[sllug-members]: Using WPA supplicant on the U of U network
Will Aoki
waoki at waoki.org
Tue Apr 24 19:53:02 MDT 2007
On Tue, Apr 24, 2007 at 04:57:09PM -0600, David J Iannucci wrote:
> I know a guy here on campus who runs Linux on a laptop and claims to
> have this working (with the uconnect network, which is what I think
> we're talking about). In fact I was planning to bug him to explain it to
> me very soon. And he may even be reading this :-) I'll forward on to
> the list any advice I get from him, unless the answers are forthcoming
> before I get around to it...
Yep, I'm reading it. I use an Intel PRO/Wireless 2915ABG MiniPCI card, a
2.6.16 series kernel, and wpasupplicant 0.4.7 backported to Debian 3.1.
The recently-released Debian 4 has moved wpasupplicant configuration
into /etc/network/interfaces, so the following /etc/wpa_supplicant.conf
stanza that I use is technically obsolete:
network={
ssid="uconnect.utah.edu"
key_mgmt=WPA-EAP
eap=TTLS
ca_cert="/etc/ssl/certs/University_of_Utah.pem"
phase2="auth=PAP"
anonymous_identity="my_unid_here at utah.edu"
password="my password here"
}
The three key things to note are that you need to use TTLS with PAP, you
must include the '@utah.edu' after your uNID, and that you need to
install the University's internal certificate authority's certificate.
If you don't have the certificate installed, the supplicant won't know
if it's talking to a real University access point or an imposter and
will refuse to authenticate. There's a link to the certificate from
<http://www.it.utah.edu/services/connected/wireless/clients/index.html>.
Some locations on campus have quirks that you should be aware of.
Wireless access in the library has always been iffy for me, even before
uconnect - some of the access points there work fine, and others never
work. The wireless network in OSH and perhaps elsewhere blocks DNS
requests going off campus, so make sure that your computer is set up to
obtain its list of DNS servers via DHCP. If you've got 'em hardcoded,
then you may encounter problems. You might also have DNS lookup problems
due to a long-standing bug in Mozilla that can cause it to not notice
changes to /etc/resolv.conf.
If your department is participating in the RADIUS mesh, which lets you
use your departmental userid instead of your uNID to log in to the
wireless network, you should be aware that there are several locations
on campus where the wireless access points aren't using the mesh
correctly and you can only authenticate using a uNID @utah.edu.
--
William Aoki waoki at waoki.org KD7YAF
More information about the sllug-members
mailing list