====== Setup of the UNIBZ Wireless LAN for Linux WPA ======

Security used within the WLAN Network: 	WPA/WPA2 + PEAP + MSCHAPv2

  * Wireless Network SSID: **ScientificNetworkSouthTyrol**
  * Security: **WPA/WPA 2 Enterprise**
  * Authentication: **Protected EAP (PEAP)**
  * Inner Authentication: **MSCHAPv2**
  * Certificate: **NONE**
  * Username: **<unibz-login>**
  * Password: **<unibz-password>**
  * IP Address: **Automatic (DHCP)**

===== 
Pre-requisites =====

  * Drivers for your Wireless Adapter and Requirements, installed and configured.

   - Intel PRO/Wireless 2100 802.11b (Centrino) http://ipw2100.sourceforge.net/
   - Intel PRO/Wireless 2200 802.11g and 2915 802.11ag (Centrino) http://ipw2200.sourceforge.net/
   - Intersil PrismII driver with HostAP mode http://hostap.epitest.fi/
   - Atheros MADWiFi driver (most cards with 802.11a or 108 Mb/s) http://madwifi.org/
   - WLAN Cards using ndiswrapper http://ndiswrapper.sourceforge.net/mediawiki/index.php/Main_Page

  * Linux Software for the Authentication: [[http://hostap.epitest.fi/wpa_supplicant/|wpa_supplicant]]. It is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i/RSN) 

  * A good Networkanager GUI and front-end of wpa_supplicant is [[http://www.gnome.org/projects/NetworkManager/|NetworKManager]]. A list of [[https://wiki.gnome.org/Projects/NetworkManager/Hardware|Supported Wireless Cards & Drivers]] is also available. A wiki about NetworkManager can be found in section [[#Using NetworkManager|Using NetworkManager]]

Other Wireless LAN resources for Linux can be found here [[http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/]]

=====
 (K)(X)Ubuntu 9.10 Using NetworkManager =====

{{:public:scientificnetworksouthtyrol-wireless.png|Wireless}}
{{:public:scientificnetworksouthtyrol-wireless_security.png|Wireless Security}}
{{:public:scientificnetworksouthtyrol-ip_address.png|IP Address}}

Links:

[[https://help.ubuntu.com/community/WifiDocs/WPAHowTo|NetworkManager Howto]]

=====
= (K)(X)Ubuntu < 9.10 Manually ======

===== Installing wpa_supplicant =====

1. apt-get install wpa_supplicant

2. Configure /etc/wpa_supplicant.conf

Download {{public:AddTrust_External_Root.pem|AddTrust_External_Root.pem}} Certificate if you do not have it!

less /etc/wpa_supplicant.conf

<code>
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1

network={
        disabled=0
        ssid="ScientificNetworkSouthTyrol"
        proto=WPA
        key_mgmt=WPA-EAP
        auth_alg=OPEN
        eap=PEAP
        identity="unibzlogin@unibz.it"
        password="unibzpassword"
        ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
        phase1="peaplabel=0 peapver=0"
        phase2="auth=MSCHAPV2"
        priority=10
}
</code>

3. Bring Interface (eth1/wlan, etc.) up

  sudo ifconfig eth1 up

4. Start wpa_supplicant

   sudo wpa_supplicant -D wext -i eth1 -c /etc/wpa_supplicant.conf

5. Get an IP Address

   sudo dhclient3 eth1


====== Configuration for Wired Authentication 802.1x (Cable) ======

This is the same Authentication Method as Wireless, but here we\\
use an Ethernet cable.

===== Using Network Manager =====

Try this first if you are using a Ubuntu => 11.10.

Network Manager has the ability to be configured for 802.1x Authentication.

Basic steps:

  * Click on the Network Symbol (2 Arrows) in the upper right task-bar (either with left/right mouse click)
  * Edit Connections... in Network Manager
  * In the first Tab: Wired press Add Button
  * Fill out Connection name: <hostel>
  * Go to 2nd tab 802.1X Security, tick: Use 802.1X security for this connection
  * Authentication: Protected EAP (PEAP)
  * CA certificate: AddTrust_External_Root.pem (located in /etc/ssl/certs/AddTrust_External_Root.pem)
  * PEAP version: Automatic
  * Inner authentication: MSCHAPv2
  * Username: <your-unibz-login>
  * Password: <your-unibz-password>
  * Save...
  * Click again on the Network Symbol and select the newly create Connection

{{:public:nm_802-1x_1.png?direct&200|Network Manager}}
{{:public:nm_802-1x_2.png?direct&200|Add Connection}}
{{:public:nm_802-1x_3.png?direct&200|Configure}}
{{:public:nm_802-1x_4.png?direct&200|Select newly create Connection}}


===== Manual Configuration =====

For the more "experienced" users!!


Make sure you have installed wpasupplicant and wpagui

   sudo apt-get install wpa_supplicant wpa_gui

Edit the configuration file: /etc/wpasupplicant/wpa_supplicant.conf

   vi /etc/wpa_supplicant/wpa_supplicant.conf

<code>
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=0
fast_reauth=1

network={
        eap=PEAP
        eapol_flags=0
        phase1="peaplabel=0"
        phase2="auth=MSCHAPV2"
        priority=10
        key_mgmt=IEEE8021X
        auth_alg=OPEN
}
</code>

Now execute the following commands:

Starts wpa_supplicant with wired driver (-D wired) and in daemon mode (-B)
   * sudo wpa_supplicant -D wired -c /etc/wpa_supplicant/wpa_supplicant.conf -i eth0 -B

Start wpa_gui to enter username and password
   * sudo wpa_gui
   * Login with username@unibz.it and password
Get an IP Address
   * sudo dhclient3 eth0

 --- //[[kohofer@unibz.it|kohofer]] 2010/02/22 14:38//