Eduroam configuration in /Linux/BSD: wpa supplicant: Difference between revisions
(Created page with '= Unix/Linux/BSD: wpa_supplicant = It is important that you have in place the latest version of firmware and driver for your wireless card and that your firmware supports TKIP e...') |
(updated: brukernavn@student.uib.no => username@uib.no (student domain decommissioned from December 16 2017)) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
[[image:eduroam_logo.gif]] | |||
'''For setup in newer versions of Linux and client run Linux please see: [[Eduroam for Linux]]''' | |||
It is important that you have in place the latest version of firmware and driver for your wireless card and that your firmware supports TKIP encryption or better. Some drivers also has a problem with connecting to access points that does not broadcast it's SSID. Be sure to apply any available patches. | It is important that you have in place the latest version of firmware and driver for your wireless card and that your firmware supports TKIP encryption or better. Some drivers also has a problem with connecting to access points that does not broadcast it's SSID. Be sure to apply any available patches. | ||
Line 46: | Line 55: | ||
key_mgmt=WPA-EAP | key_mgmt=WPA-EAP | ||
eap=TTLS | eap=TTLS | ||
identity=" | identity="username@uib.no" | ||
password="password" | password="password" | ||
phase1="peaplabel=0" | phase1="peaplabel=0" | ||
Line 78: | Line 87: | ||
We use Cybertrust Educational CA, normaly there is no need for the CA Certificate, but you can download it here : [http://secure.globalsign.net/cacert/sureserverEDU.pem http://secure.globalsign.net/cacert/sureserverEDU.pem] | We use Cybertrust Educational CA, normaly there is no need for the CA Certificate, but you can download it here : [http://secure.globalsign.net/cacert/sureserverEDU.pem http://secure.globalsign.net/cacert/sureserverEDU.pem] | ||
[[Category:Eduroam]] |
Latest revision as of 14:32, 14 December 2017
For setup in newer versions of Linux and client run Linux please see: Eduroam for Linux
It is important that you have in place the latest version of firmware and driver for your wireless card and that your firmware supports TKIP encryption or better. Some drivers also has a problem with connecting to access points that does not broadcast it's SSID. Be sure to apply any available patches.
wpa_supplicant can be downloaded here.
Be sure to read the README file as it explains about the support in various drivers.
Before the wpa_supplicant can be compiled, you must have 'yes' on the following options in the .config file:
CONFIG_IEEE8021X_EAPOL=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_TLS=y CONFIG_EAP_PEAP=y CONFIG_EAP_TTLS=y
It is strictly only necessary to have TLS, PEAP or TTLS (depending on what your institution uses) but the others might prove useful to have at a later time. For TLS you also need a user's certificate.
You also need to define what driver you are using. For example the MAD WiFi driver:
CONFIG_DRIVER_MADWIFI=y
Then there is
make
before you install with
cp wpa_cli wpa_supplicant /usr/local/bin
...or somewhere else you prefer.
With your favorite editor edit
/etc/wpa_supplicant.conf
so that it contains the following (using TTLS):
ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=root network={ ssid="eduroam" scan_ssid=1 key_mgmt=WPA-EAP eap=TTLS identity="username@uib.no" password="password" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } ctrl_interface=/var/run/wpa_supplicant Modify user name, password and certificate name to what is applicable at your institution. Start wpa_supplicant like this: ''wpa_supplicant -D madwifi -c /etc/wpa_supplicant.conf -d -i ath0''
iwconfig should then be able to give you an output like this:
ath0 IEEE 802.11b ESSID:"eduroam" Nickname:"mycomputer.uib.no" Mode:Managed Frequency:2.412GHz Access Point: 00:07:85:92:22:75 Bit Rate:11Mb/s Tx-Power:50 dBm Sensitivity=0/3 Retry:off RTS thr:off Fragment thr:off Encryption key:569A-C02F-A312-A56B-2C1A-75FD-A277-BE1C Security mode:restricted Power Management:off Link Quality:25/94 Signal level:-70 dBm Noise level:-95 dBm Rx invalid nwid:7003 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:3
Run dhclient ath0 to receive an IP address from the DHCP server.
We use Cybertrust Educational CA, normaly there is no need for the CA Certificate, but you can download it here : http://secure.globalsign.net/cacert/sureserverEDU.pem