Post Reply
n3tm4n
Posts: 29
Joined: Tue Jun 10, 2014 11:34 am
Location: East Midlands, UK
Contact: Website

RPi 3b+ or RPi 4 WPA2e (WPA2 Enterprise)

Thu Jan 09, 2020 1:58 pm

I've recently been asked to provide a quick How-To by a colleague trying to get WPA2 enterprise configured on a RPI4. I thought I would also post it here in case if it of any use to the wider community.

This has been tested on the following releases:
* Raspbian Buster with desktop and recommended software(September 2019)
* Raspbian Buster with desktop (September 2019)
* Raspbian Buster Lite (September 2019)

Tested on the following versions of Raspberry Pi
* Raspberry Pi 3b+
* Raspberry Pi 4

From a fresh SD image (no updates required etc at the moment)

Create a new file

Code: Select all

nano /etc/network/interfaces.d/wpa2enterprise
with the following.

Code: Select all

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
  pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
  post-down killall -q wpa_supplicant
Before we create the referenced file, we need to obtain a hashed version of the password to be used for WiFi authentication. The following command will create the hash:

Code: Select all

echo -n 'your_password_in_plaintext' | iconv -t utf16le | openssl md4 > hash.txt
The resulting hash.txt file will look similar to below:

Code: Select all

(stdin)= 0958d73cdb5ag8956cd29c0aeaa101a506
We need the string without leading or trailing white spaces, in this example it will be

Code: Select all

0958d73cdb5ag8956cd29c0aeaa101a506
We should now have the information for the following 3 placeholders.

Code: Select all

%%%NETWORK_SSID%%%
%%%ACCOUNT_LOGIN_ID%%%
%%%PASSWORD_HASH_GENERATED_ABOVE%%%


Next create / edit the new referenced

Code: Select all

nano /etc/wpa_supplicant/wpa_supplicant.conf
as shown below replacing the strings as appropriate.

Code: Select all

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=GB

network={
	ssid="%%%NETWORK_SSID%%%"
	proto=RSN
	key_mgmt=WPA-EAP
	auth_alg=OPEN
	eap=PEAP
	identity="%%%ACCOUNT_LOGIN_ID%%%"
	password=hash:%%%PASSWORD_HASH_GENERATED_ABOVE%%%
	phase1="peaplabel=0"
	phase2="auth=MSCHAPV2"
	priority=1
}
Once you have created the files specified above, with the appropriate details updated. Reboot the Raspberry Pi and it should auto connect to the requested SSID assuming user id and password are correct.

HTH.

N3TM4N
Post Reply

Return to “Networking and servers”