Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:verejne:sit:wi-fi:linux [21.02.2021 23:37] – anonymous identity - upheld Pavel Valachen:verejne:sit:wi-fi:linux [30.09.2023 11:39] (current) – changed the CA certificate to USERTrust Pavel Valach
Line 1: Line 1:
-====== Set up Wi-Fi on Linux Ubuntu, NetworkManager, wpa_supplicant ======+====== Set up Wi-Fi on Linux – Ubuntu, NetworkManager, wpa_supplicant ======
  
 ===== Ubuntu, NetworkManager ===== ===== Ubuntu, NetworkManager =====
Line 21: Line 21:
        * **Anonymous identity**: ''anonymous@sin.cvut.cz''        * **Anonymous identity**: ''anonymous@sin.cvut.cz''
        * **Domain**: ''radius.sin.cvut.cz''        * **Domain**: ''radius.sin.cvut.cz''
-       * **CA certificate**: [[en:verejne:sit:cert|download and save it]] (download format PEM)+       * **CA certificate**: either browse to ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', or [[en:verejne:sit:cert|download and save it]] (download format PEM)
        * **Inner authentication**: PAP        * **Inner authentication**: PAP
-       * **Username** and **Password** is the same as your SINIS login. \\ You may also use the SIN email address, which you will find right after logging in to SINIS. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}+       * **Username**: use your SIN username or SIN email (find it after logging in to [[https://sinis.sin.cvut.cz|SINIS]]) 
 +       **Password**the same as for your SINIS login. \\ {{:en:verejne:sit:wi-fi:ubuntu-nm-profile-sec.png?nolink|}}
      * Confirm your settings by pushing the **Save** button.      * Confirm your settings by pushing the **Save** button.
 +
 +<note important>The picture has the certificate wrong! It's for illustration purposes only.</note>
  
 Now, your connection should be all set for secure Wi-Fi browsing. Now, your connection should be all set for secure Wi-Fi browsing.
Line 34: Line 37:
 In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below.  In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below. 
  
-Please [[en:verejne:sit:cert|download]] the proper **CA certificate** first (**DigiCert Assured ID Root CA**, PEM format) and save it. You will enter the path to this file in the wpa_supplicant configuration profile.+To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
  
 <file wpa_supplicant wpa_supplicant.conf> <file wpa_supplicant wpa_supplicant.conf>
Line 43: Line 46:
     eap=TTLS     eap=TTLS
     # path to the downloaded CA certificate     # path to the downloaded CA certificate
-    ca_cert="/etc/cert/digicert-ca.pem"+    ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
     domain_match="radius.sin.cvut.cz"     domain_match="radius.sin.cvut.cz"
     phase2="auth=PAP"     phase2="auth=PAP"
Line 56: Line 59:
 </file> </file>
  
 +===== iwd =====
  
 +//Contributed by our member Artem Poliakov (poliaart <at> fit.cvut.cz)! Thanks!//
 +
 +[[https://iwd.wiki.kernel.org/|iwd]] is a wireless daemon for Linux which aims to utilize features provided by the Linux Kernel to the maximum extent
 +possible. It can work in standalone mode or in combination with comprehensive network managers.
 +
 +If you want to connect to Wi-Fi using iwd, you need to place file called ''Sincoolka.8021x'' or ''Sincoolka 5G.8021x''
 +(depending on which network you'd like to connect) under ''/var/lib/iwd'' directory. The suggested contents can be found below.
 +
 +To properly verify that you are using our server, the CA certificate is necessary. It should be already on your system at path ''/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem'', so this configuration will use that. If you don't have it there, you may [[en:verejne:sit:cert|download it from us]] and save it. You will then enter the path to this file in the wpa_supplicant configuration profile.
 +
 +<file iwd Sincoolka.8021x>
 +[Security]
 +EAP-Method=TTLS
 +EAP-Identity=anonymous@sin.cvut.cz
 +EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
 +EAP-TTLS-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
 +EAP-TTLS-Phase2-Method=Tunneled-PAP
 +EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz
 +EAP-TTLS-Phase2-Password=YourStr0ngPa$$word
 +
 +[Settings]
 +AutoConnect=true
 +</file>
  • en/verejne/sit/wi-fi/linux.1613950646.txt.gz
  • Last modified: 21.02.2021 23:37
  • by Pavel Valach