Table of Contents
eduroam with wpa_supplicant or iwd
wpa_supplicant
Prerequisites
The following configuration is for using eduroam without graphical user interfaces. wpa_supplicant will use a configuration file and the WLAN device will be configured through /etc/network/interfaces (optional).
This has been tested with Ubuntu Linux 14.04 LTS, command-line installation. With other distributions paths and using the package manager / package installation may vary.
In order to use WLAN with WPA on the command line at least the packages wireless-tools and wpa_supplicant must be installed.
To be able to connect to the internet after connecting to eduroam you need an active DHCP client. Please see the documentation of your distribution on how to install and configure a DHCP client.
Configuration
Add the following network block to your wpa_supplcant.conf.
network={ ssid="eduroam" key_mgmt=WPA-EAP eap=PEAP ca_cert= identity= altsubject_match="DNS:eduroam.gwdg.de" phase2="auth=MSCHAPV2" password= anonymous_identity="eduroam@gwdg.de" }
You have to enter the following parameters manually:
- ca_cert: the T-Telesec Global Root certificate (For Debian and Ubuntu the Path is “/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem”)
- identity: your username as it can be found here
- password: the corresponding password.
in order to test the wpa_supplicant it can be launched manually as root by
wpa_supplicant -i wlan0 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf -d
“wlan0” is the name of the WLAN device;
If no user name and password is supplied in the wpa_supplicant.conf file, “wpa_cli” must be launched as root on a second terminal to control wpa_supplicant. Enter the following lines to connect to eduroam:
identity 0 <user@gwdg.de> password 0 <secretpassword>
iwd
Please use the following configuration tempate. Replace the identity and password accordingly. Please note that the path to the certificate may differ by distribution.
[Security] EAP-Method=PEAP EAP-Identity=eduroam@gwdg.de EAP-PEAP-CACert=/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem EAP-PEAP-Phase2-Method=MSCHAPV2 EAP-PEAP-Phase2-Identity=user-name@uni-goettingen.de EAP-PEAP-Phase2-Password=password EAP-PEAP-ServerDomainMask=eduroam.gwdg.de
[Settings] AutoConnect=True
Take note that - using this configuration - your password is saved in on your system in an unencrypted. You should take the appropriate measures to prevent that from causing any harm (i.e. change the user of the configuration file to root and change the read permissions to root only).