Last active
April 26, 2022 17:51
-
-
Save grawity/bda6233d3b58ced735fa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE | |
| # | |
| # Eduroam settings are organization-specific. | |
| # | |
| # If something works with *@foobar.edu, that _does_not_mean_ the same | |
| # settings automatically work elsewhere. | |
| # | |
| # Fortunately, *most* sites use very similar settings – password logins via | |
| # PEAP or TTLS. That's what this example covers. | |
| # | |
| # NOTE 2 | |
| # | |
| # If your organization tells you to use "eduroam CAT", *use it!* | |
| # It supports both NetworkManager and wpa_supplicant. | |
| # | |
| # USAGE | |
| # | |
| # wpa_supplicant -i wlan0 -c eduroam.conf | |
| ctrl_interface=/run/wpa_supplicant | |
| network={ | |
| # The network itself. | |
| ssid="eduroam" | |
| key_mgmt=WPA-EAP | |
| # Credentials. | |
| # This example is only for password-based logins. | |
| identity="example@washington.edu" | |
| password="flutterdash" | |
| # Certificates. | |
| # Eduroam sites work just like HTTPS sites -- they have a SSL certificate | |
| # which gets verified against a "CA cert". We'll use the standard ones. | |
| # (If your organization uses a custom CA, you need to put it here.) | |
| ca_cert="/etc/ssl/cert.pem" | |
| domain_suffix_match="washington.edu" | |
| # Authentication method choices. | |
| # Your organization should tell you what to use. | |
| # Or, if you're lucky, just enable both and the server will choose. | |
| eap=PEAP TTLS | |
| #eap=PEAP | |
| #eap=TTLS | |
| # If you're unlucky, try these manual combinations. | |
| # They're all equal in terms of security. | |
| #eap=PEAP | |
| #phase2="auth=MSCHAPV2" | |
| #eap=TTLS | |
| #phase2="autheap=MSCHAPV2" | |
| #eap=TTLS | |
| #phase2="auth=MSCHAPV2" | |
| #eap=PEAP | |
| #phase2="auth=GTC" | |
| #eap=TTLS | |
| #phase2="autheap=GTC" | |
| #eap=TTLS | |
| #phase2="auth=PAP" | |
| # If it *still* doesn't work, ugh. | |
| # If you get SSL errors, uncomment one for broken RADIUS servers: | |
| #phase1="tls_disable_tlsv1_2=1" | |
| #phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1" | |
| # Some organizations require this: | |
| #phase1="peaplabel=1" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: wpa_supplicant -i wlan0 -c eduroam.conf | |
| ctrl_interface=/run/wpa_supplicant | |
| network={ | |
| # required: network type | |
| ssid="eduroam" | |
| key_mgmt=WPA-EAP | |
| eap=PEAP TTLS | |
| # required: client credentials | |
| identity="example@washington.edu" | |
| password="flutterdash" | |
| # optional: server verification | |
| ca_cert="/etc/ssl/cert.pem" | |
| domain_suffix_match="washington.edu" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Doing the same with NetworkManager. | |
| nmcli con add \ | |
| type wifi \ | |
| ifname "wlan0" \ | |
| ssid "eduroam" \ | |
| wifi-sec.key-mgmt "wpa-eap" \ | |
| 802-1x.identity "example@washington.edu" \ | |
| 802-1x.password "flutterdash" \ | |
| 802-1x.system-ca-certs "yes" \ | |
| 802-1x.domain-suffix-match "washington.edu" \ | |
| 802-1x.eap "peap" \ | |
| 802-1x.phase2-auth "mschapv2" \ | |
| ; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment