Wireless: Difference between revisions
m (fixed link) |
(→netctl: update ArchLinux path; also add domain_suffix_match for extra security) |
||
(9 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
'''csc-wireless no longer exists. Members are advised to use |
'''csc-wireless no longer exists. Members are advised to use eduroam or uw-unsecured.''' |
||
== Rosetta Stone == |
|||
See IST's page http://ist.uwaterloo.ca/cs/wireless.html for Windows and other devices. |
|||
The ca_cert line is only needed to verify the authenticity of the eduroam AP, and is otherwise not actually needed to connect to it. Keep in mind that removing it from your config means that you are technically vulnerable to someone creating a fake eduroam access point and using it to grab your Quest login, though honestly the chances of this ever happening on campus are extremely unlikely. |
|||
=== Linux === |
|||
If you don't wish to have your password floating around in a text file in /etc, then (at least for the wpa_supplicant based network managers) you may take the output of |
|||
echo -n "hunter2" | iconv -t utf16le | openssl md4 |
|||
and replace the password line with |
|||
password=hash:HASH_HERE |
|||
==== netctl ==== |
|||
Toss this into /etc/netctl/, making sure you edit identity and password. Replace wlan0 with the correct interface. Your correct interface can probably be seen in the output of |
|||
ip link |
|||
and probably is the one that starts with 'w'. |
|||
To connect, run sudo netctl start eduroam |
|||
Connection='wireless' |
|||
Interface=wlan0 |
|||
Security='wpa-configsection' |
|||
IP='dhcp' |
|||
WPAConfigSection=( |
|||
'identity="userid@uwaterloo.ca"' |
|||
'password="hunter2"' |
|||
'ssid="eduroam"' |
|||
'key_mgmt=WPA-EAP' |
|||
'eap=PEAP' |
|||
'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"' |
|||
'domain_suffix_match="uwaterloo.ca"' |
|||
) |
|||
==== wicd ==== |
|||
Toss this into /etc/wicd/encryption/templates/ and edit /etc/wicd/encryption/templates/active to include a line with eduroam. |
|||
name = Eduroam UW |
|||
author = Steven She |
|||
version = 1 |
|||
require username *Username password *Password |
|||
----- |
|||
ctrl_interface=/var/run/wpa_supplicant |
|||
network={ |
|||
ssid="$_ESSID" |
|||
scan_ssid="$_SCAN" |
|||
proto=RSN |
|||
key_mgmt=WPA-EAP |
|||
pairwise=CCMP |
|||
group=CCMP |
|||
eap=PEAP |
|||
identity="$_USERNAME" |
|||
password="$_PASSWORD" |
|||
ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt" |
|||
phase2="auth=MSCHAPV2" |
|||
} |
|||
==== wpa_supplicant ==== |
|||
add this to a file in /etc/wpa_supplicant/. |
|||
network={ |
|||
ssid="eduroam" |
|||
proto=RSN |
|||
key_mgmt=WPA-EAP |
|||
pairwise=CCMP |
|||
group=CCMP |
|||
eap=PEAP |
|||
identity="userid@uwaterloo.ca" |
|||
password="hunter2" |
|||
ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt" |
|||
phase2="auth=MSCHAPV2" |
|||
} |
|||
The previous setup has been [http://wiki.csclub.uwaterloo.ca/Wireless?oldid=2297 archived] for posterity. |
The previous setup has been [http://wiki.csclub.uwaterloo.ca/Wireless?oldid=2297 archived] for posterity. |
||
[[Category:Systems]] |
Latest revision as of 20:58, 19 June 2018
csc-wireless no longer exists. Members are advised to use eduroam or uw-unsecured.
Rosetta Stone
See IST's page http://ist.uwaterloo.ca/cs/wireless.html for Windows and other devices.
The ca_cert line is only needed to verify the authenticity of the eduroam AP, and is otherwise not actually needed to connect to it. Keep in mind that removing it from your config means that you are technically vulnerable to someone creating a fake eduroam access point and using it to grab your Quest login, though honestly the chances of this ever happening on campus are extremely unlikely.
Linux
If you don't wish to have your password floating around in a text file in /etc, then (at least for the wpa_supplicant based network managers) you may take the output of
echo -n "hunter2" | iconv -t utf16le | openssl md4
and replace the password line with
password=hash:HASH_HERE
netctl
Toss this into /etc/netctl/, making sure you edit identity and password. Replace wlan0 with the correct interface. Your correct interface can probably be seen in the output of
ip link
and probably is the one that starts with 'w'.
To connect, run sudo netctl start eduroam
Connection='wireless' Interface=wlan0 Security='wpa-configsection' IP='dhcp' WPAConfigSection=( 'identity="userid@uwaterloo.ca"' 'password="hunter2"' 'ssid="eduroam"' 'key_mgmt=WPA-EAP' 'eap=PEAP' 'ca_cert="/etc/ssl/certs/GlobalSign_Root_CA.pem"' 'domain_suffix_match="uwaterloo.ca"' )
wicd
Toss this into /etc/wicd/encryption/templates/ and edit /etc/wicd/encryption/templates/active to include a line with eduroam.
name = Eduroam UW author = Steven She version = 1 require username *Username password *Password ----- ctrl_interface=/var/run/wpa_supplicant network={ ssid="$_ESSID" scan_ssid="$_SCAN" proto=RSN key_mgmt=WPA-EAP pairwise=CCMP group=CCMP eap=PEAP identity="$_USERNAME" password="$_PASSWORD" ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt" phase2="auth=MSCHAPV2" }
wpa_supplicant
add this to a file in /etc/wpa_supplicant/.
network={ ssid="eduroam" proto=RSN key_mgmt=WPA-EAP pairwise=CCMP group=CCMP eap=PEAP identity="userid@uwaterloo.ca" password="hunter2" ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt" phase2="auth=MSCHAPV2" }
The previous setup has been archived for posterity.