Table of Contents
Setup of the UNIBZ Wireless LAN for Linux WPA
| Security used within the WLAN Network: | WPA/WPA2 + PEAP + MSCHAPv2 |
- Wireless Network SSID: ScientificNetworkSouthTyrol
- Security: WPA/WPA 2 Enterprise
- Authentication: Protected EAP (PEAP)
- Inner Authentication: MSCHAPv2
- Certificate: NONE
- Username: <unibz-login>
- Password: <unibz-password>
- IP Address: Automatic (DHCP)
Pre-requisites
- Drivers for your Wireless Adapter and Requirements, installed and configured.
- Intel PRO/Wireless 2100 802.11b (Centrino) http://ipw2100.sourceforge.net/
- Intel PRO/Wireless 2200 802.11g and 2915 802.11ag (Centrino) http://ipw2200.sourceforge.net/
- Intersil PrismII driver with HostAP mode http://hostap.epitest.fi/
- Atheros MADWiFi driver (most cards with 802.11a or 108 Mb/s) http://madwifi.org/
- WLAN Cards using ndiswrapper http://ndiswrapper.sourceforge.net/mediawiki/index.php/Main_Page
- Linux Software for the Authentication: wpa_supplicant. It is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i/RSN)
- A good Networkanager GUI and front-end of wpa_supplicant is NetworKManager. A list of Supported Wireless Cards & Drivers is also available. A wiki about NetworkManager can be found in section Using NetworkManager
Other Wireless LAN resources for Linux can be found here http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/
(K)(X)Ubuntu 9.10 Using NetworkManager
= (K)(X)Ubuntu < 9.10 Manually
Installing wpa_supplicant
1. apt-get install wpa_supplicant
2. Configure /etc/wpa_supplicant.conf
Download AddTrust_External_Root.pem Certificate if you do not have it!
less /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
disabled=0
ssid="ScientificNetworkSouthTyrol"
proto=WPA
key_mgmt=WPA-EAP
auth_alg=OPEN
eap=PEAP
identity="unibzlogin@unibz.it"
password="unibzpassword"
ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
phase1="peaplabel=0 peapver=0"
phase2="auth=MSCHAPV2"
priority=10
}
3. Bring Interface (eth1/wlan, etc.) up
sudo ifconfig eth1 up
4. Start wpa_supplicant
sudo wpa_supplicant -D wext -i eth1 -c /etc/wpa_supplicant.conf
5. Get an IP Address
sudo dhclient3 eth1
Configuration for Wired Authentication 802.1x (Cable)
This is the same Authentication Method as Wireless, but here we
use an Ethernet cable.
Using Network Manager
Try this first if you are using a Ubuntu ⇒ 11.10.
Network Manager has the ability to be configured for 802.1x Authentication.
Basic steps:
- Click on the Network Symbol (2 Arrows) in the upper right task-bar (either with left/right mouse click)
- Edit Connections… in Network Manager
- In the first Tab: Wired press Add Button
- Fill out Connection name: <hostel>
- Go to 2nd tab 802.1X Security, tick: Use 802.1X security for this connection
- Authentication: Protected EAP (PEAP)
- CA certificate: AddTrust_External_Root.pem (located in /etc/ssl/certs/AddTrust_External_Root.pem)
- PEAP version: Automatic
- Inner authentication: MSCHAPv2
- Username: <your-unibz-login>
- Password: <your-unibz-password>
- Save…
- Click again on the Network Symbol and select the newly create Connection
Manual Configuration
For the more “experienced” users!!
Make sure you have installed wpasupplicant and wpagui
sudo apt-get install wpa_supplicant wpa_gui
Edit the configuration file: /etc/wpasupplicant/wpa_supplicant.conf
vi /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=0
fast_reauth=1
network={
eap=PEAP
eapol_flags=0
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
priority=10
key_mgmt=IEEE8021X
auth_alg=OPEN
}
Now execute the following commands:
Starts wpa_supplicant with wired driver (-D wired) and in daemon mode (-B)
- sudo wpa_supplicant -D wired -c /etc/wpa_supplicant/wpa_supplicant.conf -i eth0 -B
Start wpa_gui to enter username and password
- sudo wpa_gui
- Login with username@unibz.it and password
Get an IP Address
- sudo dhclient3 eth0
— kohofer 2010/02/22 14:38