Eduroam configuration in /Linux/BSD: wpa supplicant

From IThelp



For setup in newer versions of Linux and client run Linux please see: Eduroam for Linux



It is important that you have in place the latest version of firmware and driver for your wireless card and that your firmware supports TKIP encryption or better. Some drivers also has a problem with connecting to access points that does not broadcast it's SSID. Be sure to apply any available patches.

wpa_supplicant can be downloaded here.

Be sure to read the README file as it explains about the support in various drivers.

Before the wpa_supplicant can be compiled, you must have 'yes' on the following options in the .config file:

CONFIG_IEEE8021X_EAPOL=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_TLS=y CONFIG_EAP_PEAP=y CONFIG_EAP_TTLS=y

It is strictly only necessary to have TLS, PEAP or TTLS (depending on what your institution uses) but the others might prove useful to have at a later time. For TLS you also need a user's certificate.

You also need to define what driver you are using. For example the MAD WiFi driver:

CONFIG_DRIVER_MADWIFI=y

Then there is

make

before you install with

cp wpa_cli wpa_supplicant /usr/local/bin

...or somewhere else you prefer.

With your favorite editor edit

/etc/wpa_supplicant.conf

so that it contains the following (using TTLS):

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root

network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="username@uib.no"
password="password"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}

ctrl_interface=/var/run/wpa_supplicant

Modify user name, password and certificate name to what is applicable at your institution.

Start wpa_supplicant like this:
''wpa_supplicant -D madwifi -c /etc/wpa_supplicant.conf -d -i ath0''

iwconfig should then be able to give you an output like this:

ath0 IEEE 802.11b ESSID:"eduroam" Nickname:"mycomputer.uib.no"
Mode:Managed Frequency:2.412GHz Access Point: 00:07:85:92:22:75

Bit Rate:11Mb/s Tx-Power:50 dBm Sensitivity=0/3

Retry:off RTS thr:off Fragment thr:off
Encryption key:569A-C02F-A312-A56B-2C1A-75FD-A277-BE1C Security mode:restricted
Power Management:off
Link Quality:25/94 Signal level:-70 dBm Noise level:-95 dBm
Rx invalid nwid:7003 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:3

Run dhclient ath0 to receive an IP address from the DHCP server.

We use Cybertrust Educational CA, normaly there is no need for the CA Certificate, but you can download it here : http://secure.globalsign.net/cacert/sureserverEDU.pem