PDA

View Full Version : [ubuntu] 802.1x WEP PEAP MSCHAPv2



nielsek
May 8th, 2009, 11:22 PM
I have a problem with connecting to the wireless aps at my school.They use 802.1x WEP PEAP MSCHAPv2 and i use 9.04 Netbook Remix.

The problem is that i need to receive the CA certificate when i connect. The school has a guide for win xp where there is a checkbox that says: "Validate server certificate when connecting" which needs to be unchecked, but nothing in Ubuntu seems to do the trick.

nielsek
May 9th, 2009, 06:58 PM
bump

hajk
May 9th, 2009, 08:36 PM
The CA-certificate is just a coded text file, you should ask your school IT office for a copy of it, install it somewhere in your home directory, then give the path to it when asked to configure the wireless interface. There are example templates included in Wicd, which is an easy to configure alternative to network-manager and the like.

spegru
September 28th, 2009, 11:01 PM
Kind of an old thread but maybe it's worth reviving than starting a new one............

In fact just this weekend my daughter started at Uni and they have the same kind of security setup - even for wired PCs. There are instructions for Win and Mac but none for Linux (and there was me thinking a university would be more enlightened). I was interested that WinXP and older Macs were not supported either as they don't apparently support 802.1x.

The instructions for winvista were a bit unclear so I am not sure exactly what happened. However on linux, one thing was easy was finding the setup for 802.1x on network-manager (it's just another tab when you edit the settings for the wired connection). I could set up all the settings using the windows instructions.
But the one thing I could not do was to find the certificate itself. The instructions said it was held on a server and even gave the name. But they didnt specify whether to connect http, ftp or something else, and thus I was stuck.

While messing with the winvista partition on the other hand it was equally unclear except I suddenly noticed a file was downloading without me even doing anything! I wonder if they are downloading using smb or something. I could not get it from linux though.

I suppose I could copy the certificate from the windows side - if I knew where to find it. Anyone know?

But the real trick would be to understand how to get the certificate from the network. I imagine there is some standard method for certificate distribution. Any ideas?

spegru
September 29th, 2009, 08:20 PM
cmon people there must be someone out there who understands this stuff

frankejj
October 5th, 2009, 07:33 PM
On the windows machine the certificate that you need can be exported from the certificate store.

Goto Wireless Network properties - Security - PEAP Settings - Scroll down the list showing the Trusted Root CAs - Note down the one that is checked.
Then open IE - Tools - Internet Options - Content - Certificates - Trusted Root CAs - Scroll down to the CA noted down from previous step - click Export - export certificate to file

Then copy the certificate over to the linux machine by USB stick or something...

Good luck. Even though I got this far I still have trouble trying to connect. It keeps trying but just comes right back to the connection screen saying 'Authentication required......'
/var/log/syslog has very little info...
Activation (wlan0/wireless): Association took too long

I guess maybe I will try wicd next... I am at a loss at the moment.

spegru
February 4th, 2010, 07:24 PM
I actually got somewhere with this at my Daughter's Uni

1.Connected PC up, opened a browser and was immediately sent to the Uni login page
2. Entered user name and password
3. One option is to register a new computer. (It seems students can register several devices - which is quite enlightened of them).
4. The system offers a windows exe file to do this by default (but it also mentions ipods macs etc). This type of auto setup for linux of course but there was a manual option, that gave a direct link within a 'Resources' section of their web page to manually download the Thawte Certificate - which I did.
5. Next, from Network Manager, right click and select add connection
6. Give it a new suitable name rather than overwriting your normal auto config
7. Choose 802.1x from setup tab
8. Choose eap security (in this case) and import the certificate downloaded earlier
9. Enter the username complete with the full email address with the @.xxx.ac.uk or whatever at the end (this had me stumped for a bit until I found an error message on the Uni web setup page)
10. Right click on network manager and select your new connection
11. You are Done!

Next time you just connect automatically

In fact other than knowing how to get the certificate this was easier than with vista, since as standard the 802.1x protocol section is missing and had to be installed separately.

One wrinkle I found was that the dual boot vista/linux machine would not register in linux mode even though it worked ok with a separate linux machine. This was because the ethernet port MAC address was already registered to a windows machine. So I found a cheapo usb network ethernet adaptor fixed that problem since it has its own mac address

I also found a way to extract the certificate from the Windows Vista machine, although I did not test it. It was deep in the network settings section somewhere. Unfortunately I cant access how to do that right now but suffice to say it wasn't that hard. I can probably find out how to do that again if needed.

I guess this is pretty generic and hope it should be useful info for many Unis and similar places using 802.1x

jesanfafon
March 1st, 2011, 04:47 AM
On the windows machine the certificate that you need can be exported from the certificate store.

Goto Wireless Network properties - Security - PEAP Settings - Scroll down the list showing the Trusted Root CAs - Note down the one that is checked.
Then open IE - Tools - Internet Options - Content - Certificates - Trusted Root CAs - Scroll down to the CA noted down from previous step - click Export - export certificate to file

Then copy the certificate over to the linux machine by USB stick or something...

Good luck. Even though I got this far I still have trouble trying to connect. It keeps trying but just comes right back to the connection screen saying 'Authentication required......'
/var/log/syslog has very little info...
Activation (wlan0/wireless): Association took too long

I guess maybe I will try wicd next... I am at a loss at the moment.


Sorry to bring up an old post, but this sounds like the problem I'm currently having --> http://ubuntuforums.org/showthread.php?p=10507260#post10507260

Did you ever figure anything out?