Hi, I am trying to connect from ubuntu 24.04 to wifi using a certificate for authentication. Windows uses ‘Smart Card or other certificate’ and ‘Computer Authentication’, but Ubuntu whatever authentication option I choose requires me to enter a user login and password. If I enter credentials, I get the following message on wlc. "AAA Authentication Failure for Client MAC: aa:aa:aa:aa:aa:aa, Username:test@test.test, User Type:WLAN USER, Reason:Authentication failed" Ubuntu 24.04 is the PRO version, connected to Active Directory. A certificate is issued from the domain controller which is needed to connect to wifi. Is there an option to connect to the wifi using only a certificate? Thanks in advance!
You need to set up 802.1x in settings to use certificates to authenticate to networks. I see the option under Security for my wireless adapter on Ubuntu 24.
Hi currentshaft, Thank you for your reply, I tried the settings you wrote about but I get the message ‘Password or encryption keys are required to access the wireless network "AA"'. AA.key does not have a password, however if I enter the password, I still don't see anything in the logs on the WLC and the radius server. Below are my current settings network: version: 2 wifis: NM-b14af7c0-772a-422e-9f22-946fc5bd428c: renderer: NetworkManager match: name: "wlo1" macaddress: "AA:AA:AA:AA:AA:AA" dhcp4: true ipv6-address-generation: "stable-privacy" access-points: "AA": auth: key-management: "802.1x" method: "tls" identity: "23CD0A2.aa.aa" ca-certificate: "/var/lib/adsys/certs/ca-aa.crt" client-certificate: "/var/lib/adsys/certs/AA.crt" client-key: "/var/lib/adsys/private/certs/AA.key" networkmanager: uuid: "b14af7c0-772a-422e-9f22-946fc5bd428c" name: "AA" passthrough: ipv6.method: "disabled" ipv6.ip6-privacy: "-1" proxy._: "" networkmanager: uuid: "b14af7c0-772a-422e-9f22-946fc5bd428c" name: "AA"
Last edited by reno-129; June 10th, 2024 at 10:51 AM.
I was able to correctly connect to the network using WPA & WPA2 Enterprise. Environment Ubuntu 24.04 PRO connected to Active Directory via SSSD and ADsys. Using ADsys on Ubuntu, autoenrollment is running to download the certificates from the CA needed to connect to WiFi. WiFi connection is via Cisco WLC and Radius server, which verifies correct authentication to the network. /etc/netplan/your wlan adapter.yaml -> graphical interface will automatically generate the configuration network: version: 2 wifis: NM-44b0685e-9f2e-4ac5-aae3-2291bb75ac04: renderer: NetworkManager match: name: "wlo1" dhcp4: true ipv6-address-generation: "stable-privacy" access-points: "YourSSID": auth: key-management: "eap" method: "tls" identity: "host/hostname.domain.com" Here you need to add 'host/' in front of your computer's hostname so that Radius reads your computer correctly and finds it in AD. client-certificate: "/var/lib/adsys/certs/yourcert.crt" client-key: "/var/lib/adsys/certs/yourkey.pem" If the key was issued in .key format, you will need to reformat it to .pem and add a password (a password is required). client-key-password: "Password to key" networkmanager: uuid: "44b0685e-9f2e-4ac5-aae3-2291bb75ac04" name: "YourSSID" passthrough: 802-1x.domain-suffix-match: "domain.com" ipv6.method: "disabled" ipv6.ip6-privacy: "-1" proxy._: "" networkmanager: uuid: "44b0685e-9f2e-4ac5-aae3-2291bb75ac04" name: "YourSSID"
Last edited by reno-129; June 14th, 2024 at 08:28 AM.
View Tag Cloud
Ubuntu Forums Code of Conduct