Entropic Thoughts

Connecting to KTH Eduroam on Debian Stretch

Connecting to KTH Eduroam on Debian Stretch

Update: It turns out network manager can deal with WPA2 Professional security just fine. It's only the nmtui controlling program which hasn't yet learned to create such profiles. I managed to start the graphical nm-applet interface (and made it visible with stalonetray, so the command sequence was stalonetray & ; nm-applet), I created an Eduroam profile in it which means that in the future

  1. Network Manager will be able to automatically connect when I get close to an Eduroam access point, and
  2. I can manually control when I want to connect to Eduroam through nmtui, now that the profile is already created by nm-applet.

Original post below.


So after some blood, sweat and tears (well, mostly the latter) I managed to connect to the Eduroam wifi network as a student of the Royal Institute of Technology in Sweden.

Doing that shouldn't be hard, but it appears the "Network Manager" service I otherwise use to connect to wifi networks with (through the nmtui program) doesn't know how to handle WPA2 Professional security. So I had to go around the network manager, which is a bit of a hassle.

I have no idea what kind of black voodoo magic is involved, actually, but these are the steps I took, for any other cargo culters out there:

  1. I created a /etc/wpa_supplicant/wpa_supplicant.conf file, and filled it with the following content.

    ap_scan=1
    update_config=1
    
    network={
            ssid="eduroam"
            scan_ssid=1
            key_mgmt=WPA-EAP
            eap=PEAP
            identity="USERNAME@kth.se"
            password="NETWORK SECRET"
            subject_match="/CN=radius-wpa-1.lan.kth.se"
            phase2="auth=MSCHAPV2"
    }

    Don't ask me what any of it does. It's been loosely copied and pasted from different examples on the web.

  2. I then turned off the network manager entirely, so it wouldn't interfere with our connection attempts: sudo systemctl stop NetworkManager.service.

  3. After this, I started up wpa_supplicant, which is somehow involved in establishing connections to wifi networks. sudo wpa_supplicant -B -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0.

  4. As a final step, which I don't know whether or not it's necessary, I ask dhclient to give me an IP address on that interface as well: sudo dhclient wlan0.

Well, that worked once, anyway. I'll keep it here and modify the article if I notice it isn't the full picture. To disconnect, just do the above in reverse, i.e. killall dhclient wpa_supplicant and start network manager again.