Thursday, 26 November 2009

Getting eduroam to work with wpa_supplicant

Having spent some not inconsiderable time trying to get my Linux based laptop to connect to the eduroam wireless network at Lancaster University I thought the nice thing to do would be to share my toils with the world. There were various other blogs and the such I drew inspiration from, but no one provided a total solution.

Now if you are using a desktop manager like Gnome or KDE the built in network-manager should do most of the magic for you, however if you want a minimal setup without relying on gui tools this may be useful to you. I use a Debian derivative on my laptop as it has better hardware support for the wireless (intel 5100). I'll assume you have the necessary packages installed as that is outside the scope of this discussion (otherwise the Debian Wiki may be a good place to start).

First off you'll need a wpa_supplicant configuration file, "/etc/wpa_supplicant/eduroam.conf" would seem to be the logical choice and mine looks just like this:

###############################################
# eduroam confiuration for Lancaster University
###############################################

ctrl_interface=/var/run/wpa_supplicant

network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
identity="youruniusername@lancs"
password="password"
phase2="auth=MSCHAPV2"
}


Things to note here are the lack of any certificate details. Lancasters certificate can be found on their pages. I however found this unnecessary, although it did work just as well with the suitable certificate params included; which may look a bit like this:

ca_cert="/path/to/certificate/eduroam.crt"


Also note that the the epa is set to TTLS and not TKIP as suggested by lancs ISS.

The last point worth noting is that the identity includes the domain i.e. '@lancs'.

Now all that is left to do is set up the interface to use our configuration, for Debian this is in "/etc/network/interfaces" and mine looks a little like this:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/eduroam.conf


Now bring up your interface and you should be in business!

Other sites I drew inspiration from were:

http://www.lancs.ac.uk/iss/network/winet/eduroam-2.htm
http://www.eduroam.no/klient/linuxwpa.html
http://wiki.debian.org/WiFi/HowToUse#wpasupplicant