Connecting to PEAP in NUS
From Linux & Open Source @ NUS
NUS seems to have gotten rid of the brittle-as-a-cracker LEAP, which is now replaced by the newer (supposedly more secure) PEAP.
While Windows users have got nicely configured install packages waiting from the website, Linux users like us have to make up our own configs.
Contents |
Graphical configuration
The instructions below are based on GNOME. There are other ways to do this if you're using a different window manager, but the concepts should be the same.
Step One
Click on the NetworkManager icon in the panel and select Connect to Other Wireless Network
Step Two
Configure the settings as shown in the screenshot above, substituting User Name and Password for your own NUSNET credentials.
Remember to select "WPA Enterprise" as your network type.
The certificate file, ase1.pem can be found in the HOWTO below.
Command line configuration
SoC NOC has kindly put up configuration instructions here.
Their instructions are partially GUI-based.. but that can be a bit inconvenient to run as part of our startup scripts,so here's a little HowTo to configure it on the command line.
Use the config for wpa_supplicant.conf as found in the above guide provided by SoC NOC
wpa_supplicant.conf
Here's one that's slightly modified to use the config file directives for username and password, instead of setting them via wpa_gui as per the guide.
ctrl_interface=/var/run/wpa_supplicant
ap_scan=2
network={
ssid="NUS"
key_mgmt=IEEE8021X
eap=PEAP
identity="u0412345"
password="p455w0rd"
ca_cert="/etc/cert/ase1.pem"
phase2="auth=MSCHAPV2"
}
Note that on Ubuntu, the first line of the config file tends to cause problems, so you should probably just comment it out before using the .conf file.
ase1.pem
The connection requires a certificate called ase1.pem. But unfortunately the download location of that certificate is not listed in the HowTo. Through some googling, here's the cert file
-----BEGIN CERTIFICATE----- MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg== -----END CERTIFICATE-----
Or download from SoC or from Opensource@NUS
After that you're ready to run!
Fire up the wpa_supplicant in daemon mode like so:
wpa_supplicant -i eth1 -c /etc/wpa_supplicant.conf -B -Dwext
Replace eth1 above with the interface name of your wireless card
Points to note
Remember to obtain an IP from the DHCP server using your appropriate command after establishing contact with the access point.
If you seem to have problems connecting while using a Centrino chipset, you might want to try loading the ipw2200 module using modprobe ipw2200 hwcrypto=0. The hwcrypto=0 option turns off hardware encryption on the chip.
