[Tfug] Xsupplicant woes -- setup misery

Wafa Hakim Orman wafa1024 at gmail.com
Mon Jul 9 11:06:21 MST 2007


So I'm trying to use the wireless network at a university I just moved
to, & woe is me, they are a Windows-only shop. They use WEP encryption
on an EAP/PEAP network, & their support tech told me that while he
didn't know enough to help me, he'd heard that Xsupplicant works.

So I installed xsupplicant, which is version 1.2.4 on Feisty. There
doesn't seem to be any kind of Xsupplicant wiki, or official
documentation worth the name. At least I couldn't find one....all I
found were various scattered config files that people had uploaded.
Tried using those as best I could but the lack of uniformity is
overwhelming. There doesn't seem to be any consensus on what works, or
any explanation of which keys do what & where they are supposed to
reside. Not only that, but the config files appear to be _vastly_
different between versions. I guess the short version of this story
is, I find myself unable to use the wireless network despite my best
efforts. Oh, & Xsupplicant is perhaps the most poorly documented FOSS
application I have ever had the misfortune of using. (Note: comments
in a config file do not a doc file make!)

They have a certificate available, which I downloaded & used Windows
to export it as a file, which it did, in .cer format. But openssl
says: "unable to load certificate."

Relevant bits of my config file are pasted below, so maybe someone can
tell me where I'm going wrong:

(I'm using this on a Toshiba Satellite A45 running Kubuntu Feisty with
a Motorola wireless card, Broadcom chipset, & ndiswrapper for the
PCMCIA wireless card.)


#default_netname = default
default_netname = AIRBEAR

identity = "me at baylor.edu"

wpa_pairwise_cipher = WEP40
wpa_group_cipher = WEP40

initial_wep {
# The keys must either be 10, or 26 characters long. They should
# *ALWAYS* be quoted!!
key1 = "2222222222"
key2 = "2222222222"
key3 = "2222222222"
key4 = "2222222222"

# This is the key that will be used to transmit data. It needs to
# match the index that is configured on your AP.
tx_key = 1
}

## This option allows you to configure static WEP, so that when you
# associate with a network that uses static WEP you don't need to do
# anything. If "static_wep" is used, it must be the only option available
# in that SSID def!
static_wep {
# The keys must either be 10, or 26 characters long. They should
# *ALWAYS* be quoted!!
key1 = "2222222222"
key2 = "2222222222"
key3 = "2222222222"
key4 = "2222222222"

# This is the key that will be used to transmit data. It needs to
# match the index that is configured on your AP.
tx_key = 1
}

eap-peap {
inner_id = "me at baylor.edu"
user_cert = /home/wafa/airbearcert.pem
# As in tls, define either a root certificate or a directory
# containing root certificates.
root_cert = NONE
root_dir = /usr/local/etc/1x/certs
#crl_dir = /path/to/dir/with/crl
user_key = /home/wafa/xsupplicant/client.key #I haven't actually
created this file or folder #but the instructions I saw said to stick
something like this in here. Highly unclea
user_key_pass = "mybaylorpassword"
chunk_size = 1398
random_file = /dev/random
cncheck = myradius.radius.com # Verify the server certificate
# has this value in it's CN field.
cnexact = yes # Should it be an exact match?
session_resume = yes

proper_peap_v1_keying = yes # Many RADIUS servers use the
# wrong string constant to dervie
# the keying material. Setting
# this to 'yes' will cause
# xsupplicant to use the value
# defined in the internet draft
# instead of the wrong one. The
# default is to use the wrong
# constant, since that is what
# most RADIUS servers do.

#Currently 'all' is just mschapv2
#If no allow_types is defined, all is assumed
allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
#allow_types = eap_mschapv2

# When doing EAP MS-CHAPv2 you need a password, or an ntpwdhash. If you
# have both, Xsupplicant will try to use the ntpwdhash.
eap-mschapv2 {
username = "me at baylor.edu"
#ntpwdhash = E653E6452753C97E46792567DFF599B6
password = "mybaylorpassword"
}
}


Any help would be greatly appreciated. In fact, if I get it working, I
think I will write a basic configuration doc file for xsupplicant &
send it off to the developers.


Thanks in advance!

Wafa.

-- 
"So be it."
                  --Kurt Vonnegut




More information about the tfug mailing list