特殊:Badtitle/NS100:WifiDocs/EduPaSS:修订间差异

来自Ubuntu中文
跳到导航跳到搜索
Oneleaf留言 | 贡献
新页面: {{From|https://help.ubuntu.com/community/WifiDocs/EduPaSS}} {{Languages|UbuntuHelp:WifiDocs/EduPaSS}} == Joining the eduPaSS WiFi Network == This document is intended to help setting up ...
 
Wikibot留言 | 贡献
无编辑摘要
 
(未显示2个用户的5个中间版本)
第2行: 第2行:
{{Languages|UbuntuHelp:WifiDocs/EduPaSS}}
{{Languages|UbuntuHelp:WifiDocs/EduPaSS}}
== Joining the eduPaSS WiFi Network ==
== Joining the eduPaSS WiFi Network ==
This document is intended to help setting up an eduPaSS wireless connection with Ubuntu Linux or any GNOME-based system (KDE should work with the WPA Supplicant file detailed here).
This document is intended to help setting up an eduPaSS wireless connection with Ubuntu Linux or any GNOME-based system (KDE should work with the WPA Supplicant file detailed here).
eduPaSS is a large Wi-Fi network, used throughout Victorian government schools in Australia.
eduPaSS is a large Wi-Fi network, used throughout Victorian government schools in Australia.
These instructions were collated from mailing lists and manpages by Laurie Savage. Thanks to Donna Benjamin and Ian Green.
These instructions were collated from mailing lists and manpages by Laurie Savage. Thanks to Donna Benjamin and Ian Green.
 
As of October 22 2007, there seems to be a bug in Network Manager under Gutsy which prevents this working (see [http://mail.gnome.org/archives/networkmanager-list/2007-October/msg00058.html The NM mailing list archive] for info. You can get around this by using the wpa_supplicant method at the bottom.
=== Step by Step Guide ===
-- As of January 29, 2008 - The NM method(Network manager in gnome/kde) appears to be working again. However settings are not retained upon reboot
 
-- As of April 21, 2008 in Hardy Beta (8.04) the Network Manager method is working again.
=== Creating and converting the certificates ===
1. Create a Mac certificate on edupass. My certificate archive was called "savubuntu.zip" - this name is important, it will be the machine name used later. The zip file contains "root.pem" and "usercert.p12" (in my case "savubuntu.p12")and I unzipped the file into /home/user/Documents/eduPaSS.
1. Create a Mac certificate on edupass. My certificate archive was called "savubuntu.zip" - this name is important, it will be the machine name used later. The zip file contains "root.pem" and "usercert.p12" (in my case "savubuntu.p12")and I unzipped the file into /home/user/Documents/eduPaSS.
2. Convert usercert.p12 to usercert.pem and userkey.pem using openssl in a terminal:


2. Convert usercert.p12 to usercert.pem and userkey.pem using openssl in a terminal:
<pre><nowiki>
<pre><nowiki>
openssl pkcs12 -nocerts -in usercert.p12 -out userkey.pem
openssl pkcs12 -nocerts -in usercert.p12 -out userkey.pem
openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out usercert.pem
openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out usercert.pem
</nowiki></pre>
</nowiki></pre>
Remember to substitute your certificate's name for usercert
Remember to substitute your certificate's name for usercert
=== Installing Network Manager (Edgy or earlier) ===
(this is automatically installed in Feisty and later version)
1. Install the wpasupplicant and network-manager-gnome packages using Synaptic or apt-get:


3. Install the wpasupplicant and network-manager-gnome packages using Synaptic or apt-get:
<pre><nowiki>
<pre><nowiki>
sudo apt-get install wpasupplicant network-manager-gnome
sudo apt-get install wpasupplicant network-manager-gnome
</nowiki></pre>
</nowiki></pre>
 
2. Comment out all references in '''/etc/network/interfaces''' to wireless interfaces. If you don't do this you will not see any wireless networks in [[UbuntuHelp:NetworkManager|NetworkManager]]'s menu.
4. Comment out all references in '''/etc/network/interfaces''' to wireless interfaces. If you don't do this you will not see any wireless networks in NetworkManager's menu.
3. Restart and run '''nm-applet''' (the GNOME front end to [[UbuntuHelp:NetworkManager|NetworkManager]]).


