Difference between revisions of "Netwerk draadloos handleidinglinux"

From Cncz
Jump to: navigation, search
Line 4: Line 4:
  
 
[nl]
 
[nl]
# '''Certificaat''':<br />Tot begin 2007 moest eerst het C&CZ root-certificaat geimporteerd worden. Dit hoeft nu niet meer, omdat C&CZ via SURFnet een GlobalSign certificaat gekocht heeft dat standaard vertrouwd wordt (met Certificate Authority "GTE CyberTrust Global Root").
+
# '''Certificaat''':Tot begin 2007 moest eerst het C&CZ root-certificaat geimporteerd worden. Dit hoeft nu niet meer, omdat C&CZ via SURFnet een GlobalSign certificaat gekocht heeft dat standaard vertrouwd wordt (met Certificate Authority "GTE CyberTrust Global Root").
# '''wpa_supplicant instellingen''':<br />Het volgende werkt met Ubuntu-dapper met gnome, en network-manager en wpasupplicant geinstalleerd. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>) Ik neem aan dat dit ook kan met KDE, etc. In de taakbalk zie je een applet rechts voor het netwerk. Klik op het icoontje, de aanwezige draadloze netwerken verschijnen. Klik op 'Science'. Je krijgt dan een invul-formulier. Vul de volgende velden in:
+
# '''wpa_supplicant instellingen''': Voor de meeste linux varianten geldt dat je een draadloze connectie kunt opzetten met behulp van wpa_supplicant.
 +
Het volgende werkt met network-manager en wpa_supplicant geinstalleerd. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>) Ik neem aan dat dit ook kan met KDE, etc. In de taakbalk zie je een applet rechts voor het netwerk. Klik op het icoontje, de aanwezige draadloze netwerken verschijnen. Klik op 'Science'. Je krijgt dan een invul-formulier. Vul de volgende velden in:
  
 
  Wireless security: WPA-enterprise
 
  Wireless security: WPA-enterprise
Line 14: Line 15:
 
  CA certificate file: /etc/cacert.pem  of waar de standaard certificate bundel ook mag staan op je PC.
 
  CA certificate file: /etc/cacert.pem  of waar de standaard certificate bundel ook mag staan op je PC.
  
Klik: Login to network. Wacht even en de verbinding wordt gemaakt. <br /> Als dat niet mocht werken, kan het ook door een bestand wpa_supplicant.conf te maken met de volgende inhoud:
+
Klik: Login to network. Wacht even en de verbinding wordt gemaakt. Als dat niet mocht werken, kan het ook door een bestand wpa_supplicant.conf te maken met de volgende inhoud:
 
   
 
   
 
  ctrl_interface=/var/run/wpa_supplicant
 
  ctrl_interface=/var/run/wpa_supplicant
Line 36: Line 37:
  
 
[en]
 
[en]
# '''Certificate''':<br />Until early 2007 one had to import the C&CZ root-certificate. This is no longer necessary, because C&CZ bought though SURFnet a GlobalSign certificate, which is trusted normally (with Certificate Authority "GTE CyberTrust Global Root").
+
# '''Certificate''': Until early 2007 one had to import the C&CZ root-certificate. This is no longer necessary, because C&CZ bought though SURFnet a GlobalSign certificate, which is trusted normally (with Certificate Authority "GTE CyberTrust Global Root").
# '''wpa_supplicant settings''':<br />The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>). I assume it also works for KDE, etc. In the task bar you will see an applet for the network on the right side. Click on the icon, then the available wireless networks will appear. Click on 'Science'. You will get a form. Fill in the following fields:
+
# '''wpa_supplicant settings''': For  most linux distributions you can set up a wireless connection using wpa_supplicant.
 +
The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>). I assume it also works for KDE, etc. In the task bar you will see an applet for the network on the right side. Click on the icon, then the available wireless networks will appear. Click on 'Science'. You will get a form. Fill in the following fields:
  
 
  Wireless security: WPA-enterprise
 
  Wireless security: WPA-enterprise
Line 45: Line 47:
 
  Password: (FNWI password)
 
  Password: (FNWI password)
 
  CA certificate file: browse to cacert.crt, or where the standard certificate bundle may be on your computer.
 
  CA certificate file: browse to cacert.crt, or where the standard certificate bundle may be on your computer.
Click: Login to network. Wait a moment and the connection will be established. <br /> If that doesn't work you can make a file wpa_supplicant.conf with the contents:
+
Click: Login to network. Wait a moment and the connection will be established. If that doesn't work you can make a file wpa_supplicant.conf with the contents:
 
   
 
   
 
  ctrl_interface=/var/run/wpa_supplicant
 
  ctrl_interface=/var/run/wpa_supplicant
Line 69: Line 71:
  
 
[nl]
 
[nl]
 +
Controleer dat network-manager en wpasupplicant geinstalleerd zijn. (Zo niet dan:<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>
 
Wanneer je Ubuntu 7.10 alias Gutsy Gibbon gebruikt gelden er iets andere spelregels dan hierboven.
 
Wanneer je Ubuntu 7.10 alias Gutsy Gibbon gebruikt gelden er iets andere spelregels dan hierboven.
 
Als eerste hoort de wpa_supplicant.conf file op de volgende plaats te staan:
 
Als eerste hoort de wpa_supplicant.conf file op de volgende plaats te staan:
Line 121: Line 124:
  
 
[en]
 
[en]
 +
Check that network-manager and wpasupplicant are installed. (If not: <code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>
 
If you are a Ubuntu 7.10/Gutsy Gibbon user, there are some differences that could lead to trouble.
 
