Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# NOTE
#
# Eduroam settings are organization-specific.
#
# If something works with *@foobar.edu, that _does_not_mean_ the same
# settings automatically work elsewhere.
#
# Fortunately, *most* sites use very similar settings – password logins via
# PEAP or TTLS. That's what this example covers.
#
# NOTE 2
#
# If your organization tells you to use "eduroam CAT", *use it!*
# It supports both NetworkManager and wpa_supplicant.
#
# USAGE
#
# wpa_supplicant -i wlan0 -c eduroam.conf
ctrl_interface=/run/wpa_supplicant
network={
# The network itself.
ssid="eduroam"
key_mgmt=WPA-EAP
# Credentials.
# This example is only for password-based logins.
identity="example@washington.edu"
password="flutterdash"
# Certificates.
# Eduroam sites work just like HTTPS sites -- they have a SSL certificate
# which gets verified against a "CA cert". We'll use the standard ones.
# (If your organization uses a custom CA, you need to put it here.)
ca_cert="/etc/ssl/cert.pem"
domain_suffix_match="washington.edu"
# Authentication method choices.
# Your organization should tell you what to use.
# Or, if you're lucky, just enable both and the server will choose.
eap=PEAP TTLS
#eap=PEAP
#eap=TTLS
# If you're unlucky, try these manual combinations.
# They're all equal in terms of security.
#eap=PEAP
#phase2="auth=MSCHAPV2"
#eap=TTLS
#phase2="autheap=MSCHAPV2"
#eap=TTLS
#phase2="auth=MSCHAPV2"
#eap=PEAP
#phase2="auth=GTC"
#eap=TTLS
#phase2="autheap=GTC"
#eap=TTLS
#phase2="auth=PAP"
# If it *still* doesn't work, ugh.
# If you get SSL errors, uncomment one for broken RADIUS servers:
#phase1="tls_disable_tlsv1_2=1"
#phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
# Some organizations require this:
#phase1="peaplabel=1"
}
# Usage: wpa_supplicant -i wlan0 -c eduroam.conf
ctrl_interface=/run/wpa_supplicant
network={
# required: network type
ssid="eduroam"
key_mgmt=WPA-EAP
eap=PEAP TTLS
# required: client credentials
identity="example@washington.edu"
password="flutterdash"
# optional: server verification
ca_cert="/etc/ssl/cert.pem"
domain_suffix_match="washington.edu"
}
# Doing the same with NetworkManager.
nmcli con add \
type wifi \
ifname "wlan0" \
ssid "eduroam" \
wifi-sec.key-mgmt "wpa-eap" \
802-1x.identity "example@washington.edu" \
802-1x.password "flutterdash" \
802-1x.system-ca-certs "yes" \
802-1x.domain-suffix-match "washington.edu" \
802-1x.eap "peap" \
802-1x.phase2-auth "mschapv2" \
;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment