LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Reply
 
Search this Thread
Old 04-06-2008, 10:50 AM   #1
huberbauer
LQ Newbie
 
Registered: Apr 2008
Posts: 2

Rep: Reputation: 0
Question WlanConnection - WPA2-EAP(PEAP;MSCHAPv2) How to configure?


Hi,
after a long way i finaly made my 4965 card work with my Debian and kernel 2.6.24-1 (64-bit). I can connect to WEP WLAN without problems.
Now i want to configure my card for our companys WLAN. We have Domain authentication. I already could get the WPA2 config running with my old labtop with Suse 10.3. With Suse it was relatively easy with Knetworkmanager. Now with Debian i have to get this crap running by hand because the Networkmanager installation i tried under gnome does not work... I have an Networkmanager Icon under gnome but it can not find any card...

So can anybode give me a clue how i can configure my debian by hand for authentication with a WPA2 Enterprise WLAN which is EAP based and needs Windows Domain User Authentication (PEAP and MSCHAPv2).

Thanks in advance.

Huberbauer
 
Old 04-06-2008, 11:49 AM   #2
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
You need to install a program called wpa_supplicant. Either use apt-get or aptitude to install it. I don't know if it works with the GUI programs, but at a command line I can (and have) authenticated wirelessly with most every type of wpa encryption, including PEAP.

Peace,
JimBass
 
Old 04-06-2008, 03:39 PM   #3
Madone_SL_5.5
Member
 
Registered: Oct 2006
Location: Ogden, Utah
Distribution: Fedora 10
Posts: 66

Rep: Reputation: 15
I have struggled with using wpa_supplicant myself, trying to connect to just such a network. For the benefit of all those who know as little as I do, is there a how-to tutorial about using wpa_supplicant anywhere? That would be great.
 
Old 04-07-2008, 06:10 AM   #4
huberbauer
LQ Newbie
 
Registered: Apr 2008
Posts: 2

Original Poster
Rep: Reputation: 0
Hi,
i have installed wpa_supplicant but i am not shure if i configured it correctly. Hopefully someone can help me with this part.
My wpa_supplicant file looks like this:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="WirelessLANSSID"
proto=WPA
pairwise=CCMP TKIP
group=CCMP TKIP
key_mgmt=WPA-EAP
eap=PEAP TTLS TLS
identity="DOMAIN\USERNAME"
password="PASSWORD"
phase2="auth=MSCHAPv2"
}



My /etc/network/interfaces file i have modified too like this:

auto wlan0
iface wlan0 inet dhcp
wpa-ssid WirelessLANSSID
pre-up wpa_supplicant -Bw -Dmadwifi -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
post-down killall -q wpa_supplicant


i have also tried -Dwext option but this does not work too.
The modules for madwifi are loaded correct and the iwl4965 module too. i can see the network in kismet for example but i dont know how i have to configure the files correctly.

Thanks
 
Old 04-08-2008, 11:48 AM   #5
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 48
You have a few problems in there. You shouldn't have 2 files controlling one thing, and in this case you do have that, possibly causing a problem as the /etc/wpa_supplicant/wpa_supplicant.conf file fights with the /etc/network/interfaces file. I also think you have way too much going on in your wpa.supplicant.conf file, and bet you'll get better results by trimming it down.

First off, don't put anything about a particular ssid in your /etc/network/interfaces file. That file effects your interface all the time, so with the ssid wrapped in there, you'll never be able to authenticate at a coffee shop or wifi hotspot. I'd make that file look like this for the wireless card:

Code:
auto wlan0
iface wlan0 inet dhcp
With that cleaned out, lets compare our wpa_supplicant.conf files - yours:

Code:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="WirelessLANSSID"
proto=WPA
pairwise=CCMP TKIP
group=CCMP TKIP
key_mgmt=WPA-EAP
eap=PEAP TTLS TLS
identity="DOMAIN\USERNAME"
password="PASSWORD"
phase2="auth=MSCHAPv2"
and mine:

Code:
jim@jimsworktop:~$ cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant

### Example of basic WPA-PSK secured AP
network={
    ssid="myssid"
    psk="mypassword"
}
That authenticates against a wpa2 network without issue on my system. I'm going to suggest you trim down to the bare minimum, and then add things in piece by piece as necessary. Here's how I would start:

Code:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
network={
ssid="WirelessLANSSID
key_mgmt=WPA-EAP
eap=PEAP TTLS TLS
identity="DOMAIN\USERNAME"
password="PASSWORD"
phase2="auth=MSCHAPv2"
}
You may not need the key_mgmt, eap, or phase2 lines either. Then we've got to get this running on the terminal, and that also should spit errors that the GUI sometimes isn't so easy to spot.

You do need to call wpa_supplicant with -Dmadwifi for your setup, wext would be if your card worked with just the kernel and firmware, basically without madwifi.

So here are some commands:

Code:
ifdown wlan0
wpa_supplicant -iwlan0 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.conf 
(watch the output (not backgrounded) then when it completes, open a 2nd tab or terminal)
ifup wlan0
If the wpa_supplicant line doesn't complete the handshake, add more junk in. I no longer provide support for the place where I did PEAP wireless auth, but it was a simple file like mine, maybe one or 2 additional options, not 12 of them though.

Please post back with problems.

Peace,
JimBass
 
Old 10-02-2014, 06:40 AM   #6
pjbracer1
LQ Newbie
 
Registered: Oct 2014
Posts: 1

Rep: Reputation: Disabled
Unhappy Raspberry PI Wpa_supplicant with AES PEAP and AD username authentication

Hi All newb here!

I know this post is old but I am struggling to find answers so Im giving in and asking!

I am trying to get a raspberry pi using WPA_supplicant to work on an enterprise network using the following settings

network = {
ssid="*********"
scan_ssid=1
proto=RSN I think this is required (robust secure network) for the AES side of things so leave it in?
key_mgmt=WPA-EAP Not Sure if this should be WPA-PSK (so worth trying both)
pairwise=TKIP
group=TKIP
eap=PEAP
identity="domain\username" Again not sure if this needs to have the domain split out in a separate line or try the “ithsu002@nt1000”
password="*******"
ca_cert="/etc/cert/ca.pem" Not sure if this needs to be here they use certificates on other devices but not for these
phase1="peapver=0"
phase2="MSCHAPV2"
}

This is a remote site so it makes it all the more tricky to test the settings

The normal network settings are

SSID
WIFI password
WPA2
AES
Domain and user name

I have been trying to get the set up correct prior to sending the item to site but cant test it first and I have looked around and cant see anywhere that explains what each setting is, what is does, and the meanings, I can get it to work with a normal wpa2 wifi network and the device work fine with CAT5 but the application of where it needs to go there is only wifi possible.

Many thanks in advance

Paul
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Network set to use eap-mschapv2 kkjaergaard Linux - Networking 1 03-24-2009 03:55 PM
Setting up WPA-Supplicant and PEAP,MSCHAPV2 metallica1973 Linux - Wireless Networking 14 07-09-2008 05:36 PM
WPA_Supplicant and MSCHAPv2/PEAP Authentication Connection Issues metallica1973 Linux - Wireless Networking 1 07-07-2008 01:39 AM
How to use xsupplicant, wpa_supplicant for wpa/tkip/peap-mschapv2 weeds84 Linux - Wireless Networking 2 03-13-2005 05:17 AM
802.1x, Radius, MSChapv2, PEAP Micah Linux - Wireless Networking 10 11-05-2004 01:10 PM


All times are GMT -5. The time now is 11:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration