Lysdexic
Posts: 8
Joined: Fri Sep 07, 2012 5:58 pm

connecting to 802.1x network

Fri Sep 07, 2012 6:23 pm

Hey guys,

My university (University of Pittsburgh) offers wired connections in the dorms that use 802.1x network authentication. Is there anyway I can connect my RPi to this and get working internet access? There is also a wireless network but I'm not going to buy a dongle unless I know that will work.

Thanks

User avatar
jecxjo
Posts: 158
Joined: Sat May 19, 2012 5:22 pm
Location: Minneapolis, MN (USA)

Re: connecting to 802.1x network

Fri Sep 07, 2012 8:30 pm

Linux has support for 802.1X using wpa_supplicant.

http://www.stevens.edu/itwiki/w/index.p ... red_802.1x

Here is an example of using wpa_supplicant for 802.1X for a wired connection on another campus. You'll probably want to shoot an email to your university's IT department on specifics of the parameters you'll need. I've never tried wpa_supplicant on a wired connection but the standard is the standard so hopefully you'll have good luck.
xmpp: jecxjo@dukgo.com
Blog: http://jecxjo.motd.org/code

Lysdexic
Posts: 8
Joined: Fri Sep 07, 2012 5:58 pm

Re: connecting to 802.1x network

Sat Sep 08, 2012 7:06 am

jecxjo wrote:Linux has support for 802.1X using wpa_supplicant.

http://www.stevens.edu/itwiki/w/index.p ... red_802.1x

Here is an example of using wpa_supplicant for 802.1X for a wired connection on another campus. You'll probably want to shoot an email to your university's IT department on specifics of the parameters you'll need. I've never tried wpa_supplicant on a wired connection but the standard is the standard so hopefully you'll have good luck.
Thanks I'll definitely give this a try!

And sorry for the redundant post I didn't think it went through since I missed the whole "A mod must approve the post" thing.

I'll try this tomorrow and get back to you all

Lysdexic
Posts: 8
Joined: Fri Sep 07, 2012 5:58 pm

Re: connecting to 802.1x network

Sat Sep 08, 2012 5:22 pm

Okay, so I'm a huge linux noob, so I need a little clarification on that guide you posted.

1. "download this config file to /etc/." where is /etc/? When i put the flashed sd card in my laptop I can't explore any folders or anything, and I can't find anyway to explorer directories in raspian.

2. It says to "chmod +x" a file. What do I do there?

User avatar
Licaon_Kter
Posts: 240
Joined: Wed Sep 05, 2012 10:12 am
Location: Between the keyboard and the chair.

Re: connecting to 802.1x network

Mon Sep 10, 2012 7:50 am

do these on the running Pi if you don't have another Linux computer
some more info: http://elinux.org/RPi_Peripherals
BFQ+BFS or RT on a RPi? 4'real: https://github.com/licaon-kter/ (source and compiled!)

User avatar
jecxjo
Posts: 158
Joined: Sat May 19, 2012 5:22 pm
Location: Minneapolis, MN (USA)

Re: connecting to 802.1x network

Mon Sep 10, 2012 4:50 pm

Lysdexic wrote:Okay, so I'm a huge linux noob, so I need a little clarification on that guide you posted.

1. "download this config file to /etc/." where is /etc/? When i put the flashed sd card in my laptop I can't explore any folders or anything, and I can't find anyway to explorer directories in raspian.

2. It says to "chmod +x" a file. What do I do there?
1. So all of the info described on the link is performed on the Pi. You'll want to hook the pi to a display, connect a keyboard and go from there. Depending on the Distro you selected you can either get their via the GUI (Nautilus if you are running Gnome) or open a terminal window. I'd go the GUI route if you are new to linux. Open the /etc folder and create the file described.

2. The "chmod +x" command is performed via the terminal. chmod is the tool to "Change File Modes", i.e. make a file Readable, Writable and Executable. The first argument says "who has what type of access."
  • + Owner
  • g+ Group
  • a+ Everyone else
  • r Read Access
  • w Write Access
  • x Executable Access
So for this example its saying "Allow the owner of this file executable access." If you wanted to make the group able to read you'd put "chmod g+r <file>". If you wanted everyone else to have no access you'd put "chmod a-rwx <file>".

