You are not logged in.

Pages: 1

#1 2013-10-10 20:59:14

tfla
Member
Registered: 2013-10-10
Posts: 17

[SOLVED] netctl + eduroam (Lund University)

Hey there.

My laptop doesn't want to connect to eduroam with netctl. The uni website tells me to use WPA/WPA Enterprise for "wireless security", TTLS for "authentication", PAP as "inner authentication-method", my uid and "@lu.se" appended as both anonymous identity and user identity, and they specify the certificate as the one seen in the config below (all settings from the guide for connecting with NetworkManager).
Have I misunderstood something or is this something I will have to talk to with the technical crew on-campus?

Here's my /etc/netctl/wlp2s0-eduroam:

Description='Eduroam university'
Interface=wlp2s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=eduroam
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    'group=TKIP'
    'anonymous_identity="my_uid@lu.se"'
    'identity="my_uid@lu.se"'
    'password="my_password"'
    'ca_cert="/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem"'
    'phase2="auth=PAP"'
)

Last edited by tfla (2013-10-17 11:25:35)

Offline

#2 2013-10-11 01:02:28

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,167

Re: [SOLVED] netctl + eduroam (Lund University)

Did you read https://wiki.archlinux.org/index.php/Netctl#Eduroam?

EDIT: Actually, I guess that's what you based your config on - sorry, I didn't scroll down to see the alternate setup below.

Last edited by cfr (2013-10-11 01:04:30)

CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#3 2013-10-11 09:13:53

tfla
Member
Registered: 2013-10-10
Posts: 17

Re: [SOLVED] netctl + eduroam (Lund University)

Yeah, that's what I based the configuration on. It appears the eduroams differ slightly in their implementation on different locations though. I can't see what I've done wrong though, so I will probably just have to talk to the school staff?

Thanks for the reply.

Offline

#4 2013-10-11 13:43:41

Knusperkeks
Member
From: Germany
Registered: 2012-07-14
Posts: 26

Re: [SOLVED] netctl + eduroam (Lund University)

I also had problems connecting to eduroam-networks until i added 'scan_ssid=1' to WPAConfigSection.
Maybe it helps you wink

Offline

#5 2013-10-11 14:01:07

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: [SOLVED] netctl + eduroam (Lund University)

Make sure that 'group=TKIP' is actually supported by the AP, in case of doubt, comment or delete that line and give it a try.

R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#6 2013-10-17 11:23:22

tfla
Member
Registered: 2013-10-10
Posts: 17

Re: [SOLVED] netctl + eduroam (Lund University)

So, the uni had changed the required certificate without updating the documentation on their web-site. Problem solved and here's a config that works for LU students:

Description='Eduroam university'
Interface=wlp2s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=eduroam
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=TTLS'
    'anonymous_identity="STiL-id@lu.se"'
    'identity="STiL-id@lu.se"'
    'password="<STiL-password>"'
    'ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"'
    'phase2="auth=PAP"'
)

I removed the TKIP group since it isn't mentioned in the documentation, thanks R00KIE.

Offline

#7 2014-09-02 08:48:10

tfla
Member
Registered: 2013-10-10
Posts: 17

Re: [SOLVED] netctl + eduroam (Lund University)

Well, new semester = new troubles. Couldn't connect without adding scan_ssid=1 this time (thank you Knusperkeks and the writers of man wpa_supplicant), and they seem to have changed the phase 2 authentication to MSCHAPv2 and the eap to PEAP, so here is the new config that works for me if anyone needs it:

Description='Eduroam university'
Interface=wlp2s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
ESSID=eduroam
WPAConfigSection=(
    'ssid="eduroam"'
    'scan_ssid=1'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'anonymous_identity="<STiL-id>@lu.se"'
    'identity="<STiL-id>@lu.se"'
    'password="<STiL-password>'
    'ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"'
    'phase2="auth=MSCHAPv2"'
)

The wpa_supplicant manual mentions a phase1="peaplabel=0", not sure what that does and connecting seems to work without it.

Offline

#8 2016-09-09 12:16:21

tfla
Member
Registered: 2013-10-10
Posts: 17

Re: [SOLVED] netctl + eduroam (Lund University)

PSA: There's now a script that configures eduroam for NetworkManager and/or wpasupplicant to be found here: https://cat.eduroam.org/

Offline

#9 2016-09-09 12:34:53

Alad
Wiki Admin/IRC Op
From: Bagelstan
Registered: 2014-05-04
Posts: 2,420
Website

Re: [SOLVED] netctl + eduroam (Lund University)

I don't always find necrobumps useful, but when I do, it's about eduroam. Thanks. wink

Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Offline

Pages: 1

Board footer

Powered by FluxBB