5. Restart and run '''nm-applet''' (the GNOME front end to NetworkManager).
<pre><nowiki>
<pre><nowiki>
killall nm-applet
killall nm-applet
nm-applet &
nm-applet &
</nowiki></pre>
</nowiki></pre>
The nm-applet icon appears on the panel in the notification area.
The nm-applet icon appears on the panel in the notification area.
=== Setting up Network Manager ===
1. Click on the applet and choose '''Connect to Other Wireless Network'''


6. Click on the applet and choose '''Connect to Other Wireless Network'''
<pre><nowiki>
<pre><nowiki>
SSID = eduPaSS-XXXX-01 (Replace XXXX with the school number)
SSID = eduPaSS-XXXX-01 (Replace XXXX with the school number)
第46行: 第46行:
Private key password = [password used to create the Macintosh certificate]
Private key password = [password used to create the Macintosh certificate]
</nowiki></pre>
</nowiki></pre>
2. Hit connect.
3. You will be asked for a key ring password the first time it connects. If you have not created a key ring for other applications this is a local, machine based password and you will be prompted to create one the first time you connect.


7. Hit connect.
The GNOME [[UbuntuHelp:NetworkManager|NetworkManager]] is a lovely tool, it detects new networks and you only need to choose them from the list. I have noticed it drops the connection a bit after rebooting, possibly the change of WEP key or something else on my system that is disturbing it. It connects fine when you click the applet again but a it's a little annoying.
=== WPA Supplicant Configuration ===
If the Network Manager configuration above works for you, then you don't need to read this section.
1. Create and convert the certificates as described above.
2. You may want to stop and disable Network Manager:


8. You will be asked for a key ring password the first time it connects. If you have not created a key ring for other applications this is a local, machine based password and you will be prompted to create one the first time you connect.
<pre><nowiki>
sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher stop
sudo /etc/dbus-1/event.d/25NetworkManager stop
</nowiki></pre>
Create two files with only the word 'exit' in them. These files are:
<pre><nowiki>
/etc/default/NetworkManager
/etc/default/NetworkManagerDispatcher
</nowiki></pre>
4. Create or edit /etc/wpa_supplicant/wpa_supplicant.conf to look like:


=== WPA Supplicant Configuration ===
<pre><nowiki>
fast_reauth=1
network={
      ssid="eduPaSS-XXXX-01"
      key_mgmt=IEEE8021X
      eap=TLS
      identity="savubuntu" #(name of the certificate/zipfile)
      ca_cert="/path/to/root.pem"
      client_cert="/path/to/usercert.pem"
      private_key="/path/to/userkey.pem"
      private_key_passwd="password used to create the Mac certificates"
      eapol_flags=3
}
</nowiki></pre>
4. Try out wpa_supplicant:


My /etc/wpa_supplicant/wpa_supplicant.conf file looks like:
<pre><nowiki>
<pre><nowiki>
fast_reauth=1
$ sudo wpa_supplicant -ieth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -w
network={
</nowiki></pre>
ssid="eduPaSS-XXXX-01"
You may need to specify a driver with the -D flag (see wpa_supplicant docs for more info), or use a different interface than eth1.
key_mgmt=IEEE8021X
You should get something along the lines of
eap=TLS
<pre><nowiki>
identity="savubuntu"
EAP authentication completed successfully
ca_cert="/home/sav/Documents/eduPaSS/root.pem"
client_cert="/home/sav/Documents/eduPaSS/savubuntucert.pem"
private_key="/home/sav/Documents/eduPaSS/savubuntukey.pem"
private_key_passwd="password used to create the Mac certificates"
eapol_flags=3
}
</nowiki></pre>
</nowiki></pre>
at some point in the output.
5. Edit /etc/network/interfaces. You will probably need to add/uncomment eth0 (wired connection), as well as your wireless interface (could be eth1, ath0, wlan0, or something else). Mine looks like:
<pre><nowiki>
auto lo
iface lo inet loopback


I needed to manually edit it because earlier attempts to set this up had created some glitches. With this .conf file I can boot into KDE and access the network easily.
auto eth0  #wired ethernet
iface eth0 inet dhcp


The GNOME NetworkManager is a lovely tool, it detects new networks and you only need to choose them from the list. I have noticed it drops the connection a bit after rebooting, possibly the change of WEP key or something else on my system that is disturbing it. It connects fine when you click the applet again but a it's a little annoying.
auto eth1  #wireless (could ben ath0, wlan0, or something else depending on your card)
iface eth1 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
</nowiki></pre>
If you needed to specify a driver for wpa_supplicant with -D, then you'll also need to add:
<pre><nowiki>
wpa-driver madwifi #or whatever driver you are using
</nowiki></pre>
afterwards.