Now that I've explained it, heres what you do to install (just following the instructions)

Code: Select all

sudo wget -O /etc/wpa_supplicant.wired.conf http://www.stevens.edu/itwiki/files/wpa_supplicant.wired.conf
sudo nano /etc/wpa_supplicant.wired.conf
sudo wget -O /usr/bin/802wired.sh http://www.stevens.edu/itwiki/files/802wired.sh
sudo chmod +x /usr/bin/802wired.sh
NOTE: I'm using nano to edit the file but if you are running a GUI use your favorite editor such as gedit (sudo gedit /etc/wpa_supplicant.wired.conf)

Then when you want to set it up, plug in the ethernet cable and run

Code: Select all

sudo /usr/bin/802wired.sh
NOTE: The link provided assumed that wpa_supplicant was installed. Use your package manager to install it

Debian

Code: Select all

sudo apt-get install wireless-tools
Arch

Code: Select all

sudo pacman -S wpa_supplicant
Good Luck!
xmpp: jecxjo@dukgo.com
Blog: http://jecxjo.motd.org/code

Lysdexic
Posts: 8
Joined: Fri Sep 07, 2012 5:58 pm

Re: connecting to 802.1x network

Tue Sep 11, 2012 9:33 pm

Thanks for all the help so far,

When trying to install wpa_supplicant I get fatal error "netlink/genl/genl.h: no such file or directory.

What do I do now?

User avatar
jecxjo
Posts: 158
Joined: Sat May 19, 2012 5:22 pm
Location: Minneapolis, MN (USA)

Re: connecting to 802.1x network

Wed Sep 12, 2012 4:12 am

Files are owned by libnl. Trying installing libnl-dev
xmpp: jecxjo@dukgo.com
Blog: http://jecxjo.motd.org/code

Lysdexic
Posts: 8
Joined: Fri Sep 07, 2012 5:58 pm

Re: connecting to 802.1x network

Wed Sep 12, 2012 4:09 pm

Sigh, I'm still having issues

I went to the site and downloaded libnl-3-200 and libnl-3-dev which were both .deb files

I then ran sudo dpkg -i on both .deb files

Then I ran tried to install wpa_supplicant again. This time it immediately fails with the netlink/genl/genl.g: no such file or directory error. I guess I should note that before it would fail after running for around 5 minutes or so. Now it fails immediately

Sorry, I still can't get it working :\

Andresen
Posts: 38
Joined: Tue Aug 14, 2012 10:25 pm

Re: connecting to 802.1x network

Fri Sep 14, 2012 12:03 am

Okay - I've just tried to get 802.1x running on a Raspberry Pi.

As the image 2012-08-16-wheezy-raspbian.img already includes wpa_supplicant, it was just a matter of writing the configuration file and running wpa_supplicant (no need to download or compile anything).

The exact content of the configuration depends on how 802.1x is configured - in my test, I used:

Code: Select all

pi@raspberrypi ~ $ cat /etc/wpa_supplicant/wpa_supplicant
ctrl_interface=/var/run/wpa_supplicant
network={
   proto=WPA
   key_mgmt=WPA-EAP
   pairwise=CCMP
   eap=PEAP
   identity="username@example.com"
   password="mySecret"
   phase2="auth=MSCHAPV2"
}
pi@raspberrypi ~ $ 
To start wpa_supplicant, I used:

Code: Select all

sudo wpa_supplicant -Dwired -ieth0 -c /etc/wpa_supplicant/wpa_supplicant
If your username/password is correct, this should print some lines and end with something like:
eth0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server Certificate/emailAddress=admin@example.com'
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
eth0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

In a perfect world, I should verify the identity of the 802.1x server and remove my password from the file. As my test-setup does not include a signed certificat, I can only remove my password and use a configuration like:

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=adm

network={
   proto=WPA
   key_mgmt=WPA-EAP
   pairwise=CCMP
   eap=PEAP
   identity="user@example.com"
   phase2="auth=MSCHAPV2"
}
To supply the password, run the command wpa_cli like this:
pi@raspberrypi ~ $ wpa_cli
wpa_cli v1.0
Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi> and contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.


