Wpa-eap + Tkip (edit. WPA-PEAP+TKIP)

hardframed · 2007-09-11 07:09:47

As far as my knowledge goes WPA-EAP is the same as WPA Enterprise (in Vista it's named Enterprise). My School network uses the TKIP key management. And this is what I added to my /etc/wpa_supplicant.conf:

Network={
        ssid="studentnet"
        proto=WPA
        key_mgmt=WPA-EAP
        pairwise=TKIP
        priority=1
}

However, I can not get this setup to work.
On the open networks (without auth) my wireless works just fine.
So if anyone has experience with WPA-EAP + TKIP, please shoot me some pointers. I'm fairly new to the arch way of setting up wireless.

*g* this thread will be a hack thread instead of a support thread

Last edited by hardframed (2007-09-11 07:31:57)

hardframed · 2007-09-11 07:14:58

I found out that the school network uses PEAP. And some googling made me aware over that wpa_supplicant supports the following PEAP authentication:

* EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
* EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
* EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
* EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
* EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)

I'm gonna trial and error some. BRB

EDIT.

EAP-PEAP/MSCHAPv2 is the one my school network uses.

EDIT 2.
This is the template I found that suits my student network. Now I need to set this up.

EAP-PEAP/MSCHAPv2 configuration for RADIUS servers tha$
 (e.g., Radiator)
network={
        ssid="example"
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="user@example.com"
        password="foobar"
        ca_cert="/etc/cert/ca.pem"
        phase1="peaplabel=1"
        phase2="auth=MSCHAPV2"
        priority=10
        pairwise=TKIP # added TKIP to the template
}

Edit 3.

PEAP = Protected Extensible Authentication Protocol http://en.wikipedia.org/wiki/Protected_ … n_Protocol

....PEAP uses only server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server...

So I guess that is the reason ca_cert="/etc/cert/ca.pem" is being called.
Yet, I'm left with one question. The password is stored in the conf file. Is this secure? Can this be done in a better way?

Last edited by hardframed (2007-09-11 08:02:10)

fwojciec · 2007-09-11 13:07:21

You can make the conf file readable to root only - that's the way I've done it. AFAIK there is no way around having the password there.

Last edited by fwojciec (2007-09-11 13:08:03)

Arch Linux

#1 2007-09-11 07:09:47

Wpa-eap + Tkip (edit. WPA-PEAP+TKIP)

#2 2007-09-11 07:14:58

Re: Wpa-eap + Tkip (edit. WPA-PEAP+TKIP)

#3 2007-09-11 13:07:21

Re: Wpa-eap + Tkip (edit. WPA-PEAP+TKIP)

Board footer