[[category:UbuntuHelp]]
[[category:UbuntuHelp]]

2008年5月9日 (五) 19:32的最新版本

{{#ifexist: :WifiDocs/EduPaSS/zh | | {{#ifexist: WifiDocs/EduPaSS/zh | | {{#ifeq: {{#titleparts:WifiDocs/EduPaSS|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:WifiDocs/EduPaSS|1|-1|}} | zh | | }}

Joining the eduPaSS WiFi Network

This document is intended to help setting up an eduPaSS wireless connection with Ubuntu Linux or any GNOME-based system (KDE should work with the WPA Supplicant file detailed here). eduPaSS is a large Wi-Fi network, used throughout Victorian government schools in Australia. These instructions were collated from mailing lists and manpages by Laurie Savage. Thanks to Donna Benjamin and Ian Green. As of October 22 2007, there seems to be a bug in Network Manager under Gutsy which prevents this working (see The NM mailing list archive for info. You can get around this by using the wpa_supplicant method at the bottom. -- As of January 29, 2008 - The NM method(Network manager in gnome/kde) appears to be working again. However settings are not retained upon reboot -- As of April 21, 2008 in Hardy Beta (8.04) the Network Manager method is working again.

Creating and converting the certificates

1. Create a Mac certificate on edupass. My certificate archive was called "savubuntu.zip" - this name is important, it will be the machine name used later. The zip file contains "root.pem" and "usercert.p12" (in my case "savubuntu.p12")and I unzipped the file into /home/user/Documents/eduPaSS. 2. Convert usercert.p12 to usercert.pem and userkey.pem using openssl in a terminal:

 openssl pkcs12 -nocerts -in usercert.p12 -out userkey.pem
 openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out usercert.pem
 

Remember to substitute your certificate's name for usercert

Installing Network Manager (Edgy or earlier)

(this is automatically installed in Feisty and later version) 1. Install the wpasupplicant and network-manager-gnome packages using Synaptic or apt-get:

 sudo apt-get install wpasupplicant network-manager-gnome
 

2. Comment out all references in /etc/network/interfaces to wireless interfaces. If you don't do this you will not see any wireless networks in NetworkManager's menu. 3. Restart and run nm-applet (the GNOME front end to NetworkManager).

 killall nm-applet
 nm-applet &
 

The nm-applet icon appears on the panel in the notification area.

Setting up Network Manager

1. Click on the applet and choose Connect to Other Wireless Network

SSID = eduPaSS-XXXX-01 (Replace XXXX with the school number)
Wireless Security = WPA Enterprise
EAP Method = TLS
Key Type = Dynamic WEP (Auto will work too)
ID = [machine name on certificate] (savubuntu in my case)
Client cert = usercert.pem
CA cert = root.pem
Private key = userkey.pem
Private key password = [password used to create the Macintosh certificate]

2. Hit connect. 3. You will be asked for a key ring password the first time it connects. If you have not created a key ring for other applications this is a local, machine based password and you will be prompted to create one the first time you connect.

The GNOME NetworkManager is a lovely tool, it detects new networks and you only need to choose them from the list. I have noticed it drops the connection a bit after rebooting, possibly the change of WEP key or something else on my system that is disturbing it. It connects fine when you click the applet again but a it's a little annoying.

WPA Supplicant Configuration

If the Network Manager configuration above works for you, then you don't need to read this section. 1. Create and convert the certificates as described above. 2. You may want to stop and disable Network Manager:

sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher stop
sudo /etc/dbus-1/event.d/25NetworkManager stop

Create two files with only the word 'exit' in them. These files are:

/etc/default/NetworkManager
/etc/default/NetworkManagerDispatcher

4. Create or edit /etc/wpa_supplicant/wpa_supplicant.conf to look like:

 fast_reauth=1
 network={
      ssid="eduPaSS-XXXX-01"
      key_mgmt=IEEE8021X
      eap=TLS
      identity="savubuntu" #(name of the certificate/zipfile)
      ca_cert="/path/to/root.pem"
      client_cert="/path/to/usercert.pem"
      private_key="/path/to/userkey.pem"
      private_key_passwd="password used to create the Mac certificates"
      eapol_flags=3
 }
 

4. Try out wpa_supplicant:

$ sudo wpa_supplicant -ieth1 -c /etc/wpa_supplicant/wpa_supplicant.conf -w

You may need to specify a driver with the -D flag (see wpa_supplicant docs for more info), or use a different interface than eth1. You should get something along the lines of

EAP authentication completed successfully

at some point in the output. 5. Edit /etc/network/interfaces. You will probably need to add/uncomment eth0 (wired connection), as well as your wireless interface (could be eth1, ath0, wlan0, or something else). Mine looks like:

auto lo
iface lo inet loopback

auto eth0  #wired ethernet
iface eth0 inet dhcp

auto eth1  #wireless (could ben ath0, wlan0, or something else depending on your card)
iface eth1 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

If you needed to specify a driver for wpa_supplicant with -D, then you'll also need to add:

wpa-driver madwifi #or whatever driver you are using

afterwards.