Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 01 Jul 2016, 18:27
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
How to get eduroam / wpa2 enterprise to work with ttls
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [12 Posts]  
Author Message
Qopzeep

Joined: 16 Jul 2011
Posts: 9

PostPosted: Sat 17 Sep 2011, 09:18    Post subject:  How to get eduroam / wpa2 enterprise to work with ttls
Subject description: In Lucid Puppy 525
 

Hi all,

After some fidgeting I got this to work and would like to share it with you, for any others who might be struggling with this.

Disclaimer:
All these instructions work for Lucid Puppy 5.2.5. I have not tested them with other versions.
I am not a (Puppy) Linux expert at all. This guide came to be through much trial and error, with the emphasis on error. With this guide, I hope to save new users time by sharing what works for me.
You can ask questions if it doesn't work, but I can't promise you that I can help.

It is likely that this guide contains errors, or superfluous instructions. Feel free to point them out, so can I optimise this guide and learn a thing or two at the same time Smile! More advanced users can help us out by answering the questions located at the bottom of this post. Thanks!


eduroam
eduroam (education roaming) is a secure international roaming service for users in Higher Education. [...] Participating institutions are typically universities and other research and educational organisations. eduroam allows a user belonging to one institution to get network access when visiting another institution. [...] The visiting user is authenticated using the same credentials (username and password) that they would at their home institution.
From https://secure.wikimedia.org/wikipedia/en/wiki/Eduroam

eduroam is basically a WPA2 enterprise network, encrypted with AES. It uses the TTLS protocol. This short guide should work for different protocols as well, however.

How-to:

Step 1: preparation
The Network wizard GUI doesn't offer us the options needed for an AES/TTLS connection. In order to get eduroam to work, we need to make a custom *.config file for wpa_supplicant.

Open up Geany (or your favourite editor) and type:
Code:

#ctrl_interface=/var/run/wpa_supplicant
#ap_scan=1
#update_config=1

network={
   ssid="eduroam"
   scan_ssid=1
   key_mgmt=WPA-EAP
   eap=TTLS
   anonymous_identity="1. Anonymous identity"
   identity="2. Identity"
   password="3. Password"
   phase2="auth=PAP"
   ca_cert="4. Path to certificate"
   priority=2
}

[Question for the advanced users, see below under 'Questions'!]
First, save this file to /etc/network-wizard/wireless/wpa_profiles, as eduroam.conf .

As you can see, there are four things you have to fill out yourself.
1. Anonymous identity. Your institution should be able to tell you this. Mostly it's anonymous@<institution name>.<com/eu/etc.>.
2. Identity. Your login name. This is probably similar to what you use to login to the online environment of your institution (such as blackboard, email). If you don't know what you should enter here, ask your institution.
3. Password. This is the password associated with your identity.
4. Path to where your certificate is located. We'll deal with that now.

As far as I know, a certificate is not mandatory for eduroam to work, but it does make it safer. First, check with your institution if they have a certificate of their own (they should). If they don't, I have included the one from my institution below the instructions.

- Create a new directory in /etc called certificate.
- Copy and paste the certificate into a new file in your editor, and save it as certificate.der in /etc/certificate

This is the certificate my institution provided. I don't know whether it'll work for you, but you can always try:
Code:
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----


In the eduroam.conf file, enter the path to the newly created certificate:
Code:

ca_cert="/etc/certificate/certificate.der"


Save the config file, and exit.


Step 2: execution
Now you should be good to go. Make sure your wifi is turned on, that you're disconnected from any networks and that you're in an eduroam zone.

1. Start up a terminal window (Start button -> Utility -> Urxvt terminal emulator).

2. Enter the following line:
Code:
wpa_supplicant -Dwext -i eth0 -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf -B

Explanation:
  • wpa_supplicant: the tool that we use to connect to the internet.
  • -Dwext: this is the driver that wpa_supplicant uses for your wifi-adapter. '-D' determines the network driver to use. In this case, we're using the driver wext.
    You might need to change this! If it doesn't work, you can try -Dmadwifi or -Dndiswrapper, which are two other drivers. If those don't work, look up your driver here (thanks tempestuous!): http://www.murga-linux.com/puppy/viewtopic.php?p=159336#159336
  • -i eth0: here we specify the interface of the network adapter to use.
    You might need to change this! The name of your network adapter can change on a per boot basis (it does for me). Check by entering the command iwconfig. This will list your network adapters. [Question for the advanced users, see below under 'Questions'!]
  • -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf: here we tell wpa_supplicant where to find the correct config file to use. This is the file we created in step 1.
  • -B: this will send the process to the background once it's running. Important: because wpa_supplicant is backgrounded, it won't output any errors it might encounter. Therefore, I recommend that you don't include it until you're sure it's running fine. First couple of times, try it without the -B option.


