[Tfug] Xsupplicant woes -- setup misery

[Jeremy D Rogers]

I had a similar experience a few months back.. I have gotten to the
point where I can use WPA2 networks when I need them, so I'll point to
a couple  of things..
First, i would recommend wpasupplicant. It seems to be a little easier
to deal with than xsupplicant, and you should be able to apt-get it.
Second, if you want to store your login and passwords in plaintext
files, I think you can get things going pretty easily so that it loads
the wireless with a simple 'ifup wlan0' or what have you, but my
institution seems to force me to use one login/pass for everything
university related, so I didn't like that idea very much.
So the answer seems to be to use network manager with the kde or gnome
front end (you don't need to use gnome or kde, just have to load the
libs). Now, I think its stupid to have to login to x to connect to the
network, but that's the way it goes for now.. I read somewhere that
work is in progress on a better solution.
Anyway, these frontends to network-manager will store your passphrase
in either gnome-keyring or kwallet if you set those up, but I just go
ahead and type it in when it prompts me.
One quick note, if you use network manager, some people think you
cannot have device mappings in your /etc/network/interfaces file, but
in fact you can, you just can't set the interface.
So in the end, I have names like home or work in my interfaces file
for various wireless aps, and I just don't have wlan0 show up
anywhere.. that way I can use "ifup wlan0=home" if I don't want to use
knetworkmanager.
Summary:
aptitude install wpasupplicant network-manager-kde
edit /etc/network/interfaces and make sure the wireless interface is
not set or is set to auto
fireup knetworkmanager and select the network and options

Hope that helps,
JDR

On 7/9/07, Wafa Hakim Orman <wafa1024 at gmail.com> wrote:
> So I'm trying to use the wireless network at a university I just moved
> to, & woe is me, they are a Windows-only shop. They use WEP encryption
> on an EAP/PEAP network, & their support tech told me that while he
> didn't know enough to help me, he'd heard that Xsupplicant works.
>
> So I installed xsupplicant, which is version 1.2.4 on Feisty. There
> doesn't seem to be any kind of Xsupplicant wiki, or official
> documentation worth the name. At least I couldn't find one....all I
> found were various scattered config files that people had uploaded.
> Tried using those as best I could but the lack of uniformity is
> overwhelming. There doesn't seem to be any consensus on what works, or
> any explanation of which keys do what & where they are supposed to
> reside. Not only that, but the config files appear to be _vastly_
> different between versions. I guess the short version of this story
> is, I find myself unable to use the wireless network despite my best
> efforts. Oh, & Xsupplicant is perhaps the most poorly documented FOSS
> application I have ever had the misfortune of using. (Note: comments
> in a config file do not a doc file make!)
>
> They have a certificate available, which I downloaded & used Windows
> to export it as a file, which it did, in .cer format. But openssl
> says: "unable to load certificate."
>
> Relevant bits of my config file are pasted below, so maybe someone can
> tell me where I'm going wrong:
>
> (I'm using this on a Toshiba Satellite A45 running Kubuntu Feisty with
> a Motorola wireless card, Broadcom chipset, & ndiswrapper for the
> PCMCIA wireless card.)
>
>
> #default_netname = default
> default_netname = AIRBEAR
>
> identity = "me at baylor.edu"
>
> wpa_pairwise_cipher = WEP40
> wpa_group_cipher = WEP40
>
> initial_wep {
> # The keys must either be 10, or 26 characters long. They should
> # *ALWAYS* be quoted!!
> key1 = "2222222222"
> key2 = "2222222222"
> key3 = "2222222222"
> key4 = "2222222222"
>
> # This is the key that will be used to transmit data. It needs to
> # match the index that is configured on your AP.
> tx_key = 1
> }
>
> ## This option allows you to configure static WEP, so that when you
> # associate with a network that uses static WEP you don't need to do
> # anything. If "static_wep" is used, it must be the only option available
> # in that SSID def!
> static_wep {
> # The keys must either be 10, or 26 characters long. They should
> # *ALWAYS* be quoted!!
> key1 = "2222222222"
> key2 = "2222222222"
> key3 = "2222222222"
> key4 = "2222222222"
>
> # This is the key that will be used to transmit data. It needs to
> # match the index that is configured on your AP.
> tx_key = 1
> }
>
> eap-peap {
> inner_id = "me at baylor.edu"
> user_cert = /home/wafa/airbearcert.pem
> # As in tls, define either a root certificate or a directory
> # containing root certificates.
> root_cert = NONE
> root_dir = /usr/local/etc/1x/certs
> #crl_dir = /path/to/dir/with/crl
> user_key = /home/wafa/xsupplicant/client.key #I haven't actually
> created this file or folder #but the instructions I saw said to stick
> something like this in here. Highly unclea
> user_key_pass = "mybaylorpassword"
> chunk_size = 1398
> random_file = /dev/random
> cncheck = myradius.radius.com # Verify the server certificate
> # has this value in it's CN field.
> cnexact = yes # Should it be an exact match?
> session_resume = yes
>
> proper_peap_v1_keying = yes # Many RADIUS servers use the
> # wrong string constant to dervie
> # the keying material. Setting
> # this to 'yes' will cause
> # xsupplicant to use the value
> # defined in the internet draft
> # instead of the wrong one. The
> # default is to use the wrong
> # constant, since that is what
> # most RADIUS servers do.
>
> #Currently 'all' is just mschapv2
> #If no allow_types is defined, all is assumed
> allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
> #allow_types = eap_mschapv2
>
> # When doing EAP MS-CHAPv2 you need a password, or an ntpwdhash. If you
> # have both, Xsupplicant will try to use the ntpwdhash.
> eap-mschapv2 {
> username = "me at baylor.edu"
> #ntpwdhash = E653E6452753C97E46792567DFF599B6
> password = "mybaylorpassword"
> }
> }
>
>
> Any help would be greatly appreciated. In fact, if I get it working, I
> think I will write a basic configuration doc file for xsupplicant &
> send it off to the developers.
>
>
> Thanks in advance!
>
> Wafa.
>
> --
> "So be it."
>                   --Kurt Vonnegut
>
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org
>