HOWTO: Wireless Security - WPA1, WPA2, LEAP, etc.

[wieman01]

Hi again

Just in case you're interested- I had a go with Ndiswrapper.

It worked a treat, until I'd re-booted a couple of times, and then it stopped. I have no idea why. I am completely sure that I had not changed any configuration in the meantime- in fact I was starting and stopping the computer just to see if the WLAN would stay working! Same results with WICD and Network Manager.

Anyway, maybe I'll ask in the Ndiswrapper forums for help there.

Cheerio!
Charlie

I can help you with it if you don't mind. Please send me the link by PM and I'll support you. Please check out my own 'ndiswrapper' HOWTO (see signature) as well... perhaps you have missed a step or two.

What tutorial have you used?

[ubulap]

FokkerCharlie,

one of the things that I found of need to do, when I was using ndiswrapper (I've now moved to rt73 driver) to have it working, was that I needed to restart the network at each boot, to have it working.
Maybe this is why after rebooting it stopped working for you?

I had to run the following command:

Code:

sudo /etc/init.d/networking restart

[wieman01]

FokkerCharlie,

one of the things that I found of need to do, when I was using ndiswrapper (I've now moved to rt73 driver) to have it working, was that I needed to restart the network at each boot, to have it working.
Maybe this is why after rebooting it stopped working for you?

I had to run the following command:

Code:

sudo /etc/init.d/networking restart

Post #2 of this thread tries to fix that. Check it out.

[FokkerCharlie]

Hi Ubulap

The problem I am facing is that the connection needs to be re-set every couple of minutes while the computer is running- ie it does not need to be re-booted to need to wake-up.

See the new thread:
http://ubuntuforums.org/showthread.p...34#post3842134

Nice try, tho, thanks!
Charlie

[markw365]

Ok, I've been playing with this for a couple of days. Our network guys tell me the setup is PEAP-TLS. I've tried every combination in the network-manager, wpa-enterprise, wpa2-enterprise, etc. It seems to connect then drop the connection, like something is wrong with the authentication handshake.

Here's my settings for wireless in XP:

Under the network properties "Association Tab".

Network Authentication is set to "Open"
Data Encryption is set to "WEP"

Under the Authentication Tab:

"Enable IEEE 802.1x authentication for this network" checked
EAP Type: Protected EAP(PEAP)
Authenticate as a computer when computer information is available. Checked.

Under PEAP Properties, the
"Validate server certificate" is checked along with our company certificate.

Then in the Select authentication pull down it has "Secured Password (EAP-MSCHAPv2) selected, which uses my domain/user creditentials.

Under the Connection tab it has "connect when in range".

This all works fine under XP, but when I boot into Linux, and select WPA or WPA2 enterprise, mschapv2, etc. it doesn't work. I've got the certificate on the machine in both .p7b and .pem formats. It looks like it gets close, but it doesn't come up. In the username/password dialog I give the domain/username and my domain login.

Any help would be appriciated.

Card is built in laptop with the intel 2200 chipset, works fine at home and everywhere else. I also have a drawer full of USB wireless adapters I can try.

Thanks,
Mark

[wieman01]

Ok, I've been playing with this for a couple of days. Our network guys tell me the setup is PEAP-TLS. I've tried every combination in the network-manager, wpa-enterprise, wpa2-enterprise, etc. It seems to connect then drop the connection, like something is wrong with the authentication handshake.

Here's my settings for wireless in XP:

Under the network properties "Association Tab".

Network Authentication is set to "Open"
Data Encryption is set to "WEP"

Under the Authentication Tab:

"Enable IEEE 802.1x authentication for this network" checked
EAP Type: Protected EAP(PEAP)
Authenticate as a computer when computer information is available. Checked.

Under PEAP Properties, the
"Validate server certificate" is checked along with our company certificate.

Then in the Select authentication pull down it has "Secured Password (EAP-MSCHAPv2) selected, which uses my domain/user creditentials.

Under the Connection tab it has "connect when in range".

This all works fine under XP, but when I boot into Linux, and select WPA or WPA2 enterprise, mschapv2, etc. it doesn't work. I've got the certificate on the machine in both .p7b and .pem formats. It looks like it gets close, but it doesn't come up. In the username/password dialog I give the domain/username and my domain login.

Any help would be appriciated.

Card is built in laptop with the intel 2200 chipset, works fine at home and everywhere else. I also have a drawer full of USB wireless adapters I can try.

Thanks,
Mark

Tough one... I don't user Network Manager much. But the IPW2200 driver is definitely capable of PEAP. Could you post screenshots of your NM settings?

Perhaps 'dmesg" (command line) tells us more:

dmseg

[Marcellus]

A follow-up on my newbie-post from long ago: (search on username)

I didn't succeed in getting WPA to work on two pcmcia wifi cards while the cards were known to work perfectly with WEP: one was Linksys WPC11 (I don't remember which version), the other a Senao NL-2511CD. In the end it was the cards' fault: they were pretty old 802.11b-only cards that turned out not to support WPA.

I replaced them with a new usb dongle --- Azurewave AW-GU210 --- which immediately worked under 7.04 and 7.10. However, after an hour (or sometimes 3) or so it would overheat, I think, and fail to connect for several minutes. Possibly because it tries to move fast broadband over USB1.1?

This I replaced with a similar Belkin usb dongle that has been working perfectly with the same setups --- USB1.1 on a 2.2ghz celeron desktop and on a celeron 1.1ghz laptop.

[tnunamak]

Hi,

I have a working wireless connection when it it unencrypted, but I've tried following your guide to connect to my university's LEAP network and when I restart the networking service I get the following:

Code:

 sudo /etc/init.d/networking restart
 * Reconfiguring network interfaces...                                           * Stopping the Firestarter firewall...
   ...done.
 * Starting the Firestarter firewall...
   ...fail!
run-parts: /etc/network/if-down.d/50firestarter exited with return code 2
There is already a pid file /var/run/dhclient.eth0.pid with pid 6102
killed old client process, removed PID file
Internet Systems Consortium DHCP Client V3.0.5
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth0/00:19:7d:8c:cd:22
Sending on   LPF/eth0/00:19:7d:8c:cd:22
Sending on   Socket/fallback
DHCPRELEASE on eth0 to 1.1.1.1 port 67
There is already a pid file /var/run/dhclient.eth0.pid with pid 134519120
Internet Systems Consortium DHCP Client V3.0.5
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth0/00:19:7d:8c:cd:22
Sending on   LPF/eth0/00:19:7d:8c:cd:22
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
oDHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
No DHCPOFFERS received.
No working leases in persistent database - sleeping.
 * Stopping the Firestarter firewall...
   ...done.
 * Starting the Firestarter firewall...
   ...fail!
run-parts: /etc/network/if-up.d/50firestarter exited with return code 2

My interfaces file reads as follows:

Code:

# The loopback network interface
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0

# The primary network interface
iface eth1 inet dhcp

#iface eth0 inet dhcp
#wireless-essid TUGuest
#auto eth0

auto eth0
iface eth0 inet dhcp
wpa-driver wext
wpa-ssid TUSecure
wpa-ap-scan 1
wpa-eap LEAP
wpa-key-mgmt IEEE8021X
wpa-identity tnunamak
wpa-password mypassword

Any ideas?

[wieman01]

@tnunamak:

Please post the output of (while your are near the network:

sudo iwlist scan

Then also let me know what wireless adapter you have got & what chipset it uses. Not all adapters are PEAP-capable.

[buccaneere]

2. No firewall & configuration tool is running (e.g. Firestarter).

How do I ascertain this?