Difference between revisions of "Wireless"

From CSCWiki
Jump to navigation Jump to search
(add information about MSCHAPv2 hashing; add profiles for wpa_supplicant and netctl)
Line 8: Line 8:
   
 
=== Linux ===
 
=== Linux ===
  +
If you don't wish to have your password floating around in a text file in /etc, then (at least for the wpa_supplicant based network managers) you may take the output of
  +
echo -n "hunter2" | iconv -t utf16le | openssl md4
  +
and replace the password line with
  +
password=hash:HASH_HERE
  +
 
==== netcfg ====
 
==== netcfg ====
 
Toss this into /etc/network.d/, making sure you edit identity and password. sudo netcfg eduroam
 
Toss this into /etc/network.d/, making sure you edit identity and password. sudo netcfg eduroam
Line 22: Line 27:
 
group=CCMP
 
group=CCMP
 
eap=PEAP
 
eap=PEAP
#anonymous_identity="anonymous"
 
 
identity="userid@uwaterloo.ca"
 
identity="userid@uwaterloo.ca"
 
password="hunter2"
 
password="hunter2"
  +
ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
  +
phase2="auth=MSCHAPV2"'
  +
  +
  +
==== netctl ====
  +
Toss this into /etc/netctl/, making sure you edit identity and password. sudo netctl start eduroam
  +
  +
Connection='wireless'
  +
Interface=wlan0
  +
Security='wpa-configsection'
  +
IP='dhcp'
  +
WPAConfigSection=(
  +
ssid="eduroam"
  +
proto=RSN
  +
key_mgmt=WPA-EAP
  +
pairwise=CCMP
  +
group=CCMP
  +
eap=PEAP
  +
identity="userid@uwaterloo.ca"
  +
'password="hunter2"'
 
ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
 
ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
 
phase2="auth=MSCHAPV2"
 
phase2="auth=MSCHAPV2"
  +
)
priority=1'
 
  +
   
 
==== wicd ====
 
==== wicd ====
Line 51: Line 76:
 
phase2="auth=MSCHAPV2"
 
phase2="auth=MSCHAPV2"
 
}
 
}
  +
  +
==== wpa_supplicant ====
  +
network={
  +
ssid="eduroam"
  +
proto=RSN
  +
key_mgmt=WPA-EAP
  +
pairwise=CCMP
  +
group=CCMP
  +
eap=PEAP
  +
identity="userid@uwaterloo.ca"
  +
password="hunter2"
  +
ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
  +
phase2="auth=MSCHAPV2"
  +
}
  +
  +
   
 
The previous setup has been [http://wiki.csclub.uwaterloo.ca/Wireless?oldid=2297 archived] for posterity.
 
The previous setup has been [http://wiki.csclub.uwaterloo.ca/Wireless?oldid=2297 archived] for posterity.

Revision as of 22:46, 9 September 2014

csc-wireless no longer exists. Members are advised to use eduroam or uw-unsecured.


Rosetta Stone

See IST's page http://ist.uwaterloo.ca/cs/wireless.html for Windows and other devices.

The ca_cert line is only needed to verify the authenticity of the eduroam AP, and is otherwise not actually needed to connect to it. Keep in mind that removing it from your config means that you are technically vulnerable to someone creating a fake eduroam access point and using it to grab your Quest login, though honestly the chances of this ever happening on campus are extremely unlikely.

Linux

If you don't wish to have your password floating around in a text file in /etc, then (at least for the wpa_supplicant based network managers) you may take the output of

echo -n "hunter2" | iconv -t utf16le | openssl md4

and replace the password line with

password=hash:HASH_HERE

netcfg

Toss this into /etc/network.d/, making sure you edit identity and password. sudo netcfg eduroam

CONNECTION='wireless'
INTERFACE=wlan0
SECURITY='wpa-configsection'
IP='dhcp'
CONFIGSECTION='
    ssid="eduroam"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP
    eap=PEAP
    identity="userid@uwaterloo.ca"
    password="hunter2"
    ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
    phase2="auth=MSCHAPV2"'


netctl

Toss this into /etc/netctl/, making sure you edit identity and password. sudo netctl start eduroam

Connection='wireless'
Interface=wlan0
Security='wpa-configsection'
IP='dhcp'
WPAConfigSection=(
    ssid="eduroam"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP
    eap=PEAP
    identity="userid@uwaterloo.ca"
    'password="hunter2"'
    ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
    phase2="auth=MSCHAPV2"
)


wicd

Toss this into /etc/wicd/encryption/templates/ and edit /etc/wicd/encryption/templates/active to include a line with eduroam.

name = Eduroam UW
author = Steven She
version = 1
require username *Username password *Password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
    ssid="$_ESSID"
    scan_ssid="$_SCAN"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP
    eap=PEAP
    identity="$_USERNAME"
    password="$_PASSWORD"
    ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
    phase2="auth=MSCHAPV2"
}

wpa_supplicant

network={
    ssid="eduroam"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP
    eap=PEAP                                      
    identity="userid@uwaterloo.ca"
    password="hunter2"
    ca_cert="/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt"
    phase2="auth=MSCHAPV2"
}


The previous setup has been archived for posterity.