Eduroam – Connect wpa_supplicant

Below is the ‘network’ section of wpa_supplicant.conf required to connect to eduroam. The invocation of wpa_suppicant is distribution dependent and outside of the scope of this page – see man wpa_supplicant on your computer for details. You will also need to ensure you have a suitable DHCP client running. If you use WICD, please refer to the bottom of the page.

network={
	# --- MUST CONFIGURE THE FOLLOWING THREE OPTIONS --

	# The 'identity' is the username actually used for authentication.
	# This must be your Bristol username, all lowercase.
        identity="ab1234"

	# Your normal Bristol password (so make sure the permissions on
	# your wpa_supplicant config file are not world readable!)
        password="myUOBpassword"

	# CA cert from here:
	# https://www.wireless.bris.ac.uk/certs/eaproot/uob-net-ca.crt
	# Change the path to where you downloaded the file
        ca_cert="/etc/certs/uob-net-ca.crt"

	# --- ONLY CHANGE BELOW IF YOU ARE NOT A MEMBER --
	# --- OF THE UNIVERSITY OF BRISTOL, UK          --

	# Bristol supports PEAP and TTLS.
        eap=PEAP TTLS

	# The 'anonymous_identity' is the identity used for routing
	# the authentication to Bristol. It must end with '@bris.ac.uk'
	# or '@bristol.ac.uk'. It must be all lowercase. If you have 
	# anything preceding the @ it must be all lowercase letters or 
	# a hyphen (no spaces, punctuation etc) 
	# e.g. "wireless-user@bristol.ac.uk" would be ok
        anonymous_identity="@bristol.ac.uk"

	# Bristol use MS-CHAPv2 as the inner authentication scheme,
	# with the traditional label
	phase1="peaplabel=0"
	phase2="auth=MSCHAPV2"

	# Set priority to a big number
	priority=999

	# --- DONT CHANGE THE REST OF THIS BLOCK --

	# Enable this network block
	disabled=0

	# eduroam please
        ssid="eduroam"

	# SSID should be broadcast, so don't scan.
	scan_ssid=0

	# Infrastructure mode
	mode=0

	# WPA/WPA2 require OPEN
	auth_alg=OPEN

	# WPA and WPA2 (RSN) are both used for eduroam 
	# (depending on which organisation you are at)
	# In the future 'WPA' can be removed (WPA2 only).
	proto=WPA RSN

	# CCMP (AES) is stronger, but some organisations use TKIP.
	# In the future 'TKIP' can be removed.
	pairwise=CCMP TKIP

	# Use EAP
        key_mgmt=WPA-EAP

	# Use PMKSA caching
        proactive_key_caching=1

}

Setting up WICD

To use WICD, you need to create a suitable template and then activate it.

1. Create the template by copying the below in to a new file in your WICD encryption templates directory e.g. /etc/wicd/encryption/templates/bristol-eduroam

name = Bristol-Eduroam
author = Bristol Wireless Team
version = 1
require bristol_username *Bristol_Username bristol_password *Bristol_Password ca_cert *Path_to_CA_Cert
-----
ctrl_interface=/var/run/wpa_supplicant
network={
        ssid="$_ESSID"
        scan_ssid=$_SCAN
        key_mgmt=WPA-EAP
        proto=WPA RSN
        pairwise=CCMP TKIP
        group=CCMP TKIP
        eap=TTLS
        identity="$_BRISTOL_USERNAME"
        password="$_BRISTOL_PASSWORD"
        anonymous_identity="@bristol.ac.uk"
        ca_cert="$_CA_CERT"
        phase2="auth=MSCHAPV2"
}

2. Activate the profile by adding the name of the template file bristol-eduroam to the list in the active templates file: /etc/wicd/encryption/templates/active

3. When connecting using WICD, be sure to select the Bristol-Eduroam template. The Path to CA Cert field should be the location of the Bristol Net CA Certificate file on your computer. You can get the Bristol Net CA Certificate file from:
https://www.wireless.bris.ac.uk/certs/eaproot/uob-net-ca.crt

IPv6 ready!
54.87.123.99 at 21:30, 21 Oct 14