Skip to main content

Getting eduroam to work with wpa_supplicant

Having spent some not inconsiderable time trying to get my Linux based laptop to connect to the eduroam wireless network at Lancaster University I thought the nice thing to do would be to share my toils with the world. There were various other blogs and the such I drew inspiration from, but no one provided a total solution.

Now if you are using a desktop manager like Gnome or KDE the built in network-manager should do most of the magic for you, however if you want a minimal setup without relying on gui tools this may be useful to you. I use a Debian derivative on my laptop as it has better hardware support for the wireless (intel 5100). I'll assume you have the necessary packages installed as that is outside the scope of this discussion (otherwise the Debian Wiki may be a good place to start).

First off you'll need a wpa_supplicant configuration file, "/etc/wpa_supplicant/eduroam.conf" would seem to be the logical choice and mine looks just like this:

###############################################
# eduroam confiuration for Lancaster University
###############################################

ctrl_interface=/var/run/wpa_supplicant

network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
identity="youruniusername@lancs"
password="password"
phase2="auth=MSCHAPV2"
}


Things to note here are the lack of any certificate details. Lancasters certificate can be found on their pages. I however found this unnecessary, although it did work just as well with the suitable certificate params included; which may look a bit like this:

ca_cert="/path/to/certificate/eduroam.crt"


Also note that the the epa is set to TTLS and not TKIP as suggested by lancs ISS.

The last point worth noting is that the identity includes the domain i.e. '@lancs'.

Now all that is left to do is set up the interface to use our configuration, for Debian this is in "/etc/network/interfaces" and mine looks a little like this:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/eduroam.conf


Now bring up your interface and you should be in business!

Other sites I drew inspiration from were:

http://www.lancs.ac.uk/iss/network/winet/eduroam-2.htm
http://www.eduroam.no/klient/linuxwpa.html
http://wiki.debian.org/WiFi/HowToUse#wpasupplicant

Comments

  1. I've had similar difficulties connecting to the eduroam network, although I'm just using the Network Manager GUI. I've found I can connect to eduroam without the certificate, but not with it.

    http://snorf.net/eduroam/eduroam_nocrt.png <- config
    http://snorf.net/eduroam/eduroam_withoutcrt.txt <- working without cert
    http://snorf.net/eduroam/eduroam_withcrt.txt <- failing with cert

    Running Fedora 12 (2.6.31.12-174.2.22.fc12.i686) on an eeepc 1005ha.

    With the certificate it just seems to be timing out. Is it possible to extend the timeout? Maybe that's all it needs. Otherwise, I am stumped.

    ReplyDelete
  2. 5 Tips About VGO Gambling with No Deposit
    A great way to increase your casino experience is by using 바카라사이트 the VGO casino software. There are plenty of options 온라인카지노 on offer and VGO casinos offer a wide range of options for you.

    ReplyDelete

Post a Comment

Popular posts from this blog

Moodle on Centos or Red Hat 7 (with SELinux!)

Why the need for another 'Installing Moodle' guide? Two reasons, Systemd and SELinux. The steps are presented as a Bash script, which may be run on a virgin system, installing a complete working Moodle stack in one go, including enforcing SELinux. In addition to the absolute basics it also includes adding ClamAV virus for file uploads and Memcached for sessions and 'MUC'. It does not cover any extras you will need to get your site up to production, e.g. securing your database  or updating your virus definitions automatically. Neither does it do any extra PHP configuration (upload limits, execution time etc.) or any extra complexities that might be desirable. For all of this you should goto  docs.moodle.org .

Spawning many VirtualBox machines from a single VDI

What I'm taking about here is a way to have many VirtualBox machines based upon a single hard drive image. There are many reasons why you might like to do this, but the most compelling is probably saving time by not having to install an OS over and over again, especially useful if you do anything like software testing. Our goal is a single vdi (virtual disk) file which contains a vanilla installation of our favourite OS which we can then use to conjure up a fresh new machine in a jiffy. Assuming you already have VirtualBox installed our first step is (maybe for the last time ever!) to install our OS into a new virtual machine. Now I shan't go through this as it's pretty straight forward and if you're reading this it's the sort of thing you have probably done a hundred times before. One thing of note during the initial setup is the 'Virtual Hard Disk' configuration. Be sure to allocate enough space to allow for all potential applications of the image. It wou

Blocking Adverts from the Roku Menu

UPDATE: 18 May 2013 - A new firmware (v5) has changed the way ads are handled on the Roku such that this guide is no longer relevant.  Roku are are a pretty neat little media streaming box but one thing that I think lets them down are the trashy and mostly irrelevant adverts on the home page. Wouldn't it be great if you could get rid of these? The ads are served by the third party ad platform,  ZEDO . You can block the ads from displaying by simply blocking this domain entirely or by being more targeted and blocking the specific sub-domain serving the Roku ads. A TCPDUMP of my Roku shows that the ad images currently come from 'd7.zedo.com' (although this may change). I block them by adding a custom DNS record for this sub-domain to my home router pointing to the loopback address (127.0.0.1). There are or course many other ways you could do this, but the best way will largely depend on your own set-up and resources.