After you've executed that command, wpa_supplicant will start working. You're not connected to the internet yet, though. See step 3 below.

Wpa_supplicant might give you some errors (for instance, it tells me that the association with driver fails), but it should work. [Question for the advanced users, see below under 'Questions'!]

Look for the command that says that EAP authentication is successful. Wpa_supplicant should output somewhere between 15-30 lines of code. If it continues to try and authenticate/associate, something is wrong. Remember, you can force it to quit using ctrl + C !

If you didn't include the -B option in the line, the ongoing process of wpa_supplicant will occupy this terminal window, making it unusable until the process is stopped. After executing this command, don't close this terminal window. Minimise it and leave it alone.

3. Now that we're associated with eduroam, we need to ask it for an IP-address. Open up a new terminal window and type:
Code:
dhcpcd

This command will automatically acquire an IP-address, after which it will fork to the background. If it reports back that it's successful, you should now be able to SURF THE INTERNETS! Very Happy

Questions/Remarks

Questions:
- Are the three lines at the beginning of the *.config files (preceded by the hash-sign) necessary?
- [SOLVED] Can I use the option '-B' to run wpa_supplicant in the background?
Yes. This post gave me the answer: http://www.murga-linux.com/puppy/viewtopic.php?p=216669#216669
- Why does wpa_supplicant give me the error that the association with the driver failed?
- Why does the interface name of my wifi-adapter and my ethernet adapter switch around? Sometimes eth0 is ethernet, and eth1 is wifi, while the next boot it can be the other way round!

---------------

I hope this helps you guys out. If there is any trouble, ask your questions here or on the forums. Good luck!
~Qopzeep
Back to top
View user's profile Send private message 
recobayu


Joined: 15 Sep 2010
Posts: 206
Location: indonesia

PostPosted: Sun 11 Oct 2015, 05:25    Post subject:  

Thanks Qopzeep, this is what i need.
My campus use PEAP. And i just change to eap=PEAP, and it works.
Thank you. Is possible to make a gui and then include that into internet connection wizard?
Back to top
View user's profile Send private message 
stemsee

Joined: 27 Jun 2013
Posts: 1743
Location: In The Way

PostPosted: Sun 11 Oct 2015, 14:23    Post subject:  

I did this a couple weeks ago gives yad gui, when inputting enclose each entry in " " ! Adapt to suit your needs.

see update further down!

Last edited by stemsee on Fri 16 Oct 2015, 07:29; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger 
stemsee

Joined: 27 Jun 2013
Posts: 1743
Location: In The Way

PostPosted: Fri 16 Oct 2015, 07:23    Post subject:  

QopZeek has a typo in his script which will prevent it from working. I have adapted my script to use his method. The script is very reliable and the user data persists. I name the script eduwifi and save in path and make executable. User details are stored in /root/.eduwifi . To use just call in terminal
Code:
eduwifi

This script depends on yad or simply create /root/.eduwifi with user details in a single line
separated by space eg
Code:
eduroam hau46@cambridge.ac.uk PaSsWrD123 wlan0


