Eduroam Linux

Main.EduroamLinux History

Hide minor edits - Show changes to markup

Changed lines 35-39 from:
Enabling eduroam in Ubuntu 9.10
to:
Enabling eduroam in Ubuntu 9.10
Enabling eduroam in Ubuntu 12
Choosing GoDaddy Cert in Ubuntu 12
Added lines 17-22:
  • the checksums are:
    • md5: 82bd9a0b826a0e3e91ad3e27042b3f45 Go Daddy Class 2 Certification Authority.cer
    • sha1: de70f4e2116f7fdce75f9d13012b7e687a3b2c62 Go Daddy Class 2 Certification Authority.cer
Changed lines 3-8 from:

http://intranet.itu.dk/en/Intranet-hjem/Afdelinger/It-afdelingen/IT-Afdelingens-ABC/TrAadlost-internet.aspx

This page here describes how to connect under Ubuntu 9.10 - but should be valid for all flavors of GNU/Linux that support 802.1x.

to:

https://intranet.itu.dk/en/Intranet-hjem/Organisation/Afdelinger/It-afdelingen/IT-Afdelingens-ABC/TrAadlost-internet

This page here describes how to connect under Ubuntu 9.10 / 10 / 12 - but should be valid for all flavors of GNU/Linux that support 802.1x.

Changed line 16 from:
  • CA Certificate: fetch certificate from http://itu.dk/cert/
to:
  • CA Certificate: fetch certificate from http://itu.dk/cert/, use the one called http://itu.dk/cert/Go%20Daddy%20Class%202%20Certification%20Authority.cer
Changed lines 19-20 from:
  • username is the user part only, without the domain (@itu.dk)
to:
  • username: is the user part only, without the domain (@itu.dk), but it should work with full username@itu.dk too.
Changed line 23 from:

It is highly recommended that you retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue.

to:

It is absolutely necessary to retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue.

Changed line 23 from:

It is recommended that you retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue.

to:

It is highly recommended that you retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue.

Changed lines 21-24 from:

'''A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate. A warning dialogue notifies you of this, but you are allowed to accept this potential security risk. It is recommended that you retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue. Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).'''

to:

A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate. A warning dialogue notifies you of this, but you are allowed to accept this potential security risk. It is recommended that you retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue. Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).

Changed line 21 from:

A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate.

to:

'''A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate.

Changed line 24 from:

Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).

to:

Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).'''

Changed line 16 from:
  • CA Certificate: None
to:
  • CA Certificate: fetch certificate from http://itu.dk/cert/
Changed lines 23-26 from:

It is recommended that you retrieve the certificate through your browser, by going to https://mit.itu.dk , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue.

The certificate is also here: http://itu.dk/people/fchj/mit.itu.dk.cer

to:

It is recommended that you retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue. Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).

Added lines 24-26:

The certificate is also here: http://itu.dk/people/fchj/mit.itu.dk.cer

Deleted lines 23-24:

An export of the certificate is here: http://itu.dk/people/sbut/mit.itu.dk.cert

Added line 19:
  • username is the user part only, without the domain (@itu.dk)
Changed line 26 from:

A student has contributed the following , via command line rather than GUI, which we share here as is - without having checked.

to:

A student has contributed the following guide to configuring wpa_supplicant directly, via command line rather than GUI, which we share here as is - without having checked.

Changed line 26 from:

A student has contributed the following [Main.eduroam_linux.cli | guide to configuring wpa_supplicant directly], via command line rather than GUI, which we share here as is - without having checked.

to:

A student has contributed the following , via command line rather than GUI, which we share here as is - without having checked.

Changed line 26 from:

A student has contributed the following , via command line rather than GUI, which we share here as is - without having checked.

to:

A student has contributed the following [Main.eduroam_linux.cli | guide to configuring wpa_supplicant directly], via command line rather than GUI, which we share here as is - without having checked.

Changed line 26 from:

A student has contributed the following [Main.eduroam_linux.cli| guide to configuring wpa_supplicant directly]], via command line rather than GUI, which we share here as is - without having checked.

to:

A student has contributed the following , via command line rather than GUI, which we share here as is - without having checked.

Added lines 25-26:

A student has contributed the following [Main.eduroam_linux.cli| guide to configuring wpa_supplicant directly]], via command line rather than GUI, which we share here as is - without having checked.

Changed line 15 from:
  • Anonymous Identity: <username>@itu.dk
to:
  • Anonymous Identity: @itu.dk
Changed line 22 from:

It is recommended that you retrieve the certificate through your browser, by going to https://mit.itu.dk , store it locally, and inform your WPA/802.1x clinet of its location, in the warning dialogue.

to:

It is recommended that you retrieve the certificate through your browser, by going to https://mit.itu.dk , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue.

Added lines 19-25:

A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate. A warning dialogue notifies you of this, but you are allowed to accept this potential security risk. It is recommended that you retrieve the certificate through your browser, by going to https://mit.itu.dk , store it locally, and inform your WPA/802.1x clinet of its location, in the warning dialogue.

An export of the certificate is here: http://itu.dk/people/sbut/mit.itu.dk.cert

Changed line 15 from:
  • Anonymous Identity: <leave blank>
to:
  • Anonymous Identity: <username>@itu.dk
Changed lines 1-2 from:

The IT departments general guide for eduroam is here:

to:

The IT Department's general guide for eduroam is here:

Added line 4:
Added line 14:
  • Anonymous Identity: <leave blank>
Changed lines 11-12 from:
  • WPA2
  • EAP (if neccessary to set - should be recognized automatically)
to:
  • WPA2 (Enterprise)
  • EAP (if it is neccessary to set this - should be recognized automatically)
Added line 16:
  • Then enter your general ITU username / password
Changed lines 5-7 from:

This page here describes how to connect under Ubuntu 10.04 - but should be valid for all flavors of GNU/Linux that support 802.1x.

to:

This page here describes how to connect under Ubuntu 9.10 - but should be valid for all flavors of GNU/Linux that support 802.1x.

Changed lines 15-17 from:
  • Inner Authentication MSCHAP v2
to:
  • Inner Authentication MSCHAP v2
Enabling eduroam in Ubuntu 9.10
Added lines 1-15:

The IT departments general guide for eduroam is here:

http://intranet.itu.dk/en/Intranet-hjem/Afdelinger/It-afdelingen/IT-Afdelingens-ABC/TrAadlost-internet.aspx

This page here describes how to connect under Ubuntu 10.04 - but should be valid for all flavors of GNU/Linux that support 802.1x.

  1. find network with SSID "eduroam" and connect to it
  2. configure security settings as
  • WPA2
  • EAP (if neccessary to set - should be recognized automatically)
  • authentication: Tunneled TLS
  • CA Certificate: None
  • Inner Authentication MSCHAP v2