LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Wireless Networking (https://www.linuxquestions.org/questions/linux-wireless-networking-41/)
-   -   WlanConnection - WPA2-EAP(PEAP;MSCHAPv2) How to configure? (https://www.linuxquestions.org/questions/linux-wireless-networking-41/wlanconnection-wpa2-eap-peap%3Bmschapv2-how-to-configure-633456/)

huberbauer 04-06-2008 10:50 AM

WlanConnection - WPA2-EAP(PEAP;MSCHAPv2) How to configure?
 
Hi,
after a long way i finaly made my 4965 card work with my Debian and kernel 2.6.24-1 (64-bit). I can connect to WEP WLAN without problems.
Now i want to configure my card for our companys WLAN. We have Domain authentication. I already could get the WPA2 config running with my old labtop with Suse 10.3. With Suse it was relatively easy with Knetworkmanager. Now with Debian i have to get this crap running by hand because the Networkmanager installation i tried under gnome does not work... I have an Networkmanager Icon under gnome but it can not find any card...

So can anybode give me a clue how i can configure my debian by hand for authentication with a WPA2 Enterprise WLAN which is EAP based and needs Windows Domain User Authentication (PEAP and MSCHAPv2).

Thanks in advance.

Huberbauer

JimBass 04-06-2008 11:49 AM

You need to install a program called wpa_supplicant. Either use apt-get or aptitude to install it. I don't know if it works with the GUI programs, but at a command line I can (and have) authenticated wirelessly with most every type of wpa encryption, including PEAP.

Peace,
JimBass

Madone_SL_5.5 04-06-2008 03:39 PM

I have struggled with using wpa_supplicant myself, trying to connect to just such a network. For the benefit of all those who know as little as I do, is there a how-to tutorial about using wpa_supplicant anywhere? That would be great.

huberbauer 04-07-2008 06:10 AM

Hi,
i have installed wpa_supplicant but i am not shure if i configured it correctly. Hopefully someone can help me with this part.
My wpa_supplicant file looks like this:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="WirelessLANSSID"
proto=WPA
pairwise=CCMP TKIP
group=CCMP TKIP
key_mgmt=WPA-EAP
eap=PEAP TTLS TLS
identity="DOMAIN\USERNAME"
password="PASSWORD"
phase2="auth=MSCHAPv2"
}



My /etc/network/interfaces file i have modified too like this:

auto wlan0
iface wlan0 inet dhcp
wpa-ssid WirelessLANSSID
pre-up wpa_supplicant -Bw -Dmadwifi -iwlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
post-down killall -q wpa_supplicant


i have also tried -Dwext option but this does not work too.
The modules for madwifi are loaded correct and the iwl4965 module too. i can see the network in kismet for example but i dont know how i have to configure the files correctly.

Thanks

JimBass 04-08-2008 11:48 AM

You have a few problems in there. You shouldn't have 2 files controlling one thing, and in this case you do have that, possibly causing a problem as the /etc/wpa_supplicant/wpa_supplicant.conf file fights with the /etc/network/interfaces file. I also think you have way too much going on in your wpa.supplicant.conf file, and bet you'll get better results by trimming it down.

First off, don't put anything about a particular ssid in your /etc/network/interfaces file. That file effects your interface all the time, so with the ssid wrapped in there, you'll never be able to authenticate at a coffee shop or wifi hotspot. I'd make that file look like this for the wireless card:

Code:

auto wlan0
iface wlan0 inet dhcp

With that cleaned out, lets compare our wpa_supplicant.conf files - yours:

Code:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid="WirelessLANSSID"
proto=WPA
pairwise=CCMP TKIP
group=CCMP TKIP
key_mgmt=WPA-EAP
eap=PEAP TTLS TLS
identity="DOMAIN\USERNAME"
password="PASSWORD"
phase2="auth=MSCHAPv2"

and mine:

Code:

jim@jimsworktop:~$ cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant

### Example of basic WPA-PSK secured AP
network={
    ssid="myssid"
    psk="mypassword"
}

That authenticates against a wpa2 network without issue on my system. I'm going to suggest you trim down to the bare minimum, and then add things in piece by piece as necessary. Here's how I would start:

Code:

ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
network={
ssid="WirelessLANSSID
key_mgmt=WPA-EAP
eap=PEAP TTLS TLS
identity="DOMAIN\USERNAME"
password="PASSWORD"
phase2="auth=MSCHAPv2"
}

You may not need the key_mgmt, eap, or phase2 lines either. Then we've got to get this running on the terminal, and that also should spit errors that the GUI sometimes isn't so easy to spot.

You do need to call wpa_supplicant with -Dmadwifi for your setup, wext would be if your card worked with just the kernel and firmware, basically without madwifi.

So here are some commands:

Code:

ifdown wlan0
wpa_supplicant -iwlan0 -Dmadwifi -c/etc/wpa_supplicant/wpa_supplicant.conf
(watch the output (not backgrounded) then when it completes, open a 2nd tab or terminal)
ifup wlan0

If the wpa_supplicant line doesn't complete the handshake, add more junk in. I no longer provide support for the place where I did PEAP wireless auth, but it was a simple file like mine, maybe one or 2 additional options, not 12 of them though.

Please post back with problems.

Peace,
JimBass

pjbracer1 10-02-2014 06:40 AM

Raspberry PI Wpa_supplicant with AES PEAP and AD username authentication
 
Hi All newb here!

I know this post is old but I am struggling to find answers so Im giving in and asking!

I am trying to get a raspberry pi using WPA_supplicant to work on an enterprise network using the following settings

network = {
ssid="*********"
scan_ssid=1
proto=RSN I think this is required (robust secure network) for the AES side of things so leave it in?
key_mgmt=WPA-EAP Not Sure if this should be WPA-PSK (so worth trying both)
pairwise=TKIP
group=TKIP
eap=PEAP
identity="domain\username" Again not sure if this needs to have the domain split out in a separate line or try the “ithsu002@nt1000”
password="*******"
ca_cert="/etc/cert/ca.pem" Not sure if this needs to be here they use certificates on other devices but not for these
phase1="peapver=0"
phase2="MSCHAPV2"
}

This is a remote site so it makes it all the more tricky to test the settings

The normal network settings are

SSID
WIFI password
WPA2
AES
Domain and user name

I have been trying to get the set up correct prior to sending the item to site but cant test it first and I have looked around and cant see anywhere that explains what each setting is, what is does, and the meanings, I can get it to work with a normal wpa2 wifi network and the device work fine with CAT5 but the application of where it needs to go there is only wifi possible.

Many thanks in advance

Paul


All times are GMT -5. The time now is 11:39 AM.