Getting eduroam to work with wpa_supplicant

Having spent some not inconsiderable time trying to get my Linux based laptop to connect to the eduroam wireless network at Lancaster University I thought the nice thing to do would be to share my toils with the world. There were various other blogs and the such I drew inspiration from, but no one provided a total solution.

Now if you are using a desktop manager like Gnome or KDE the built in network-manager should do most of the magic for you, however if you want a minimal setup without relying on gui tools this may be useful to you. I use a Debian derivative on my laptop as it has better hardware support for the wireless (intel 5100). I'll assume you have the necessary packages installed as that is outside the scope of this discussion (otherwise the Debian Wiki may be a good place to start).

First off you'll need a wpa_supplicant configuration file, "/etc/wpa_supplicant/eduroam.conf" would seem to be the logical choice and mine looks just like this:

###############################################
# eduroam confiuration for Lancaster University
###############################################

ctrl_interface=/var/run/wpa_supplicant

network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
identity="youruniusername@lancs"
password="password"
phase2="auth=MSCHAPV2"
}


Things to note here are the lack of any certificate details. Lancasters certificate can be found on their pages. I however found this unnecessary, although it did work just as well with the suitable certificate params included; which may look a bit like this:

ca_cert="/path/to/certificate/eduroam.crt"


Also note that the the epa is set to TTLS and not TKIP as suggested by lancs ISS.

The last point worth noting is that the identity includes the domain i.e. '@lancs'.

Now all that is left to do is set up the interface to use our configuration, for Debian this is in "/etc/network/interfaces" and mine looks a little like this:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/eduroam.conf


Now bring up your interface and you should be in business!

Other sites I drew inspiration from were:

http://www.lancs.ac.uk/iss/network/winet/eduroam-2.htm
http://www.eduroam.no/klient/linuxwpa.html
http://wiki.debian.org/WiFi/HowToUse#wpasupplicant

Comments

  1. I've had similar difficulties connecting to the eduroam network, although I'm just using the Network Manager GUI. I've found I can connect to eduroam without the certificate, but not with it.

    http://snorf.net/eduroam/eduroam_nocrt.png <- config
    http://snorf.net/eduroam/eduroam_withoutcrt.txt <- working without cert
    http://snorf.net/eduroam/eduroam_withcrt.txt <- failing with cert

    Running Fedora 12 (2.6.31.12-174.2.22.fc12.i686) on an eeepc 1005ha.

    With the certificate it just seems to be timing out. Is it possible to extend the timeout? Maybe that's all it needs. Otherwise, I am stumped.

    ReplyDelete

Post a Comment

Popular posts from this blog

Raspberry Pi A2DP Bluetooth Audio Receiver

Moodle on Centos or Red Hat 7 (with SELinux!)

Blocking Adverts from the Roku Menu