Wireless Eduroam Linux Debian (sid) wpasupplicant
Ha az NIIF Root CA-t használjuk
cd /etc/ssl/certs/ wget http://www.ca.niif.hu/Certificates/niif_ca_root_x509.pem ln -sf niif_ca_root_x509.pem openssl x509 -hash -noout -in niif_ca_root_x509.pem.0 }}}
Ha más root CA-t
hasonlóan nyerjük ki a root CA publikus kulcsát
WPA supplicant konfiguráció
Addjuk hozzá az /etc/network/interfaces file-hoz a következőt, úgy hogy az eth2 inteface-t helyetesítsük a megfelelő wireless ethernet eszközzel.
/etc/network/interfaces
allow-hotplug eth2 iface eth2 inet manual wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf # id_str="eduroam" iface eduroam inet dhcp
/etc/wpa_supplicant/wpa_supplicant.conf
# Minimal /etc/wpa_supplicant.conf to associate with open # access points. Please see # /usr/share/doc/wpasupplicant/examples/README.wpa_supplicant.conf.gz # for more complete configuration parameters. # # Also see the other files in /usr/share/doc/wpasupplicant/examples/ for # specific configuration examples. # path to UNIX socket control interface ctrl_interface=/var/run/wpa_supplicant #ap_scan=1 #fast_reauth=1 #WEP104 WEP40 network={ ssid="eduroam" id_str="eduroam" eap=TTLS identity="misi@niif.hu" anonymous_identity="anonymous@niif.hu" ca_cert="/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem" phase2="auth=PAP" group=CCMP TKIP pairwise=CCMP TKIP key_mgmt=WPA-EAP password="jelszó" subject_match="/C=HU/O=NIIF CA/OU=NIIFI/CN=radius.ki.niif.hu" }
Ha nem adjuk meg a jelszót a konfig fájlban, akkor az ifup eth2 után a wpa_cli bekéri tőlünk:
# ifup eth2 # wpa_cli wpa_cli v0.5.5 Copyright (c) 2004-2006, Jouni Malinen <jkmaline@cc.hut.fi> and contributors This program is free software. You can distribute it and/or modify it under the terms of the GNU General Public License version 2. Alternatively, this software may be distributed under the terms of the BSD license. See README and COPYING for more details. Selected interface 'eth2' Interactive mode <2>CTRL-REQ-PASSWORD-0:Password needed for SSID eduroam > password 0 jelszó OK > <2>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully <2>WPA: Key negotiation completed with 00:19:a9:a7:28:51 [PTK=CCMP GTK=TKIP] <2>CTRL-EVENT-CONNECTED - Connection to 00:19:a9:a7:28:51 completed (auth) [id=0 id_str=eduroam] quit
A password a parancs, a 0 a CTRL-REQ-PASSWORD- és a kettőspont közül jött, a jelszó a jelszó. Közben esetleg dzsuvázik a wpa_cli a saját promptjába, ez ne zavarjon bennünket.