Difference between revisions of "Netwerk draadloos handleidinglinux"

From Cncz
Jump to: navigation, search
([Draadloze instellingen voor Linux][Wireless Installation Manual for Linux])
m
Line 44: Line 44:
 
De ssl certificaten staan in de volgende directory:
 
De ssl certificaten staan in de volgende directory:
 
  /etc/ssl/certs
 
  /etc/ssl/certs
Feitelijk staan hier alleen maar symlinks, deze verwijzen voor de netheid naar  
+
Feitelijk staan hier alleen maar symlinks, deze verwijzen naar  
 
  /usr/share/ca-certificates/<subdir>/<pem-file>
 
  /usr/share/ca-certificates/<subdir>/<pem-file>
  
Line 83: Line 83:
 
Geeft de status van de NetworkManager managed devices weer, incl. wireless extensies en informatie wat dat betreft.
 
Geeft de status van de NetworkManager managed devices weer, incl. wireless extensies en informatie wat dat betreft.
  
Indien je nm-applet in je ubuntu tray sterft, kun je hem proberen te reviven door  
+
Indien je nm-applet in je ubuntu tray sterft, kun je hem proberen te reviven door
 
  nm-applet
 
  nm-applet
direct aan te roepen als normale gebruiker ( bijvoorbeeld via het uitvoeren menu.
+
direct aan te roepen als normale gebruiker (bijvoorbeeld via het uitvoeren menu).
  
 
Succes!
 
Succes!
Line 121: Line 121:
 
# '''Ubuntu Gutsy Gibbon''':<br />
 
# '''Ubuntu Gutsy Gibbon''':<br />
 
If you are a Ubuntu 7.10/Gutsy Gibbon user there are some differences that could lead to trouble.
 
If you are a Ubuntu 7.10/Gutsy Gibbon user there are some differences that could lead to trouble.
First, the wpa_supplicant.conf file is located in a different location, hard to find if you have little experience looking for it:
+
First, the wpa_supplicant.conf file is in a different location, hard to find if you have little experience looking for it:
 
  /etc/network/wpa_supplicant.conf
 
  /etc/network/wpa_supplicant.conf
  
Line 149: Line 149:
 
  http://secure.globalsign.net/cacert/sureserverEDU.pem or
 
  http://secure.globalsign.net/cacert/sureserverEDU.pem or
 
  https://secure.globalsign.net/cacert/educational.crt
 
  https://secure.globalsign.net/cacert/educational.crt
You should in case it is necessary be able to find the other two when they are missing.
+
You need all three.
  
 
# '''Making a connection''':<br />
 
# '''Making a connection''':<br />
Line 160: Line 160:
 
When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:
 
When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:
 
  NetworkManager -DD
 
  NetworkManager -DD
Generates lost of output, usefull though.
+
Generates lots of output, usefull though.
 
  wpa_supplicant -i<iface> -c<cfgfile>
 
  wpa_supplicant -i<iface> -c<cfgfile>
 
Again, output output output
 
Again, output output output
Line 173: Line 173:
  
 
[[Category:Netwerk]]
 
[[Category:Netwerk]]
[[Category:Import]]
 

Revision as of 11:22, 15 November 2007

Handleiding Linux

Wireless Installation Manual for Linux


  1. Certificate:
    Until early 2007 one had to import the C&CZ root-certificate. This is no longer necessary, because C&CZ bought though SURFnet a GlobalSign certificate, which is trusted normally (with Certificate Authority "GTE CyberTrust Global Root").
  2. wpa_supplicant settings:

    The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (sudo apt-get install wpasupplicant network-manager network-manager-gnome). I assume it also works for KDE, etc. In the task bar you will see an applet for the network on the right side. Click on the icon, then the available wireless networks will appear. Click on 'Science'. You will get a form. Fill in the following fields:
Wireless security: WPA-enterprise
EAP method: PEAP
Key-type: automatic
Identity: (FNWI username)
Password: (FNWI password)
CA certificate file: browse to cacert.crt, or where the standard certificate bundle may be on your computer.

Click: Login to network. Wait a moment and the connection will be established.
If that doesn't work you can make a file wpa_supplicant.conf with the contents:

ctrl_interface=/var/run/wpa_supplicant
network={
  ssid="Science"
  proto=WPA
  key_mgmt=WPA-EAP
  eap=PEAP
  pairwise=TKIP
  identity="username"
  password="password"
  ca_cert="/etc/certs/ca.pem or where the standard certificate bundle may be on your computer"
  phase2="auth=MSCHAPV2"
# priority=10
}

Change in this file username and password to your own username and password. Move this file to the directory where network script can be found (for SUSE this is /etc/sysconfig/network, for Ubuntu it is /etc/network). Add the next line to your ifcfg file for your wireless interface. Of course you have to change the directory if you don't use SUSE.
WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'
  1. Ubuntu Gutsy Gibbon:

If you are a Ubuntu 7.10/Gutsy Gibbon user there are some differences that could lead to trouble. First, the wpa_supplicant.conf file is in a different location, hard to find if you have little experience looking for it:

/etc/network/wpa_supplicant.conf

The contents of the file are identical, with the exception of the directories where the certificate/pem files are located: The ssl certificates are to be found here:

/etc/ssl/certs

This directory actually contains symlinks only, linking to this directory:

/usr/share/ca-certificates/<subdir>/<pem-file>

The /etc/ssl/certs directory also contains hashes of the pem files linked to. These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:

c_rehash ./

When you want to check wether everything is functioning properly you can use the following commands:

/sbin/wpa_supplicant -i<interface> -c<configfile>

Example:

/sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf

This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems. When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate.

First, check you have the following certificates:

GTE_CyberTrust_Global_Root.pem  
GTE_CyberTrust_Root_CA.pem
sureserverEDU.pem

You should already have the first two, the last one can be found here:

http://secure.globalsign.net/cacert/sureserverEDU.crt or
http://secure.globalsign.net/cacert/sureserverEDU.pem or
https://secure.globalsign.net/cacert/educational.crt

You need all three.

  1. Making a connection:
ifup eth1

or

root@localhost# ifconfig eth1 up

Replace eth1 with your own interface designation/number

  1. Debugging

When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:

NetworkManager -DD

Generates lots of output, usefull though.

wpa_supplicant -i<iface> -c<cfgfile>

Again, output output output

nm-tool

Displays the status of the NetworkManager managed devices, including wireless devices and extensions.

When the network applet in your gnome/kde tray dies, you can re-invoke it via the Run command.. menu:

nm-applet

Succes!/Good Luck!