| View previous topic :: View next topic |
| Author |
Message |
Freak_NL
Apprentice
Joined: 27 Jun 2002
Posts: 261
Location: The Netherlands
|
 Posted: Mon Jan 16, 2006 10:23 pm Post subject: [SOLVED] Wired wpa_supplicant & baselayout 1.12.0, no au |
 |
|
The last few days have been somewhat troublesome. I have to authenticate with my university network provider via IEEE 802.1x, but the provider claims only Windows XP and 2000 are supported.
I've managed to find out how to get on-line using xsupplicant, but the problem with xsupplicant is that version 1.0.1 can only authenticate me once, then it dies. Newer versions aren't supported by Gentoo, and version 1.2.2 won't compile. (see: xsupplicant )
Then I learned that wpa_supplicant is the Gentoo way for 802.1x authentication, for wired connections as well. It took a few days to figure that out.. Now I've installed the new baselayout 1.12.0_pre13-r1 which is supposed to have support for wired wpa_supplicant. Only, wpa_supplicant doesn't seem to work. I think the configuration is okay though.
At the moment I can get on-line for an hour or so by
- killing the dhcpcd daemon on eth0
- Bringing eth0 up again
- Starting xsupplicant -i eth0
This is the configuration for xupplicant:
| Code: | default_netname = LeidenUniv
network_list = all
first_auth_command = <BEGIN_COMMAND>dhcpcd %i<END_COMMAND>
logfile = /var/log/xsupplicant.log
LeidenUniv
{
allow_types = eap-ttls
identity = <BEGIN_ID>USERNAME@1x<END_ID>
eap-ttls
{
chunk_size = 1398
root_cert = /etc/xsupplicant/ca/GlobalSignRootCA.pem
random_file = /dev/urandom
cncheck = .leidenuniv.nl
cnexact = no
phase2_type = pap
pap {
username = <BEGIN_UNAME>USERNAME@1x<END_UNAME>
password = <BEGIN_PASS>PASSWORD<END_PASS>
}
}
} |
Now I want to switch to wpa_supplicant and automate the authentication, so I configured wpa_supplicant thusly:
| Code: | ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=0
fast_reauth=1
network={
ssid="LeidenUniv"
key_mgmt=IEEE8021X
eapol_flags=0
eap=TTLS
ca_cert="/etc/certificates/GlobalSignRootCA.pem"
phase2="auth=PAP"
identity="USERNAME@1x"
password="PASSWORD"
} |
I've tried both WPA-EAP and IEEE8021X for key_mgmt.
Calling wpa_supplicant by hand:
| Code: | | wpa_supplicant -Dwired -c /etc/wpa_supplicant.conf -i eth0 -w -dd |
| Code: | (repeatedly:)
EAPOL: Received EAP-Packet frame
RX EAPOL from 00:04:7e:00:b1:63 |
It tells me that it receives EAP-frames, but doesn't do anything (I think). What can I do now? I can't find anything similar using Google or this forum, because everything I find is related to wireless configurations.
I'm a bit at a loss at the moment as to what to do.. Any hints would be very much appreciated.
Last edited by Freak_NL on Tue Jan 17, 2006 5:53 pm; edited 1 time in total |
|
| Back to top |
|
 |
Freak_NL
Apprentice
Joined: 27 Jun 2002
Posts: 261
Location: The Netherlands
|
| Posted: Tue Jan 17, 2006 5:52 pm Post subject: |
|
|
Ok, I have wpa_supplicant working now.
The example configuration file says a SSID is recquired, even though it isn't used in a wired 802.1x authentication. The debug output complained about the SSID not being found (makes sense), so I removed the SSID part and added a "priority=10" value.
With this configuration I can logon to the Leiden University SURFNet connection (provided by Lijbrandt Telecom). Added those names for searchability.
Wpa_supplicant config:
| Code: |
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=0
# Disabled this for testing, I can probably re-enable it.
fast_reauth=0
network={
key_mgmt=WPA-EAP
eapol_flags=0
eap=TTLS
ca_cert="/etc/certificates/GlobalSignRootCA.pem"
phase2="auth=PAP"
identity="USERNAME@1x"
password="PASSWORD"
priority=10
} |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