If you are a Ubuntu 7.10/Gutsy Gibbon user, there are some differences that could lead to trouble.
 
First, the wpa_supplicant.conf file is in a different location, hard to find if you have little experience looking for it:
 
First, the wpa_supplicant.conf file is in a different location, hard to find if you have little experience looking for it:

Revision as of 17:36, 21 November 2007

Wireless network settings for Linux

General

  1. Certificate: Until early 2007 one had to import the C&CZ root-certificate. This is no longer necessary, because C&CZ bought though SURFnet a GlobalSign certificate, which is trusted normally (with Certificate Authority "GTE CyberTrust Global Root").
  2. wpa_supplicant settings: For most linux distributions you can set up a wireless connection using wpa_supplicant.

The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (sudo apt-get install wpasupplicant network-manager network-manager-gnome). I assume it also works for KDE, etc. In the task bar you will see an applet for the network on the right side. Click on the icon, then the available wireless networks will appear. Click on 'Science'. You will get a form. Fill in the following fields:

Wireless security: WPA-enterprise
EAP method: PEAP
Key-type: automatic
Identity: (FNWI username)
Password: (FNWI password)
CA certificate file: browse to cacert.crt, or where the standard certificate bundle may be on your computer.

Click: Login to network. Wait a moment and the connection will be established. If that doesn't work you can make a file wpa_supplicant.conf with the contents:

ctrl_interface=/var/run/wpa_supplicant
network={
  ssid="Science"
  proto=WPA
  key_mgmt=WPA-EAP
  eap=PEAP
  pairwise=TKIP
  identity="username"
  password="password"
  ca_cert="/etc/certs/ca.pem or where the standard certificate bundle may be on your computer"
  phase2="auth=MSCHAPV2"
# priority=10
}

Change in this file username and password to your own username and password. Move this file to the directory where network script can be found (for SUSE this is /etc/sysconfig/network, for Ubuntu it is /etc/network). Add the next line to your ifcfg file for your wireless interface. Of course you have to change the directory if you don't use SUSE.
WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'

Ubuntu Gutsy Gibbon

Check that network-manager and wpasupplicant are installed. (If not: sudo apt-get install wpasupplicant network-manager network-manager-gnome If you are a Ubuntu 7.10/Gutsy Gibbon user, there are some differences that could lead to trouble. First, the wpa_supplicant.conf file is in a different location, hard to find if you have little experience looking for it:

/etc/network/wpa_supplicant.conf

The contents of the file are identical, with the exception of the directories where the certificate/pem files are located: The ssl certificates are to be found here:

/etc/ssl/certs

This directory actually contains symlinks only, linking to this directory:

/usr/share/ca-certificates/<subdir>/<pem-file>

The /etc/ssl/certs directory also contains hashes of the pem files linked to. These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:

c_rehash ./

When you want to check wether everything is functioning properly you can use the following commands:

/sbin/wpa_supplicant -i<interface> -c<configfile>

Example:

/sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf

This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems. When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate.

First, check you have the following certificates:

GTE_CyberTrust_Global_Root.pem  
GTE_CyberTrust_Root_CA.pem
sureserverEDU.pem

You should already have the first two, the last one can be found here:

http://secure.globalsign.net/cacert/sureserverEDU.crt or
http://secure.globalsign.net/cacert/sureserverEDU.pem or
https://secure.globalsign.net/cacert/educational.crt

You need all three.

  1. Making a connection:
ifup eth1

or

root@localhost# ifconfig eth1 up

Replace eth1 with your own interface designation/number

  1. Debugging

When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:

NetworkManager -DD

Generates lots of output, usefull though.

wpa_supplicant -i<iface> -c<cfgfile>

Again, output output output

nm-tool

Displays the status of the NetworkManager managed devices, including wireless devices and extensions.

When the network applet in your gnome/kde tray dies, you can re-invoke it via the Run command.. menu:

nm-applet

SuSE 10.1 and the KNetworkManager

  1. Starting the KNetworkManager

If the KNetworkManager is not present as an Applet in the Panel it can be started by clicking "System -> Desktop Applet -> knetworkmanager (Networking Tool)" or by typing the command "knetworkmanager". If the "KNetworkManager" is not available install it with "System -> YaST (Control Center) - software management".

  1. Starting the wireless network

  1. Make sure the wireless switch on the laptop is ON.
  2. Click on KNetworkManager and choose the Wireless Network "Science".
  3. The default encryption is usually set to "WPA Personal". Change this to "WPA Enterprise".
  4. A menu with Advanced Settings should appear. The "EAP Method" must be "PEAP".
  5. Enter your FNWI username as "Identity:" and your Science/FNWI password.
  6. Click on "Connect".

If something goes wrong, perhaps because of a typo in the password or the wrong selection of the encryption, one may not get the opportunity to correct it because the second time one clicks on the KNetworkManager the menu may not appear and the wrong settings are used again. There may be an elegant solution to this problem that I don't know about, but this work-around might be useful:


  1. Exit [][the] KNetworkManager by clicking "Quit".
  2. Give the command: rm $HOME/.kde/share/config/knetworkmanagerrc
  3. Restart the KNetworkManager as described above, and try again.