After some fidgeting I got this to work and would like to share it with you, for any others who might be struggling with this.
Disclaimer:
All these instructions work for Lucid Puppy 5.2.5. I have not tested them with other versions.
I am not a (Puppy) Linux expert at all. This guide came to be through much trial and error, with the emphasis on error. With this guide, I hope to save new users time by sharing what works for me.
You can ask questions if it doesn't work, but I can't promise you that I can help.
It is likely that this guide contains errors, or superfluous instructions. Feel free to point them out, so can I optimise this guide and learn a thing or two at the same time ! More advanced users can help us out by answering the questions located at the bottom of this post. Thanks!
eduroam
eduroam (education roaming) is a secure international roaming service for users in Higher Education. [...] Participating institutions are typically universities and other research and educational organisations. eduroam allows a user belonging to one institution to get network access when visiting another institution. [...] The visiting user is authenticated using the same credentials (username and password) that they would at their home institution.
From https://secure.wikimedia.org/wikipedia/en/wiki/Eduroam
eduroam is basically a WPA2 enterprise network, encrypted with AES. It uses the TTLS protocol. This short guide should work for different protocols as well, however.
How-to:
Step 1: preparation
The Network wizard GUI doesn't offer us the options needed for an AES/TTLS connection. In order to get eduroam to work, we need to make a custom *.config file for wpa_supplicant.
Open up Geany (or your favourite editor) and type:
Code: Select all
#ctrl_interface=/var/run/wpa_supplicant
#ap_scan=1
#update_config=1
network={
ssid="eduroam"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
anonymous_identity="1. Anonymous identity"
identity="2. Identity"
password="3. Password"
phase2="auth=PAP"
ca_cert="4. Path to certificate"
priority=2
}
First, save this file to /etc/network-wizard/wireless/wpa_profiles, as eduroam.conf .
As you can see, there are four things you have to fill out yourself.
1. Anonymous identity. Your institution should be able to tell you this. Mostly it's anonymous@<institution name>.<com/eu/etc.>.
2. Identity. Your login name. This is probably similar to what you use to login to the online environment of your institution (such as blackboard, email). If you don't know what you should enter here, ask your institution.
3. Password. This is the password associated with your identity.
4. Path to where your certificate is located. We'll deal with that now.
As far as I know, a certificate is not mandatory for eduroam to work, but it does make it safer. First, check with your institution if they have a certificate of their own (they should). If they don't, I have included the one from my institution below the instructions.
- Create a new directory in /etc called certificate.
- Copy and paste the certificate into a new file in your editor, and save it as certificate.der in /etc/certificate
This is the certificate my institution provided. I don't know whether it'll work for you, but you can always try:
Code: Select all
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
Code: Select all
ca_cert="/etc/certificate/certificate.der"
Step 2: execution
Now you should be good to go. Make sure your wifi is turned on, that you're disconnected from any networks and that you're in an eduroam zone.
1. Start up a terminal window (Start button -> Utility -> Urxvt terminal emulator).
2. Enter the following line:
Code: Select all
wpa_supplicant -Dwext -i eth0 -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf -B
- wpa_supplicant: the tool that we use to connect to the internet.
- -Dwext: this is the driver that wpa_supplicant uses for your wifi-adapter. '-D' determines the network driver to use. In this case, we're using the driver wext.
You might need to change this! If it doesn't work, you can try -Dmadwifi or -Dndiswrapper, which are two other drivers. If those don't work, look up your driver here (thanks tempestuous!): http://www.murga-linux.com/puppy/viewto ... 336#159336 - -i eth0: here we specify the interface of the network adapter to use.
You might need to change this! The name of your network adapter can change on a per boot basis (it does for me). Check by entering the command iwconfig. This will list your network adapters. [Question for the advanced users, see below under 'Questions'!] - -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf: here we tell wpa_supplicant where to find the correct config file to use. This is the file we created in step 1.
- -B: this will send the process to the background once it's running. Important: because wpa_supplicant is backgrounded, it won't output any errors it might encounter. Therefore, I recommend that you don't include it until you're sure it's running fine. First couple of times, try it without the -B option.
Wpa_supplicant might give you some errors (for instance, it tells me that the association with driver fails), but it should work. [Question for the advanced users, see below under 'Questions'!]
Look for the command that says that EAP authentication is successful. Wpa_supplicant should output somewhere between 15-30 lines of code. If it continues to try and authenticate/associate, something is wrong. Remember, you can force it to quit using ctrl + C !
If you didn't include the -B option in the line, the ongoing process of wpa_supplicant will occupy this terminal window, making it unusable until the process is stopped. After executing this command, don't close this terminal window. Minimise it and leave it alone.
3. Now that we're associated with eduroam, we need to ask it for an IP-address. Open up a new terminal window and type:
Code: Select all
dhcpcd
Questions/Remarks
Questions:
- Are the three lines at the beginning of the *.config files (preceded by the hash-sign) necessary?
- [SOLVED] Can I use the option '-B' to run wpa_supplicant in the background?
Yes. This post gave me the answer: http://www.murga-linux.com/puppy/viewto ... 669#216669
- Why does wpa_supplicant give me the error that the association with the driver failed?
- Why does the interface name of my wifi-adapter and my ethernet adapter switch around? Sometimes eth0 is ethernet, and eth1 is wifi, while the next boot it can be the other way round!
---------------
I hope this helps you guys out. If there is any trouble, ask your questions here or on the forums. Good luck!
~Qopzeep