Linux 802.1x

From ITwiki

Revision as of 19:57, 21 February 2014 by Rbenson (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Wired 802.1x

In the dorms and greek houses at Stevens (Also may work in other locations). Credit goes to Grink for troubleshooting the initial problem and providing a working solution. Currently, 802.1x is available in only the dorms and greek houses, however, any machine properly configured for 802.1x on wired will still work in non -802.1x ports as long as their MAC Address is Registered.

Automatic Configuration (Network Manager)

For most distros, Network Manager handles wired and wireless 802.1x just fine as long as you have a MAC address registered (Register A MAC Address). For Fedora, the wired internet is NOT managed by the Network Manager by default. Go to System->Administration->Network. Double-click on your wired internet and check the box that says "Controlled by Network Manager."

Manual Configuration (Via Terminal)

  1. download this config file to /etc/. You must edit this file to contain the correct username and password for your Stevens account.
  2. download this script to anywhere, and chmod +x it
  3. make sure you have wpa_supplicant installed with wired driver compiled in (should be by default)
  4. run the script you downloaded in (2) as root after plugging your wire into an 802.1x port. It will start up wpa_supplicant with the correct configuration, start up the gui, and run dhcpcd on eth0. You may need to modify the script if it doesn't work.
  5. feel free to close the gui, its just a quick way to tell you whats happening.
  6. Here is a link to the original documentation.

If it failes to authenticate, make sure you are plugged into a port correctly. The script from (2) will finish once dhcpcd returns. If it doesn't print out an ip address, just a MAC, then it failed and you will need to run dhcpcd again.

If you are running a machine without dhcpcd and does use dhclient (most fedora and ubuntu), use this conf file in /etc/.

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
ap_scan=0
network={
   key_mgmt=IEEE8021X
   eap=PEAP
   phase1="peaplabel=0"
   phase2="auth=MSCHAPV2"
   identity="yourusername"
   password="yourpassword"
}

And this script file:

#!/bin/bash
ifconfig eth0 up
ifconfig eth0 promisc
wpa_supplicant -i eth0 -B -Dwired -c /etc/wpa_supplicant.wired.conf
sleep 1
dhclient eth0 -nw

Wireless 802.1x

Automatic Configuration (Network Manager)

If you are using ubuntu with the Network Manager application you should see a small icon in your notification area (the applet next to your clock.)
Right clicking the icon will show a menu where you can select Edit Connections....


Click on the Wireless tab in the Edit Connection window and select Add.


You should be in the "Wireless" tab as shown below. The Connection name can be whatever you would like to name this type of connection.
You may use what is shown in the above picture or use your own name. The SSID must be called "Stevens Student" (for students) or "Stevens" (for faculty and staff). Both networks have the same security settings.
There is no need to fill in BSSID. The MAC address field is optional, but if you choose to fill in the field please make sure to use your Wireless MAC address and not the wired.

Next select the "Wireless Security" tab. Excluding the username and password section of this page, all settings in this tab must be exactly as shown in the picture below.
Be sure to enter your Stevens account information into the username and password fields.
Notice there is no field for the Domain Name, this is not necessary but you can specify it by writing campus\ and then your username as shown.

The IPv4 and IPv6 Settings do not need to be edited. Be sure to hit "Apply" to accept all the changes you have made.
Now you can left click on the networking icon to select "Stevens Student". You should now be able to automatically connect.

Manual Configuration (Via Terminal)

The below configuration file has all the correct settings to connect to wireless networks at Stevens.

Download the following configuration file to /etc/wpa_supplicant.wireless.conf, excerpted below:

/etc/wpa_supplicant.wireless.conf

# interface
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
# this is turned off in windows
fast_reauth=0
# better scanning mode
ap_scan=1


network={
ssid="Stevens Student"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
pairwise=CCMP TKIP
group=CCMP TKIP
# authentification info
identity="username"
password="password"
phase1="peaplabel=0"
phase1="auth=MSCHAPV2"
}

Launching authentication

Assuming that you saved the above config file to the suggested location, a modified version of the below script should get you on the wireless shortly.

~/scripts/802.1x.wireless.sh

#!/bin/bash
dhcpcd -k wlan0
rmmod ipw2100
modprobe ipw2100
wpa_supplicant -d -D ipw -i wlan0 -c /etc/wpa_supplicant.wireless.conf &>/dev/null & 
wpa_gui &
dhcpcd -do wlan0

(run this as root)

Modifications

  1. replace eth1 with whichever interface your wireless card resides at
  2. change ipw2100 to coincide with your cards wireless module name
  3. wpa_gui is not required and is not included with older versions of the wpa_supplicant package.
  4. using wpa_gui, you can select which network (from a list of configured networks) you would like to connect to. If you do this, after authentication, you may need to re-dhcp
# dhcpcd -k eth1
# dhcpcd -do eth1

If you are running Fedora 9 and have not updated yet, use this script:

#!/bin/bash
ifconfig wlan0 up
ifconfig wlan0 promisc
wpa_supplicant -i wlan0 -B -Dwireless -c /etc/wpa_supplicant.wireless.conf
sleep 1
dhclient wlan0 -nw

Replace wlan0 with whatever name is set for your wireless device.

Personal tools