en:verejne:sit:wi-fi:linux

This translation is older than the original page and might be outdated. See what has changed.

This is an old revision of the document!


Set up Wi-Fi on Linux – Ubuntu, NetworkManager, wpa_supplicant

When using a GUI, it is likely that you use NetworkManager for network configuration.

It is important to set up RADIUS server identity verification, as it will give you protection against rogue Wi-Fi access points and protect your password as well. That is why you should take the time to set your Wi-Fi connection properly. You will find verified walkthrough below.
  1. Run command nm-connection-editor (Advanced Network Configuration).
  2. Expand the Wi-Fi category and look if you already have an existing Sincoolka profile - it might be a good idea to remove it with a - button (minus sign) if it does not work.
  3. Then, click the + button (plus sign) in the bottom toolbar.
  4. In the Choose a Connection Type window, pick Wi-Fi from the list. Then click the Create… button
  5. A window for describing network configuration will open.
    • Fill out the name of the profile (can be anything, e.g. Sincoolka).
    • Switch to the Wi-Fi tab and fill out these - SSID: Sincoolka or Sincoolka 5G. From the Devices list, choose your Wi-Fi adapter.
    • Switch to the Wi-Fi Security tab and set up the following:
      • Security: WPA2-Enterprise
      • Authentication: Tunneled TLS
      • Anonymous identity: anonymous@sin.cvut.cz
      • Domain: radius.sin.cvut.cz
      • CA certificate: either browse to `/etc/ssl/certs/Comodo_AAA_Services_root.pem`, or download and save it (download format PEM)
      • Inner authentication: PAP
      • Username: use your SIN username or SIN email (find it after logging in to SINIS)
      • Password: the same as for your SINIS login.
    • Confirm your settings by pushing the Save button.

Now, your connection should be all set for secure Wi-Fi browsing.

WPA Supplicant is an utility which enables WPA security support for Wi-Fi in Linux. NetworkManager uses wpa_supplicant internally.

In case you want to set up a wpa_supplicant profile manually, we have prepared a Sincoolka network definition below.

Please download the proper **CA certificate** first and save it. You will enter the path to this file in the wpa_supplicant configuration profile.

wpa_supplicant.conf
network={
    ssid="Sincoolka"  # or Sincoolka 5G
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=TTLS
    # path to the downloaded CA certificate
    ca_cert="/etc/cert/sin-wifi-ca.pem"
    domain_match="radius.sin.cvut.cz"
    phase2="auth=PAP"
    pairwise=CCMP
    group=CCMP
 
    # Your credentials
    identity="jiri.novak@sin.cvut.cz"
    anonymous_identity="anonymous@sin.cvut.cz"
    password="YourStr0ngPa$$word"
}

Contributed by our member Artem Poliakov (poliaart <at> fit.cvut.cz)! Thanks!

iwd is a wireless daemon for Linux which aims to utilize features provided by the Linux Kernel to the maximum extent possible. It can work in standalone mode or in combination with comprehensive network managers.

If you want to connect to Wi-Fi using iwd, you need to place file called Sincoolka.8021x or Sincoolka 5G.8021x (depending on which network you'd like to connect) under /var/lib/iwd directory. The suggested contents can be found below.

Please download the proper CA certificate first and save it. You will enter the path to this file in the iwd configuration profile.

Sincoolka 5G.8021x
[Security]
EAP-Method=TTLS
EAP-Identity=anonymous@sin.cvut.cz
EAP-TTLS-ServerDomainMask=radius.sin.cvut.cz
EAP-TTLS-CACert=/etc/cert/downloaded-ca-certificate.pem
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=your.username@sin.cvut.cz
EAP-TTLS-Phase2-Password=YourStr0ngPa$$word
 
[Settings]
AutoConnect=true
  • en/verejne/sit/wi-fi/linux.1632145854.txt.gz
  • Last modified: 20.09.2021 13:50
  • by Pavel Valach