Campus6

Wireless Eduroam Linux Debian (sid) wpasupplicant

Ha az NIIF Root CA-t használjuk

cd /etc/ssl/certs/ wget http://www.ca.niif.hu/Certificates/niif_ca_root_x509.pem ln -sf niif_ca_root_x509.pem openssl x509 -hash -noout -in niif_ca_root_x509.pem.0 }}}

Ha más root CA-t

hasonlóan nyerjük ki a root CA publikus kulcsát

WPA supplicant konfiguráció

Addjuk hozzá az /etc/network/interfaces file-hoz a következőt, úgy hogy az eth2 inteface-t helyetesítsük a megfelelő wireless ethernet eszközzel.

/etc/network/interfaces

allow-hotplug eth2
iface eth2 inet manual
        wpa-driver wext
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

# id_str="eduroam"
iface eduroam inet dhcp

/etc/wpa_supplicant/wpa_supplicant.conf

# Minimal /etc/wpa_supplicant.conf to associate with open
#  access points. Please see
#  /usr/share/doc/wpasupplicant/examples/README.wpa_supplicant.conf.gz
#  for more complete configuration parameters.
#
# Also see the other files in /usr/share/doc/wpasupplicant/examples/ for
#  specific configuration examples.

# path to UNIX socket control interface
ctrl_interface=/var/run/wpa_supplicant

#ap_scan=1
#fast_reauth=1
#WEP104 WEP40
network={
        ssid="eduroam"
        id_str="eduroam"
        eap=TTLS
        identity="misi@niif.hu"
        anonymous_identity="anonymous@niif.hu"
        ca_cert="/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem"
        phase2="auth=PAP"
        group=CCMP TKIP
        pairwise=CCMP TKIP
        key_mgmt=WPA-EAP
        password="jelszó"
        subject_match="/C=HU/O=NIIF CA/OU=NIIFI/CN=radius.ki.niif.hu"
}

Ha nem adjuk meg a jelszót a konfig fájlban, akkor az ifup eth2 után a wpa_cli bekéri tőlünk:

# ifup eth2
# wpa_cli
wpa_cli v0.5.5
Copyright (c) 2004-2006, Jouni Malinen <jkmaline@cc.hut.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.


Selected interface 'eth2'

Interactive mode

<2>CTRL-REQ-PASSWORD-0:Password needed for SSID eduroam
> password 0 jelszó
OK
> <2>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
<2>WPA: Key negotiation completed with 00:19:a9:a7:28:51 [PTK=CCMP GTK=TKIP]
<2>CTRL-EVENT-CONNECTED - Connection to 00:19:a9:a7:28:51 completed (auth) [id=0 id_str=eduroam]
quit

A password a parancs, a 0 a CTRL-REQ-PASSWORD- és a kettőspont közül jött, a jelszó a jelszó. Közben esetleg dzsuvázik a wpa_cli a saját promptjába, ez ne zavarjon bennünket.

Campus6: Wireless_Eduroam_Linux_Debian_wpasupplicant (last edited 2012-01-30 11:16:19 by mohacsi)