to remove/reset user details file using term type

Code:
eduwifi reset


eduwifi script

Code:
#!/bin/sh
# Script by stemsee, connects a linux system to dual phase security wifi
# network, and retains details across reboots of last used network.
# Developed on puppy linux which is always root.
if [ "$1" = reset ]; then
rm -f $HOME/.eduwifi
fi
rm -f /tmp/wpa_supplicant.conf
rm -r /var/run/wpa_supplicant/wlan0
killall dhcpcd
sleep 1
if [ -f $HOME/.eduwifi ]; then
input=`cat $HOME/.eduwifi`
else
input=$(yad --width=600 --title "Enter the; network name (space) your id (space) password (space) interface" --entry)
if [ ! -z "$input" ]; then
echo "$input" > $HOME/.eduwifi
else
exit 0
fi
fi
ssid=`echo "$input" | cut -f1 -d ' '`
identity=`echo "$input" | cut -f2 -d ' '`
password=`echo "$input" | cut -f3 -d ' '`
interf=`echo "$input" | cut -f4 -d ' '`
echo "ctrl_interface=/var/run/wpa_supplicant
update_config=1
fast_reauth=1
ap_scan=1

network={
    ssid='$ssid'
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    eap=PEAP
    phase2='auth=MSCHAPV2'
    identity='$identity'
    password='$password'
}
" > /etc/network-wizard/wireless/wpa_profiles/eduroam.conf
cat /etc/network-wizard/wireless/wpa_profiles/eduroam.conf | tr "'" '"' > /etc/network-wizard/wireless/wpa_profiles/eduroam.conf1
mv /etc/network-wizard/wireless/wpa_profiles/eduroam.conf1 /etc/network-wizard/wireless/wpa_profiles/eduroam.conf
wpa_supplicant -Dwext -i "$interf" -c /etc/network-wizard/wireless/wpa_profiles/eduroam.conf -B
sleep 1
dhcpcd -L &
exit 0
Back to top
View user's profile Send private message MSN Messenger 
recobayu


Joined: 15 Sep 2010
Posts: 206
Location: indonesia

PostPosted: Thu 29 Oct 2015, 04:27    Post subject:  

I make a simple tutorial to connect WPA Enterprise 2 PEAP on my blog here:
http://muktyas.blogspot.co.id/2015/10/wpa2-enterprise-di-puppy-linux.html
(in Indonesian language)
Back to top
View user's profile Send private message 
stemsee

Joined: 27 Jun 2013
Posts: 1743
Location: In The Way

PostPosted: Thu 29 Oct 2015, 06:22    Post subject:  

nice tutorial @recobayu

You need to have linux mint installed in order to use its network program to create the config. Better to convert their networking app to work on puppy. Or, hopefully, BK could merge this feature into simple network setup (sns), along with wlanmaker and routermaker options for hotspot options and internet sharing. SNS is really good but not comprehensive enough.
Back to top
View user's profile Send private message MSN Messenger 
recobayu


Joined: 15 Sep 2010
Posts: 206
Location: indonesia

PostPosted: Fri 30 Oct 2015, 05:10    Post subject:  

Thanks stemsee..
But to connect to my campus wifi, I don't need to install linux mint first. I just create my /etc/wpaku.conf that contain this code:
Code:
network={
    ssid="STKIP-Surya"
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="muhammadahsan"
    password="passwordnyaAh54n"
    phase2="auth=PAP"
}

Then I connect using
Code:
wpa_supplicant -Dwext -iwlan0 -c /etc/wpaku.conf

And if it can't connected yet, then I try this code:
Code:
dhcpcd
Back to top
View user's profile Send private message 
stemsee

Joined: 27 Jun 2013
Posts: 1743
Location: In The Way

PostPosted: Fri 18 Mar 2016, 10:48    Post subject:  

Here is a yad gui for connecting to eduroam.

Code:
#!/bin/sh
# Script by stemsee, connects a linux system to dual phase security wifi
# network, and retains details across reboots of last used network.
# Developed on puppy linux which is always root.
# [ /tmp/wpa_supplicant.conf ] && rm -f /tmp/wpa_supplicant.conf
connectfn () {
. $HOME/.eduwifi
echo "ctrl_interface=/var/run/wpa_supplicant
update_config=1
fast_reauth=1
ap_scan=1

