Differences between revisions 1 and 9 (spanning 8 versions)
Revision 1 as of 2007-04-18 17:02:44
Size: 806
Editor: misi
Comment:
Revision 9 as of 2012-01-30 11:16:19
Size: 2743
Editor: mohacsi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#acl All:read
Line 2: Line 3:
{{{
==== Ha az NIIF Root CA-t használjuk ====
Line 7: Line 9:
Addjuk hozzá az /etc/network/interfaces file-hoz a következőt, úgy hogy az eth2 inteface-t helyetesítsük a megfelelő wireless ethernet eszközzel.
Line 9: Line 10:
==== Ha más root CA-t ====
hasonlóan nyerjük ki a root CA publikus kulcsát


==== WPA supplicant konfiguráció ====

Addjuk hozzá az /etc/network/interfaces file-hoz a következőt, úgy hogy az eth2 inteface-t helyetesítsük a megfelelő wireless ethernet eszközzel.

/etc/network/interfaces
Line 10: Line 20:
auto eth2
iface eth2 inet dhcp
allow-hotplug eth2
iface eth2 inet manual
Line 13: Line 23:
        wpa-ssid eduroam
        wpa-eap TTLS
        wpa-identity misi@niif.hu
        wpa-anonymous_identity anonymous@niif.hu
        wpa-ca_cert /etc/ssl/certs/niif_ca_root_x509.pem
        wpa-phase2 auth=PAP
        wpa-group CCMP TKIP
        wpa-pairwise CCMP TKIP
        wpa-key-mgmt WPA-EAP
        wpa-password jelszo
 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

# id_str="eduroam"
iface eduroam inet dhcp
Line 24: Line 28:

/etc/wpa_supplicant/wpa_supplicant.conf
{{{
# Minimal /etc/wpa_supplicant.conf to associate with open
# access points. Please see
# /usr/share/doc/wpasupplicant/examples/README.wpa_supplicant.conf.gz
# for more complete configuration parameters.
#
# Also see the other files in /usr/share/doc/wpasupplicant/examples/ for
# specific configuration examples.

# path to UNIX socket control interface
ctrl_interface=/var/run/wpa_supplicant

#ap_scan=1
#fast_reauth=1
#WEP104 WEP40
network={
 ssid="eduroam"
     id_str="eduroam"
 eap=TTLS
 identity="misi@niif.hu"
 anonymous_identity="anonymous@niif.hu"
 ca_cert="/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem"
 phase2="auth=PAP"
 group=CCMP TKIP
 pairwise=CCMP TKIP
 key_mgmt=WPA-EAP
 password="jelszó"
        subject_match="/C=HU/O=NIIF CA/OU=NIIFI/CN=radius.ki.niif.hu"
}
}}}



Ha nem adjuk meg a jelszót a konfig
fájlban, akkor az ifup eth2 után a wpa_cli bekéri tőlünk:
{{{
# ifup eth2
# wpa_cli
wpa_cli v0.5.5
Copyright (c) 2004-2006, Jouni Malinen <jkmaline@cc.hut.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.


Selected interface 'eth2'

Interactive mode

<2>CTRL-REQ-PASSWORD-0:Password needed for SSID eduroam
> password 0 jelszó
OK
> <2>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
<2>WPA: Key negotiation completed with 00:19:a9:a7:28:51 [PTK=CCMP GTK=TKIP]
<2>CTRL-EVENT-CONNECTED - Connection to 00:19:a9:a7:28:51 completed (auth) [id=0 id_str=eduroam]
quit
}}}

A {{{password}}} a parancs, a {{{0}}} a CTRL-REQ-PASSWORD- és a kettőspont közül
jött, a jelszó a jelszó. Közben esetleg dzsuvázik a wpa_cli a saját
promptjába, ez ne zavarjon bennünket.

Wireless Eduroam Linux Debian (sid) wpasupplicant

Ha az NIIF Root CA-t használjuk

cd /etc/ssl/certs/ wget http://www.ca.niif.hu/Certificates/niif_ca_root_x509.pem ln -sf niif_ca_root_x509.pem openssl x509 -hash -noout -in niif_ca_root_x509.pem.0 }}}

Ha más root CA-t

hasonlóan nyerjük ki a root CA publikus kulcsát

WPA supplicant konfiguráció

Addjuk hozzá az /etc/network/interfaces file-hoz a következőt, úgy hogy az eth2 inteface-t helyetesítsük a megfelelő wireless ethernet eszközzel.

/etc/network/interfaces

allow-hotplug eth2
iface eth2 inet manual
        wpa-driver wext
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

# id_str="eduroam"
iface eduroam inet dhcp

/etc/wpa_supplicant/wpa_supplicant.conf

# Minimal /etc/wpa_supplicant.conf to associate with open
#  access points. Please see
#  /usr/share/doc/wpasupplicant/examples/README.wpa_supplicant.conf.gz
#  for more complete configuration parameters.
#
# Also see the other files in /usr/share/doc/wpasupplicant/examples/ for
#  specific configuration examples.

# path to UNIX socket control interface
ctrl_interface=/var/run/wpa_supplicant

#ap_scan=1
#fast_reauth=1
#WEP104 WEP40
network={
        ssid="eduroam"
        id_str="eduroam"
        eap=TTLS
        identity="misi@niif.hu"
        anonymous_identity="anonymous@niif.hu"
        ca_cert="/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem"
        phase2="auth=PAP"
        group=CCMP TKIP
        pairwise=CCMP TKIP
        key_mgmt=WPA-EAP
        password="jelszó"
        subject_match="/C=HU/O=NIIF CA/OU=NIIFI/CN=radius.ki.niif.hu"
}

Ha nem adjuk meg a jelszót a konfig fájlban, akkor az ifup eth2 után a wpa_cli bekéri tőlünk:

# ifup eth2
# wpa_cli
wpa_cli v0.5.5
Copyright (c) 2004-2006, Jouni Malinen <jkmaline@cc.hut.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.


Selected interface 'eth2'

Interactive mode

<2>CTRL-REQ-PASSWORD-0:Password needed for SSID eduroam
> password 0 jelszó
OK
> <2>CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
<2>WPA: Key negotiation completed with 00:19:a9:a7:28:51 [PTK=CCMP GTK=TKIP]
<2>CTRL-EVENT-CONNECTED - Connection to 00:19:a9:a7:28:51 completed (auth) [id=0 id_str=eduroam]
quit

A password a parancs, a 0 a CTRL-REQ-PASSWORD- és a kettőspont közül jött, a jelszó a jelszó. Közben esetleg dzsuvázik a wpa_cli a saját promptjába, ez ne zavarjon bennünket.

Campus6: Wireless_Eduroam_Linux_Debian_wpasupplicant (last edited 2012-01-30 11:16:19 by mohacsi)