en:verejne:sit:wi-fi:linux

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
en:verejne:sit:wi-fi:linux [07.09.2019 21:42] – translation of the beginning, plus some english screens Pavel Valachen:verejne:sit:wi-fi:linux [30.09.2023 11:39] (current) – changed the CA certificate to USERTrust Pavel Valach
Line 1: Line 1:
-FIXME **This page is not fully translated, yet. Please help completing the translation.**\\ //(remove this paragraph once the translation is finished)// +====== Set up Wi-Fi on Linux – Ubuntu, NetworkManager, wpa_supplicant ======
- +
-====== Set up Wi-Fi on Linux Ubuntu, NetworkManager, wpa_supplicant ======+
  
 ===== Ubuntu, NetworkManager ===== ===== Ubuntu, NetworkManager =====
Line 14: Line 12:
   - Expand the **Wi-Fi** category and look if you already have an existing Sincoolka profile - it might be a good idea to remove it with a **-** button (minus sign) if it does not work. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-step1.png?nolink|}}   - Expand the **Wi-Fi** category and look if you already have an existing Sincoolka profile - it might be a good idea to remove it with a **-** button (minus sign) if it does not work. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-step1.png?nolink|}}
   - Then, click the **+** button (plus sign) in the bottom toolbar.   - Then, click the **+** button (plus sign) in the bottom toolbar.
-  - V okně **Typ připojení** vyberte ze seznamu **Wi-Fi**. Potvrďte tlačítkem **Vytvořit...** \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-step2.png?nolink|}} +  - In the **Choose a Connection Type** window, pick **Wi-Fi** from the listThen click the **Create...** button \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-step2.png?nolink|}} 
-  - Otevře se okno s úpravou profilu+  - A window for describing network configuration will open
-     Vyplňte název profilu (např. Sincoolka). +     Fill out the name of the profile (can be anything, e.g. Sincoolka). 
-     Na kartě **Wi-Fi** vyplňte **SSID**: ''Sincoolka'' nebo ''Sincoolka 5G'' a ze seznamu **Zařízení** vyberte váš Wi-Fi adaptér. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-wifi.png?nolink|}} +     Switch to the **Wi-Fi** tab and fill out these - **SSID**: ''Sincoolka'' or ''Sincoolka 5G''. From the **Devices** list, choose your Wi-Fi adapter. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-wifi.png?nolink|}} 
-     Na kartě **Zabezpečení Wi-Fi** nastavte následující+     Switch to the **Wi-Fi Security** tab and set up the following
-       * **Zabezpečení**: WPA2-Enterprise +       * **Security**: WPA2-Enterprise 
-       * **Metoda ověření**: Tunneled TLS +       * **Authentication**: Tunneled TLS 
-       * **Anonymní identita**: můžete nechat prázdnou nebo vyplnit ''anonymous@sin.cvut.cz'' +       * **Anonymous identity**: ''anonymous@sin.cvut.cz'' 
-       * **Doména**: ''radius.sin.cvut.cz'' +       * **Domain**: ''radius.sin.cvut.cz'' 
-       * **Certifikát CA** si [[en:verejne:sit:cert|stáhněte]] (**DigiCert Assured ID Root CA**, formát PEM) +       * **CA certificate**: either browse to ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM) 
-       * **Vnitřní ověření**: PAP +       * **Inner authentication**: PAP 
-       * **Uživatelské jméno** **heslo** jako do SINISu. \\ Použít lze také SIN e-mail, který naleznete po přihlášení do SINISu. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}} +       * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]]) 
-     Vše potvrďte tlačítkem **Uložit**.+       * **Password**: the same as for your SINIS login. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}} 
 +     Confirm your settings by pushing the **Save** button.
  
-Nyní byste se měli být schopni připojit na Wi-Fi síť Sincoolka.+<note important>The picture has the certificate wrong! It's for illustration purposes only.</note> 
 + 
 +Now, your connection should be all set for secure Wi-Fi browsing.
  
 ===== wpa_supplicant ===== ===== wpa_supplicant =====
  
-WPA Supplicant je program, který se v Linuxu stará o podporu WPA zabezpečení Wi-Fi sítí. NetworkManager interně používá právě wpa_supplicant.+WPA Supplicant is an utility which enables WPA security support for Wi-Fi in Linux. NetworkManager uses wpa_supplicant internally.
  
-Pokud chcete používat tuto variantuníže naleznete ukázku definice sítě Sincoolka. Dále postupujte jako u nastavení eduroamu na stránkách CESNETu: https://www.eduroam.cz/cs/uzivatel/sw/nix/wpa_supplicant+In case you want to set up a wpa_supplicant profile manuallywe have prepared a Sincoolka network definition below
  
-Také si [[verejne:sit:cert|stáhněte]] **certifikát CA** (**DigiCert Assured ID Root CA**, formát PEM) a uložte na přístupné místoCestu k němu později zadáte do konfiguračního souboru. +To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save itYou will then enter the path to this file in the wpa_supplicant configuration profile.
- +
-Ukázka konfiguračního souboru pro WPA Supplicant:+
  
 <file wpa_supplicant wpa_supplicant.conf> <file wpa_supplicant wpa_supplicant.conf>
 network={ network={
-    ssid="Sincoolka" nebo Sincoolka 5G+    ssid="Sincoolka" or Sincoolka 5G
     scan_ssid=1     scan_ssid=1
     key_mgmt=WPA-EAP     key_mgmt=WPA-EAP
     eap=TTLS     eap=TTLS
-    # cesta ke stazenemu CA certifikatu +    # path to the downloaded CA certificate 
-    ca_cert="/etc/cert/digicert-ca.pem"+    ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
     domain_match="radius.sin.cvut.cz"     domain_match="radius.sin.cvut.cz"
     phase2="auth=PAP"     phase2="auth=PAP"
Line 53: Line 52:
     group=CCMP     group=CCMP
          
-    # Vase uzivatelske udaje+    # Your credentials
     identity="jiri.novak@sin.cvut.cz"     identity="jiri.novak@sin.cvut.cz"
     anonymous_identity="anonymous@sin.cvut.cz"     anonymous_identity="anonymous@sin.cvut.cz"
-    password="VaseSilneHeslo"+    password="YourStr0ngPa$$word"
 } }
 </file> </file>
  
 +===== iwd =====
  
 +//Contributed by our member Artem Poliakov (poliaart <at> fit.cvut.cz)! Thanks!//
 +
 +[[https://iwd.wiki.kernel.org/|iwd]] is a wireless daemon for Linux which aims to utilize features provided by the Linux Kernel to the maximum extent
 +possible. It can work in standalone mode or in combination with comprehensive network managers.
 +
 +If you want to connect to Wi-Fi using iwd, you need to place file called ''Sincoolka.8021x'' or ''Sincoolka 5G.8021x''
 +(depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below.
 +
 +To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
 +
 +<file iwd Sincoolka.8021x>
 +[Security]
 +EAP-Method=TTLS
 +EAP-Identity=anonymous@sin.cvut.cz
 +EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
 +EAP-TTLS-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
 +EAP-TTLS-Phase2-Method=Tunneled-PAP
 +EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz
 +EAP-TTLS-Phase2-Password=YourStr0ngPa$$word
 +
 +[Settings]
 +AutoConnect=true
 +</file>
  • en/verejne/sit/wi-fi/linux.1567892522.txt.gz
  • Last modified: 02.06.2020 15:18
  • (external edit)