eduroam with wpa_supplicant or iwd

wpa_supplicant

Prerequisites

The following configuration is for using eduroam without graphical user interfaces. wpa_supplicant will use a configuration file and the WLAN device will be configured through /etc/network/interfaces (optional).

This has been tested with Ubuntu Linux 14.04 LTS, command-line installation. With other distributions paths and using the package manager / package installation may vary.

In order to use WLAN with WPA on the command line at least the packages wireless-tools and wpa_supplicant must be installed.

To be able to connect to the internet after connecting to eduroam you need an active DHCP client. Please see the documentation of your distribution on how to install and configure a DHCP client.

Configuration

Add the following network block to your wpa_supplcant.conf.

network={
 ssid="eduroam"
 key_mgmt=WPA-EAP
 eap=PEAP
 ca_cert=
 identity=
 altsubject_match="DNS:eduroam.gwdg.de"
 phase2="auth=MSCHAPV2"
 password=
 anonymous_identity="eduroam@gwdg.de"
}

You have to enter the following parameters manually:

  • ca_cert: the T-Telesec Global Root certificate (For Debian and Ubuntu the Path is “/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem”)
  • identity: your username as it can be found here
  • password: the corresponding password.

in order to test the wpa_supplicant it can be launched manually as root by

  wpa_supplicant -i wlan0 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf -d 

“wlan0” is the name of the WLAN device;

If no user name and password is supplied in the wpa_supplicant.conf file, “wpa_cli” must be launched as root on a second terminal to control wpa_supplicant. Enter the following lines to connect to eduroam:

  identity 0 <user@gwdg.de> 
  password 0 <secretpassword> 
  

iwd

Please use the following configuration tempate. Replace the identity and password accordingly. Please note that the path to the certificate may differ by distribution.

[Security]
EAP-Method=PEAP
EAP-Identity=eduroam@gwdg.de
EAP-PEAP-CACert=/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=user-name@uni-goettingen.de
EAP-PEAP-Phase2-Password=password
EAP-PEAP-ServerDomainMask=eduroam.gwdg.de
[Settings]
AutoConnect=True

Take note that - using this configuration - your password is saved in on your system in an unencrypted. You should take the appropriate measures to prevent that from causing any harm (i.e. change the user of the configuration file to root and change the read permissions to root only).

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies