Differences

This shows you the differences between two versions of the page.

--- en:verejne:sit:wi-fi:linux [27.10.2020 13:33] – Pavel Valach
+++ en:verejne:sit:wi-fi:linux [25.09.2021 16:33] – [Ubuntu, NetworkManager] Pavel Valach
@@ Line 1: / Line 1: @@
-====== Set up Wi-Fi on Linux - Ubuntu, NetworkManager, wpa_supplicant ======
+====== Set up Wi-Fi on Linux – Ubuntu, NetworkManager, wpa_supplicant ======
 ===== Ubuntu, NetworkManager =====
@@ Line 19: / Line 19: @@
        * **Security**: WPA2-Enterprise
        * **Authentication**: Tunneled TLS
-       * **Anonymous identity**: you may leave the field blank or fill out ''anonymous@sin.cvut.cz''
+       * **Anonymous identity**: ''anonymous@sin.cvut.cz''
        * **Domain**: ''radius.sin.cvut.cz''
-       * **CA certificate**: [[en:verejne:sit:cert|download and save it]] (download format PEM)
+       * **CA certificate**: either browse to ''/etc/ssl/certs/Comodo_AAA_Services_root.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM)
        * **Inner authentication**: PAP
-       * **Username** and **Password** is the same as your SINIS login. \\ You may also use the SIN email address, which you will find right after logging in to SINIS. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}
+       * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]])
+       * **Password**: the same as for your SINIS login. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}
      * Confirm your settings by pushing the **Save** button.
+<note important>The picture has the certificate wrong! It's for illustration purposes only.</note>
 Now, your connection should be all set for secure Wi-Fi browsing.
@@ Line 34: / Line 37: @@
 In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below.
-Please [[en:verejne:sit:cert|download]] the proper **CA certificate** first (**DigiCert Assured ID Root CA**, PEM format) and save it. You will enter the path to this file in the wpa_supplicant configuration profile.
+Please [[en:verejne:sit:cert|download the proper **CA certificate** first]] and save it. You will enter the path to this file in the wpa_supplicant configuration profile.
 <file wpa_supplicant wpa_supplicant.conf>
@@ Line 43: / Line 46: @@
     eap=TTLS
     # path to the downloaded CA certificate
-    ca_cert="/etc/cert/digicert-ca.pem"
+    ca_cert="/etc/cert/sin-wifi-ca.pem"
     domain_match="radius.sin.cvut.cz"
     phase2="auth=PAP"
@@ Line 56: / Line 59: @@
 </file>
+===== iwd =====
+//Contributed by our member Artem Poliakov (poliaart <at> fit.cvut.cz)! Thanks!//
+[[https://iwd.wiki.kernel.org/|iwd]] is a wireless daemon for Linux which aims to utilize features provided by the Linux Kernel to the maximum extent
+possible. It can work in standalone mode or in combination with comprehensive network managers.
+If you want to connect to Wi-Fi using iwd, you need to place file called ''Sincoolka.8021x'' or ''Sincoolka 5G.8021x''
+(depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below.
+Please [[en:verejne:sit:cert|download the proper CA certificate first]] and save it. You will enter the path to this file in the iwd configuration profile.
+<file iwd Sincoolka 5G.8021x>
+[Security]
+EAP-Method=TTLS
+EAP-Identity=anonymous@sin.cvut.cz
+EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
+EAP-TTLS-CACert=/etc/cert/downloaded-ca-certificate.pem
+EAP-TTLS-Phase2-Method=Tunneled-PAP
+EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz
+EAP-TTLS-Phase2-Password=YourStr0ngPa$$word
+[Settings]
+AutoConnect=true
+</file>