network={
    ssid='$ssid'
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    eap=PEAP
    phase2='auth=MSCHAPV2'
    identity='$identity'
    password='$password'" > /etc/network-wizard/wireless/wpa_profiles/eduroam.conf
cat /etc/network-wizard/wireless/wpa_profiles/eduroam.conf | tr "'" '"' > /etc/network-wizard/wireless/wpa_profiles/eduroam.conf1
mv /etc/network-wizard/wireless/wpa_profiles/eduroam.conf1 /etc/network-wizard/wireless/wpa_profiles/eduroam.conf
[[ /var/run/wpa_supplicant/"$interf" ]] && rm -r /var/run/wpa_supplicant/"$interf"
wpa_supplicant -Dwext -i "$interf" -c /etc/network-wizard/wireless/wpa_profiles/eduroam.conf -B
sleep 1
dhcpcd -L &
exit 0
}

killall dhcpcd
sleep 1yt
if [ -e $HOME/.eduwifi ]; then
. $HOME/.eduwifi
input=`yad --title "Eduroam University WiFi Connection Tool:" \
 --text="Your University id:=$identity
 Your University password:=$password
 Interface:=$interf
 Use these settings: yes or no" --entry`
echo $input
fi
reuse=`echo $input | cut -f4 -d '|'`
case $reuse in
   yes) connectfn;;
   no) input=`yad --title "Eduroam University WiFi Connection Tool:" \
--form --field="Your University id:" -text "abc123" -entry \
--field="Your University password" -text "aBcD3210" -entry --field="Interface:" -text "wlan0" -entry`
ssid=eduroam
identity=`echo "$input" | cut -f1 -d '|'`
password=`echo "$input" | cut -f2 -d '|'`
interf=`echo "$input" | cut -f3 -d '|'`
echo "ssid=$ssid
identity=$identity
password=$password
interf=$interf" > $HOME/.eduwifi
connectfn
;;
esac

if [ ! -e $HOME/.eduwifi ]; then
input=`yad --title "Eduroam University WiFi Connection Tool:" \
--form --field="Your University id:" -text "abc123" -entry \
--field="Your University password" -text "aBcD3210" -entry --field="Interface:" -text "wlan0" -entry`
ssid=eduroam
identity=`echo "$input" | cut -f1 -d '|'`
password=`echo "$input" | cut -f2 -d '|'`
interf=`echo "$input" | cut -f3 -d '|'`
echo "ssid=$ssid
identity=$identity
password=$password
interf=$interf" > $HOME/.eduwifi
connectfn
fi
Back to top
View user's profile Send private message MSN Messenger 
rcrsn51


Joined: 05 Sep 2006
Posts: 10876
Location: Stratford, Ontario

PostPosted: Fri 18 Mar 2016, 11:46    Post subject:  

There is nothing special about connecting to an eduroam network. It just needs a modified wpa_supplicant.conf file. PeasyWiFi can already do this in a more flexible user interface.
Back to top
View user's profile Send private message 
starhawk

Joined: 22 Nov 2010
Posts: 4866
Location: Everybody knows this is nowhere...

PostPosted: Fri 18 Mar 2016, 13:48    Post subject:  

@rc -- is PeasyWifi on this forum? If it is, please provide a link to its thread, and make sure the download link is present and functional. Worth noting, you mentioned the utility in a thread of mine a while ago, and I've not been able to find it yet. It certainly doesn't seem to be in the downloads / PETs & Stuff section of the forum.

Alternately, if PeasyWifi is NOT available on the forum, I would ask you to either make it available or stop mentioning it. If I can't find it or I can't download it, it's not relevant to any discussion.

_________________

Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 10876
Location: Stratford, Ontario

PostPosted: Fri 18 Mar 2016, 14:23    Post subject:  

Advanced Topics > Hardware > Networking > Wireless.

It's the sticky thread at the top.

Also from here:
screenie.png
 Description   
 Filesize   37.43 KB
 Viewed   177 Time(s)

screenie.png

Back to top
View user's profile Send private message 
recobayu


Joined: 15 Sep 2010
Posts: 206
Location: indonesia

PostPosted: Wed 08 Jun 2016, 05:03    Post subject:  

I make a Koneksi STKIP-Surya. Look at network. The configuration file in /etc/wpaku.conf.
KSS-2.pet
Description  This small pet works on my campus
pet

 Download 
Filename  KSS-2.pet 
Filesize  996 Bytes 
Downloaded  9 Time(s) 
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [12 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1228s ][ Queries: 13 (0.0105s) ][ GZIP on ]