Access the B-IT-Network through 802.1X (Linux)

Attention!


All WLAN Options at b-it require the registration of your b-it account for PNAS@BIT prior to connection configuration of your mobile system at the following address:

Register for PNAS@BIT

At this point we emphasize the importance of correctly maintaining the connecting systems regarding the protection from virii, worms and the unauthorized access of third persons. Please consider our hints and installation assistance under “Security”!

Precondition for using 802.1X is a valid PNAS@BIT-Account. You have to register at the Registration Page. (Only available in the B-IT-Network).
Furthermore your WLAN-Hardware has to be supported by the WPA-Supplicant. You can find a list of supported Hardware on the WPA-Supplicant homepage.
We assume that you loaded the appropriate kernel-modules, so that an WLAN-interface is available. (use “ifconfig -a” to show all available network-interfaces).
Furthermore we assume, that the name of the interface is “wlan0”, but this can differ depending on your WLAN-Hardware.

In order to connect to the B-IT Network through 802.1X do the following steps:

  1. Installation of the WPA-Supplicant:
    • The easiest way to install the WPA-Supplicant is to use your distributions paketmanagement software. At out attempts, the authentication was succesful with version 0.4.7 as well as version 0.5.1. Of course newer version should work also.
    • Download the certificate cisco-acs-cert.cer and save it:
      cd /etc
      wget --no-check-certificate https://www-sgbit.bit.uni-bonn.de/wiki/cisco-acs-cert-2017.cer
    • Create a file /etc/wpa-supplicant.conf with the following contents (please adjust username and password!):
      wpa-supplicant.conf:
      update_config=0
      ctrl_interface=/var/run/wpa_supplicant
      ctrl_interface_group=0
      eapol_version=1
      ap_scan=2
      fast_reauth=1
      
      network={
      	ssid="802.1X"
      	scan_ssid=1
      	key_mgmt=IEEE8021X
      	identity="username@bit.uni-bonn.de"
      	password="password"
      	ca_cert="/etc/cisco-acs-cert-2017.cer"
      	phase1="peaplabel=0 peapver=0"
      	phase2="auth=MSCHAPV2"
      	ca_cert2="/etc/cisco-acs-cert-2017.cer"
      	priority=20
      }
  2. Start the WPA-Supplicant:
    wpa_supplicant -B -dd -Dwext -iwlan0 -c/etc/wpa_supplicant.conf
    • The Meaning of the parameters:
      -B: Daemon Mode
      -dd: increase debugging verbosity
      -D:; driver name
      -i: interface
      -c: configuration file
    • You have to adjust the ”-D” and ”-i”-parameter according to your conditions!
    • Possible values for ”-D” are:
      hostap = Host AP driver (Intersil Prism2/2.5/3) [default] (this can also be used with Linuxant DriverLoader)
      hermes = Agere Systems Inc. driver (Hermes-I/Hermes-II)
      madwifi = MADWIFI 802.11 support (Atheros, etc.)
      atmel = ATMEL AT76C5XXx (USB, PCMCIA)
      wext = Linux wireless extensions (generic)
      ndiswrapper = Linux ndiswrapper
      broadcom = Broadcom wl.o driver
      ipw = Intel ipw2100/2200 driver
      wired = wpa_supplicant wired Ethernet driver
      bsd = BSD 802.11 support (Atheros, etc.)
      ndis = Windows NDIS driver
  3. Assign an IP-adress:
    • Please check with “ifconfig -a”, wether your WLAN-Interface has an IP-adress already.
    • In case your WLAN-interface has an IP-adress in the 131.220.139.xxx-range, everything theems to work - just give it a try.
    • In case your WLAN-interface does not have an IP-adress or an adress of the range 10.149.xxx.xxx, you need to initiate the DHCP-client of your distribution to reassign a new IP-address to your WLAN-interface. The procedure for doing this differs from distribution to distribution. (Mostly “dhclient wlan0” or “dhcpcd -k wlan0; dhcpcd wlan0”)


Hint:
This howto describes the configuration “by hand”. Chances are that your distribution offers a way to configure and start the WPA-Supplicant through the network init scripts. (Gentoo: /etc/conf.d/net Ubuntu:/etc/config/networking). In this case you just need the wpa_supplicant.conf from step 1.

 
pnas_en/802.1x/linux.txt · Last modified: 2017/11/10 09:09 by thielt