adamsgaard.dk

my academic webpage
git clone git://src.adamsgaard.dk/adamsgaard.dk # fast
git clone https://src.adamsgaard.dk/adamsgaard.dk.git # slow
Log | Files | Refs | README | LICENSE Back to index

015-au-eduroam.txt (4845B)

      1 Eduroam is an international Wi-Fi roaming service that provides network
      2 access to university staff and visitors from other universities.
      3 Aarhus University provides instructions on connecting to eduroam via
      4 iOS/Android/Windows/Mac and a Python install script for Linux.  In this
      5 post, I will explain how users of BSD or Linux can set up eduroam
      6 connectivity manually.
      7 
      8 
      9 ## Preparing the system
     10 
     11 First, install wpa_supplicant, which is the only prerequisite.  Your
     12 system might already have it installed for authenticating with ordinary
     13 Wi-Fi networks.  WPA supplicant supports many different authentication
     14 methods, and the configuration must be correct for the connection to
     15 succeed.  On OpenBSD, install and enable the wpa_supplicant daemon with:
     16 
     17 	# pkg_add wpa_supplicant
     18 	# rcctl enable wpa_supplicant
     19 
     20 On Gentoo Linux with OpenRC, the equivalent procedure is:
     21 
     22 	# emerge net-wireless/wpa_supplicant
     23 	# rc-update add wpa_supplicant default
     24 
     25 Next, save the self-signed Aarhus University PEM certificate to the
     26 file /etc/ssl/au-eduroam-cert.pem.  I extracted this key file from the
     27 official Python installer.
     28 
     29 	-----BEGIN CERTIFICATE-----
     30 	MIIFKTCCAxGgAwIBAgIQLOmOuuesHKhIiSJDwYO+mzANBgkqhkiG9w0BAQsFADAn
     31 	MSUwIwYDVQQDExxBYXJodXMgVW5pdmVyc2l0eSBSb290IENBIDAxMB4XDTE3MDUy
     32 	OTEzMDc0MFoXDTM3MDUyOTEzMTczOFowJzElMCMGA1UEAxMcQWFyaHVzIFVuaXZl
     33 	cnNpdHkgUm9vdCBDQSAwMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
     34 	AKDUr/VJncuuucByREHn8w6stgbSs2vhuBC8+2oe9Tbs/XUOfg5p3Z/Yft1smtIC
     35 	4W1hfmohb3BO9S8OWSl3bDahJNDSyzzG5dgLTnGT7M41tu1Kiuwx5UlzpCyFqf/J
     36 	XbuYaTKKVlWzfOH21+/qBAm5PTtomf3x/eCcjpmA0f97QtDXnfHOXv+BmToOSdjo
     37 	JTLq0VNCI1VC4y0ymLs6sSaZU6NGBE8bkB0LcilXH7OcLtNYIBryIFR/40LVch/H
     38 	M5Vjeg1GI1mFqEW3pUBoETJA/lfOWae6yRNBfut+aiFn57NUaG8ILBjK1Dt/uCJF
     39 	5tW4i7MYQdv1J1kNxdaYf948fANcsWMZO/M9zb0ua3q6TbwBmKDiz53pg9hwnUgI
     40 	MYs9HNB6uRzim8+wvYI65g2fBWAX502a9Q7+LDXbg9mUI9lrolUBJzk1Uw1dDoEd
     41 	r4B++7ZGurM1U/WrgPL6K+hW1rhO282djXXABt8MAJdhUu+z6hY5ICrorpy9XKe4
     42 	QO47/TqIK+q+2tXypwu5M6Ki38eTkDpOS6jVDUBekZh99E9mJmP59Z61mR+tc9Ku
     43 	/soVmwx7EgvtYZ4s08IPAJXMg/tV7DxZ5xmHW7HdwMIt5UszUBnZ2b+u7voqg6BJ
     44 	y4DO7YOXEz/f9JK9wGuqbD0VozntiMVBj7chUrbMht/zAgMBAAGjUTBPMAsGA1Ud
     45 	DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQbwmI/AJyVzSmugXig
     46 	FFb+NWisoDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQsFAAOCAgEAZ3tm
     47 	sWH6oAEgo7NX6EWc/64j2ylknSmyOIoQsL6pwKGhNU1e/eEgFh9I/jhLTo0YcOH/
     48 	hUIad06nQtAKVXfHdBdCqG5a7Gxy6FdzBja8kI3OkYCgiJ4jcU4dbxa4OJSZ6lh+
