WIRELESS

Eduroam – Connect wpa_supplicant

Below is the ‘network’ section of wpa_supplicant.conf required to connect to eduroam. The invocation of wpa_suppicant is distribution dependent and outside of the scope of this page – see man wpa_supplicant on your computer for details. You will also need to ensure you have a suitable DHCP client running. If you use WICD, please refer to the bottom of the page.

network={
	# --- MUST CONFIGURE THE FOLLOWING THREE OPTIONS --

	# The 'identity' is the username actually used for authentication.
	# This must be your Bristol username, all lowercase.
        identity="ab1234"

	# Your normal Bristol password (so make sure the permissions on
	# your wpa_supplicant config file are not world readable!)
        password="myUOBpassword"

	# CA cert from here:
	# https://www.wireless.bris.ac.uk/certs/is-cacert.crt
	# Change the path to where you downloaded the file
        ca_cert="/etc/cert/is-cacert.crt"

	# --- ONLY CHANGE BELOW IF YOU ARE NOT A MEMBER --
	# --- OF THE UNIVERSITY OF BRISTOL, UK          --

	# Bristol supports PEAP and TTLS.
        eap=PEAP TTLS

	# The 'anonymous_identity' is the identity used for routing
	# the authentication to Bristol. It must end with '@bris.ac.uk'
	# or '@bristol.ac.uk'. It must be all lowercase. If you have 
	# anything preceding the @ it must be all lowercase letters or 
	# a hyphen (no spaces, punctuation etc) 
	# e.g. "wireless-user@bristol.ac.uk" would be ok
        anonymous_identity="@bristol.ac.uk"

	# Bristol use MS-CHAPv2 as the inner authentication scheme,
	# with the traditional label
	phase1="peaplabel=0"
	phase2="auth=MSCHAPV2"

	# Set priority to a big number
	priority=999

	# --- DONT CHANGE THE REST OF THIS BLOCK --

	# Enable this network block
	disabled=0

	# eduroam please
        ssid="eduroam"

	# SSID should be broadcast, so don't scan.
	scan_ssid=0

	# Infrastructure mode
	mode=0

	# WPA/WPA2 require OPEN
	auth_alg=OPEN

	# WPA and WPA2 (RSN) are both used for eduroam 
	# (depending on which organisation you are at)
	# In the future 'WPA' can be removed (WPA2 only).
	proto=WPA RSN

	# CCMP (AES) is stronger, but some organisations use TKIP.
	# In the future 'TKIP' can be removed.
	pairwise=CCMP TKIP

	# Use EAP
        key_mgmt=WPA-EAP

	# Use PMKSA caching
        proactive_key_caching=1

}

Setting up WICD

To use WICD, you need to create a suitable template and then activate it.

1. Create the template by copying the below in to a new file in your WICD encryption templates directory e.g. /etc/wicd/encryption/templates/bristol-eduroam

name = Bristol-Eduroam
author = Bristol Wireless Team
version = 1
require bristol_username *Bristol_Username bristol_password *Bristol_Password ca_cert *Path_to_CA_Cert
-----
ctrl_interface=/var/run/wpa_supplicant
network={
        ssid="$_ESSID"
        scan_ssid=$_SCAN
        key_mgmt=WPA-EAP
        proto=WPA RSN
        pairwise=CCMP TKIP
        group=CCMP TKIP
        eap=TTLS
        identity="$_BRISTOL_USERNAME"
        password="$_BRISTOL_PASSWORD"
        anonymous_identity="@bristol.ac.uk"
        ca_cert="$_CA_CERT"
        phase2="auth=MSCHAPV2"
}

2. Activate the profile by adding the name of the template file bristol-eduroam to the list in the active templates file: /etc/wicd/encryption/templates/active

3. When connecting using WICD, be sure to select the Bristol-Eduroam template. The Path to CA Cert field should be the location of the Bristol CA Certificate file on your computer. You can get the Bristol CA Certificate file from: https://www.wireless.bris.ac.uk/certs/is-cacert.crt

IPv6 ready!
38.107.179.223 at 14:28, 16 May 12