Selected interface 'eth0'

Interactive mode

> password 0 mySecret
OK
>
I hope this help.

Regards,
Andresen

[edit: added note on verification of remote certificates, to improve security]

Lysdexic
Posts: 8
Joined: Fri Sep 07, 2012 5:58 pm

Re: connecting to 802.1x network

Fri Sep 14, 2012 2:22 pm

Oh my god. I love you guys so much.

Thank you all for helping me, I FINALLY got it working!

I hope this thread helps out anyone with a similar problem. THANKS AGAIN!!

wiremonkey
Posts: 5
Joined: Mon Sep 30, 2013 8:17 pm

Re: connecting to 802.1x network

Mon Sep 30, 2013 8:19 pm

I'm having the same problem too actually (university of Pittsburgh) What worked? modifying wpa_supplicant?

Andresen
Posts: 38
Joined: Tue Aug 14, 2012 10:25 pm

Re: connecting to 802.1x network

Mon Sep 30, 2013 10:40 pm

wiremonkey wrote:I'm having the same problem too actually (university of Pittsburgh) What worked? modifying wpa_supplicant?
Well - I just installed the (then) latest raspbian, configured wpa_supplicant and was able to connect to a wired 801.X network .. so I would expect the current raspbian to have all the tools already - only missing the actual configuration.

Do you have any guide explaining how to connect to the network at Pittsburgh?


Regards,
Andresen

wiremonkey
Posts: 5
Joined: Mon Sep 30, 2013 8:17 pm

Re: connecting to 802.1x network

Mon Sep 30, 2013 10:58 pm

I do , I recently hooked up a desktop to the network
i know its WPA2-Enterprise
the auth method is PEAP
encryption type is aes

I needed to install addtrust external ca root certificate from comodo to get my desktop to work on University of Pitt's network so
I assume I would need the same certificate for my Pi, only problem is I'm a linux noob and have no idea how to install a certificate
on the Pi, right now I just popped it into /etc/ca-certificates i think

how would you write the wpa_supplicant file for this network? and would you need to specify the security certificate?

also when I tried wpa-cli it said it couldn't connect to wpa_supplicant
Thanks Again

Thanks for replying, sorry I have no idea what I'm doing :)

Andresen
Posts: 38
Joined: Tue Aug 14, 2012 10:25 pm

Re: connecting to 802.1x network

Tue Oct 01, 2013 1:11 am

wiremonkey wrote:I do , I recently hooked up a desktop to the network
i know its WPA2-Enterprise
the auth method is PEAP
encryption type is aes

I needed to install addtrust external ca root certificate from comodo to get my desktop to work on University of Pitt's network so
I assume I would need the same certificate for my Pi, only problem is I'm a linux noob and have no idea how to install a certificate
on the Pi, right now I just popped it into /etc/ca-certificates i think

how would you write the wpa_supplicant file for this network? and would you need to specify the security certificate?

also when I tried wpa-cli it said it couldn't connect to wpa_supplicant
Thanks Again

Thanks for replying, sorry I have no idea what I'm doing :)
Have you tried the configuration I described last year? I think it should work for you as well (I belive Pittsburgh still uses the same setup) -- the part about certificates should be for validation of the remote server .. not a strictly a necessity for 801.X - but you should add it, once you got wpa_supplicant running!