     49 	MHqduxiTnnhutEcNhLxUuzrabf6gxgLaSlxJ6Cksyg8zfkG6Yj1pSoBoqqzDq9bD
     50 	v3vrlZOcT3KAmvR9ERfGzFR87j07Cy89CeCCR1e5VMRWPt4H3EwHDPuqdV9M+GMR
     51 	FgEC+xaTzYUidTVOCg2dIxwbNc8qWQ+hJ1T4lLNy6PvTP931Mpc+M+gmafOl3mRF
     52 	fwQ2BWUy/L9kUzC9eppd2R70akYbSvDWxS/XnhdUUoeoJk+kUgSD/RFmbVqCLTQ2
     53 	5qB2MHV2m1O42pvnWLZCQIV0yRdyDd7fGWMlCwN87vnKm4avSAm3El1vhkDeqrQI
     54 	JNi4x9bWp/UEWaH7zwG0r+iTR6+VdO87MXWzNrLB2iT0E+nFcjhA6w2bZf0E6Ye5
     55 	Sgga4GMNc+sJddtCWoi44MMg9vRNqgjxjCdN0QkXCNxmv6iMvSSthQwX1PPfWdox
     56 	tHzbj47Aqa4+XKeZhS+k1JIBnmKvFaSAKYoUCCo9Zp02qmN/wptGoxHbJwN0APUK
     57 	+jElU2tp7xJDgLDtVZJJfNC9I41/4WFILzaI8jk=
     58 	-----END CERTIFICATE-----
     59 
     60 
     61 ## Option 1: Configuring wpa_supplicant manually
     62 
     63 If your system _does not_ use Network Manager, you must configure
     64 wpa_supplicant directly.  Open (or create)
     65 /etc/wpa_supplicant/wpa_supplicant.conf.  At minimum, it should
     66 contain the following configuration of the eduroam network.  You
     67 can also add other Wi-Fi networks here.
     68 
     69 	ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
     70 	disable_scan_offload=1
     71 	update_config=1
     72 	autoscan=periodic:10
     73 	network={
     74 		ssid="eduroam"
     75 		key_mgmt=WPA-EAP
     76 		eap=TTLS PEAP
     77 		identity="auNNNNNN@uni.au.dk"
     78 		password="YOURPASSWORD"
     79 		ca_cert="/etc/ssl/au-eduroam-cert.pem"
     80 		phase2="auth=MSCHAPV2"
     81 		mesh_fwding=1
     82 		frequency=5200
     83 	}
     84 
     85 The ctrl_interface line may look different on your system.  Make sure
     86 to edit the identity and password values according to your AU ID.
     87 
     88 Next, make sure that other users cannot read the contents of the file:
     89 
     90 	# chown root:root /etc/wpa_supplicant/wpa_supplicant.conf
     91 	# chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf
     92 
     93 On OpenBSD, associate wpa_supplicant with the network interface.  In the
     94 following command, change "iwm0" to your wifi device name:
     95 
     96 	# rcctl set wpa_supplicant flags -c /etc/wpa_supplicant/wpa_supplicant.conf -s -D openbsd -i iwm0
     97 
     98 It is now time to start the wpa_supplicant service:
     99 
    100 	# rcctl start wpa_supplicant		# OpenBSD
    101 	# rc-service wpa_supplicant start	# Gentoo (OpenRC)
    102 
    103 You should now be connected to the Aarhus University eduroam network.
    104 In case of problems, you can stop the wpa_supplicant daemon and manually
    105 launch it with debugging messages enabled (-d):
    106 
    107 	# wpa_supplicant -d -c /etc/wpa_supplicant/wpa_supplicant.conf
    108 
    109 
    110 ## Option 2: Using Network Manager
    111 
    112 If your system uses Network Manager to configure networking, connect to
    113 the eduroam wifi with the following configuration:
    114 
    115 	gopher://adamsgaard.dk/I/tmp/eduroam-network-manager.png