802.1X for Linux

Installation and configuration

In Linux, authentication through IEEE 802.1X protocol is carried out by a program called WPA Supplicant. You can download it from the address listed, however, majority of current distributions will provide you with an installation package. We recommend to prefer this option and install it like standard software of your system.

Installation in Linux

Configuration is necessary after installation. Use of graphic user interface for network configuration is one option. These resources differ system from system, we are therefore unable to provide concrete advice. Generally, it is necessary to set up these parameters for Ethernet interface (usually eth0):

  • Turn on authentication through IEEE 802.X protocol
  • WPA EAP protocol for keys management
  • PEAP authentication protocol
  • CCMP TKIP encrypting protocol

Another option is to edit WPA Supplicant configuration file manually. It is usually located in /etc/wpa_supplicant.conf, however, the path leading to this file may differ depending on the distribution. Its content should be as follows::

 ctrl_interface=/var/run/wpa_supplicant 
 network={ 
      key_mgmt=IEEE8021X 
      eap=PEAP 
      pairwise=CCMP TKIP 
      group=CCMP TKIP 
      identity="name.surname@tul.cz" 
      password="xxxx" 
      ca_cert="/etc/certificates/AddTrust_External_Root.pem" 
      phase1="peaplabel=0" 
      phase2="auth=MSCHAPV2"

You can copy the contents of the file. It is necessary to change three items: type your username into identity and your password for remote access into password. The password is unfortunately written in open form, the wpa_supplicant.conf file can be read only by the system administrator, which reduces the chances of misuse. Finally, list the path to CESNET CA certificate, which you have downloaded from http://www.cesnet.cz/pki/cs/ch-CRT-CRL.html, into ca_cert item. The authentication will come through automatically at the startup of the computer thanks to the presence of the username and password.

This will make the configuration ready. Next thing which needs to be dome is making sure that the WPA Supplicant will be run at the startup of the system. If you used graphic user interface for the configuration, everything should be done. If you configured wpa_supplicant.conf manually, you must insert

 wpa_supplicant -Dwired -ieth0 -c/etc/wpa_supplicant.conf

command into appropriate startup file.

Value of -i option is the name of interface for which the program should be run, option -c contains the path leading to the configuration file. This parameter might be omitted; the program should be configured so that it loads implicit configuration file by default.

Kdy jste naposledy četli Provozní řád počítačové sítě LIANE? Už ani nepamatujete? Tak to honem napravte.

Najdete nás

Kancelář 315 Budova A, Hálkova 6 Liberec

liane@tul.cz

Rychlé odkazy

Úřední hodiny

Pondělí a středa 10:00–11:00 a 14:00–15:00,
úterý a čtvrtek 9:00–11:00,
v pátek 10:00–11:00.