To add a certificat, I think you should add something like this to the configuration:

Code: Select all

ca_cert="/usr/share/cacertificates/mozilla/AddTrust_External_Root.crt"
Like this:

Code: Select all

ctrl_interface=/var/run/wpa_supplicant
network={
   proto=WPA
   key_mgmt=WPA-EAP
   pairwise=CCMP
   eap=PEAP
   ca_cert="/usr/share/cacertificates/mozilla/AddTrust_External_Root.crt" 
   identity="username@example.com"
   password="mySecret"
   phase2="auth=MSCHAPV2"
}

Regards,
Andresen

wiremonkey
Posts: 5
Joined: Mon Sep 30, 2013 8:17 pm

Re: connecting to 802.1x network

Tue Oct 01, 2013 7:46 pm

Hmm,
I currently have
network = {
proto=WPA
key_mgmt = WPA-EAP
pairwise = CCMP
eap = PEAP
ca_cert="/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt"
identity="me"
password="password"
}

And If I do "sudo wpa_supplicant..." command line above it says it authenticated correctly but none of my browsers appear to work*, and I don't think I'm given a correct IP address, not sure

* I get redirected by my University to an automatic network set-up app , but it doesn't support the pi/Debian



}

Andresen
Posts: 38
Joined: Tue Aug 14, 2012 10:25 pm

Re: connecting to 802.1x network

Thu Oct 03, 2013 6:50 pm

wiremonkey wrote:Hmm,
I currently have
network = {
proto=WPA
key_mgmt = WPA-EAP
pairwise = CCMP
eap = PEAP
ca_cert="/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt"
identity="me"
password="password"
}

And If I do "sudo wpa_supplicant..." command line above it says it authenticated correctly but none of my browsers appear to work*, and I don't think I'm given a correct IP address, not sure

* I get redirected by my University to an automatic network set-up app , but it doesn't support the pi/Debian
Well -- it all looks right. I guess,that your university provides a "fallback" network and if you don't provide the credential fast enough, you get assigned to that network (the fact that you get redirected to the guide, indicates this). Could you try this:
  • Unplug the network cable
  • Start wpa_supplicant
  • Reconnect the network cable
This way, you should provide the credentials at the very first request and maybe you then get an IP on the 'right' net.


Regards,
Andresen

wiremonkey
Posts: 5
Joined: Mon Sep 30, 2013 8:17 pm

Re: connecting to 802.1x network

Fri Oct 04, 2013 2:55 pm

Well, i've hooked up my pi outside of pitt's network but if i manage to find settings that work for me I'll post them here , thanks for all your help

RolfOle
Posts: 1
Joined: Sat Jul 12, 2014 7:47 pm

Re: connecting to 802.1x network

Sat Jul 12, 2014 7:50 pm

I have the same problem. I tried to reconnect the cable, but with no luck.
Any developments on the matter?

Best regards,

Rolf

tz1
Posts: 22
Joined: Tue Jan 07, 2014 10:09 pm

Re: connecting to 802.1x network

Mon Aug 11, 2014 7:36 pm

I just tried our corporate N network - the problem at the moment is when I watch it connect, it says wpa_supplicant wasn't configured (when compiled) with the EAP method I'm using showing a hex dump of supported methods - all zero. There may be something else wrong. My arm based android tablets can connect, and I basically duplicated the configuration. But not with eap=PEAP on the pi. I should be up to date, maybe I need an apt-get dist-upgrade?

Andresen
Posts: 38
Joined: Tue Aug 14, 2012 10:25 pm

Re: connecting to 802.1x network

Tue Aug 12, 2014 6:08 am

tz1 wrote:I just tried our corporate N network - the problem at the moment is when I watch it connect, it says wpa_supplicant wasn't configured (when compiled) with the EAP method I'm using showing a hex dump of supported methods - all zero. There may be something else wrong. My arm based android tablets can connect, and I basically duplicated the configuration. But not with eap=PEAP on the pi. I should be up to date, maybe I need an apt-get dist-upgrade?
Hi tz1

This thread is about authentication to a wired network[1] -- I think you are trying to connect to a wireless network[2] .. :)


Regards,
Andresen

[1]: http://en.wikipedia.org/wiki/IEEE_802.1X
[2]: http://en.wikipedia.org/wiki/IEEE_802.11

Return to “Beginners”