Results 1 to 4 of 4

Thread: wifi connection using a certificate

  1. #1
    Join Date
    Jun 2024
    Beans
    3

    wifi connection using a certificate

    Hi,

    I am trying to connect from ubuntu 24.04 to wifi using a certificate for authentication.
    Windows uses ‘Smart Card or other certificate’ and ‘Computer Authentication’, but Ubuntu whatever authentication option I choose requires me to enter a user login and password.

    If I enter credentials, I get the following message on wlc. "AAA Authentication Failure for Client MAC: aa:aa:aa:aa:aa:aa, Username:test@test.test, User Type:WLAN USER, Reason:Authentication failed"


    Ubuntu 24.04 is the PRO version, connected to Active Directory. A certificate is issued from the domain controller which is needed to connect to wifi.

    Is there an option to connect to the wifi using only a certificate?

    Thanks in advance!



    Attached Images Attached Images

  2. #2
    currentshaft Guest

    Re: wifi connection using a certificate

    You need to set up 802.1x in settings to use certificates to authenticate to networks. I see the option under Security for my wireless adapter on Ubuntu 24.

  3. #3
    Join Date
    Jun 2024
    Beans
    3

    Re: wifi connection using a certificate

    Hi currentshaft,

    Thank you for your reply, I tried the settings you wrote about but I get the message ‘Password or encryption keys are required to access the wireless network "AA"'. AA.key does not have a password, however if I enter the password, I still don't see anything in the logs on the WLC and the radius server. Below are my current settings

    network:
    version: 2
    wifis:
    NM-b14af7c0-772a-422e-9f22-946fc5bd428c:
    renderer: NetworkManager
    match:
    name: "wlo1"
    macaddress: "AA:AA:AA:AA:AA:AA"
    dhcp4: true
    ipv6-address-generation: "stable-privacy"
    access-points:
    "AA":
    auth:
    key-management: "802.1x"
    method: "tls"
    identity: "23CD0A2.aa.aa"
    ca-certificate: "/var/lib/adsys/certs/ca-aa.crt"
    client-certificate: "/var/lib/adsys/certs/AA.crt"
    client-key: "/var/lib/adsys/private/certs/AA.key"
    networkmanager:
    uuid: "b14af7c0-772a-422e-9f22-946fc5bd428c"
    name: "AA"
    passthrough:
    ipv6.method: "disabled"
    ipv6.ip6-privacy: "-1"
    proxy._: ""
    networkmanager:
    uuid: "b14af7c0-772a-422e-9f22-946fc5bd428c"
    name: "AA"
    Last edited by reno-129; June 10th, 2024 at 10:51 AM.

  4. #4
    Join Date
    Jun 2024
    Beans
    3

    Re: wifi connection using a certificate

    I was able to correctly connect to the network using WPA & WPA2 Enterprise.


    Environment
    Ubuntu 24.04 PRO connected to Active Directory via SSSD and ADsys. Using ADsys on Ubuntu, autoenrollment is running to download the certificates from the CA needed to connect to WiFi.
    WiFi connection is via Cisco WLC and Radius server, which verifies correct authentication to the network.

    /etc/netplan/your wlan adapter.yaml -> graphical interface will automatically generate the configuration

    network:
    version: 2
    wifis:
    NM-44b0685e-9f2e-4ac5-aae3-2291bb75ac04:
    renderer: NetworkManager
    match:
    name: "wlo1"
    dhcp4: true
    ipv6-address-generation: "stable-privacy"
    access-points:
    "YourSSID":
    auth:
    key-management: "eap"
    method: "tls"
    identity: "host/hostname.domain.com" Here you need to add 'host/' in front of your computer's hostname so that Radius reads your computer correctly and finds it in AD.
    client-certificate: "/var/lib/adsys/certs/yourcert.crt"
    client-key: "/var/lib/adsys/certs/yourkey.pem" If the key was issued in .key format, you will need to reformat it to .pem and add a password (a password is required).
    client-key-password: "Password to key"
    networkmanager:
    uuid: "44b0685e-9f2e-4ac5-aae3-2291bb75ac04"
    name: "YourSSID"
    passthrough:
    802-1x.domain-suffix-match: "domain.com"
    ipv6.method: "disabled"
    ipv6.ip6-privacy: "-1"
    proxy._: ""
    networkmanager:
    uuid: "44b0685e-9f2e-4ac5-aae3-2291bb75ac04"
    name: "YourSSID"
    Attached Images Attached Images
    Last edited by reno-129; June 14th, 2024 at 08:28 AM.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •