802.1x and wpa_supplicant

My university offers campus wide WiFi secured by a 802.1x connection. They do not support Linux, but did setup a manual for people who want to set it up them selves (please see an automated translation below). My AAO is running Linpus customized with k0ro's script. It seems wpa_supplicant is included with the install, although I can't get it to work after editing the wpa_supplicant.conf file and certificate and executing the given command (changing wlan0 into ath0 and the wpa_supplicant.conf location). The wpa_supplicant log doesn't show any hints, just connect and disconnect..

Would I need to recompile wpa_supplicant with my own .conf compile file? Is it a kernel module? Would I need to recompile the the wifi driver?

Thanks for your help!

Code:

Linux 
Linux hosts can m.b.v. the 802.1x client wpa_supplicant use UvAdraadloos. 

Note: There is no support given to the Linux platform. Comments and / or improvements on the instructions are welcome ([email protected]) 

Below are some indications: 

Step 1: The wpa_supplicant is part of hostap and available at [url]www.sourceforge.net[/url]. 
. 
Step 2: Download Surfnet root certificate: 

Go visit https: / / ca.surfnet.nl: 4430 
Choose CA options 
Scroll to paragraph Save the CA ..... 
Select SURFnet-PCA-root-CA 
Select PEM or DER encoded certificate 

Step 3: Go to the wpa_supplicant dir, and make one. Config according to the instructions. Make sure the. Config in any case 't contains: 

                 CONFIG_WIRELESS_EXTENSION=y 
                 CONFIG_IEEE8021X_EAPOL=y
                 CONFIG_EAP_TTLS=y
                 CONFIG_DRIVER_=y 

Note: Wireless cards with a chipset atheros 
is the interface athX, instead ethX or wlanX. 

Step 4: Compile wpa_supplicant (from the wpa_supplicant dir can be done) 

Step 5: Put the following config lines in / etc / wpa_supplicant.conf 

ctrl_interface = /var/run/wpa_supplicant 
eapol_version = 1 

Network = ( 
         ssid = "uva" 
         scan_ssid = 1 
         key_mgmt = IEEE8021X 
         eap = TTLS 
         anonymous_identity = "[email protected]" 
         phase2 = "auth = PAP" 
         = identity "[email protected]" 
         Password = "secret" 
         ca_cert = "/etc/1x/certs/SURFnet-PCA-Root-CA.pem" 
) 

Step 6: Start with wpa_supplicant 't following command (iwconfig is not necessary!): wpa_supplicant -Bw -c  /etc/wpa_supplicant.conf -i wlan0 

Step 7 (Optional): Set configuration for home (or other hotspots) in the configfile. The wpa_supplicant looking ssid itself from what's happening in the local area and will automatically select the appropriate configuration.

 

I'm not too sure if its the same sort of protocol as WPA2 Enterprise ur talking bout, but I had the exact same problem.

One of the users, IMSancho, wrote up a real good script that installs the latest version of NetworkManager that allows the default linpus OS to connect to WPA2 Enterprise/PEAP/TKI and all that jazz, worked well for me; a few bugs like it not working at home any more (WPA2 personal) but I just deleted the saved settings and connected again fine.

thread here: viewtopic.php?f=34&t=1028

 

Thanks! I'll have a look at it.

 

Thanks for your help, I managed to add the functionality using the how-to.

Next I run into the problem of the networkmanager which doesn't accept .crt CA certificate (PEM of DER-encoded certificate). I have tried converting it to a PEM certificate using openssl:

Code:

openssl x509 -in input.crt -out input.der -outform DER
openssl x509 -in input.der -inform DER -out output.pem -outform PEM
and
openssl x509 -in input.crt -out input.pem -outform PEM

I've also tried to just rename the file.. (.crt into .pem)
But still the log file shows an error when connecting to TTLS.

Code:

OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

When I was using Ubuntu on the AAO the network manager accepted the .crt and it worked flawlessly. Does anyone know how I can have the network manager to accept the .crt or convert it such that it can be used?

Thanks

 

I also had a problem with Linpus' builtin certificates, but I managed to work it out by installing one from Ubuntu. It can be found here http://www.univ-ubs.fr/eduroam/GTE_Cybe ... l_Root.pem . Cope/paste or just save as a .pem-file and make it executable. At least that seems to be what it takes for NetworkManager to realize it's there.