" but we currently parse it as only one scalar value.
Ok, I think I see what's going on.
The keyfile created by Network Manager has the following configuration:
[802-1x]
eap=peap;
When we parse the keyfile to emit Netplan YAML, this setting will become:
networkmanager:
passthrough:
802-1x.eap: "peap;"
Because it's a "networkmanager .passthrough" setting, we don't really interpret it. And because of that, the authentication method will be NETPLAN_ AUTH_EAP_ NONE in the Netplan state.
As we check if the method is not NONE, we end up not writing the auth parameters to the keyfile: https:/ /github. com/canonical/ netplan/ blob/main/ src/nm. c#L450
Adding the key "auth.method:"peap" to the YAML file manually will make Netplan emit the auth configuration:
[wifi-security]
key-mgmt=wpa-eap
-psk=testing123
[802-1x] testing123 /user/. config/ cat_installer/ ca.pem auth=mschapv2
-#Netplan: passthrough setting
+#Netplan: passthrough override
eap=peap;
+<email address hidden>
+password=
+ca-cert=
+phase2-
The reason we are not properly parsing the method appears to be the trailing ";" in the configuration emitted by Network Manager. The field is a list of string separated by ";" but we currently parse it as only one scalar value.
Because of the ";", we don't find the proper method and this setting end up in the passthrough block: https:/ /github. com/canonical/ netplan/ blob/main/ src/parse- nm.c#L358