UCD Moobilenetx HOWTO by Eric Lin v.1.0 2009.10.06 It took me some time to figure out how to get my connection to moobilenetx on the UCD campus working last year, so I decided to write a guide for anyone who decides to use it. 1. Check for WPA support In a virtual terminal (xterm, rxvt, Konsole, GNOME Terminal, etc.), type: /sbin/iwlist auth If you have WPA support, you should see something like the following: $ /sbin/iwlist auth lo no authentication information. wlan0 Authentication capabilities : WPA WPA2 CIPHER-TKIP CIPHER-CCMP [...] 2. Make sure you have wpa_supplicant installed As root in a virtual terminal running bash, type: PATH=$PATH:/usr/sbin:/sbin which wpa_supplicant If you see something like this, then you have wpa_supplicant. # PATH=$PATH:/usr/sbin:/sbin which wpa_supplicant /usr/sbin/wpa_supplicant If you don't have wpa_supplicant, get it from your distribution's repositories. Here are a few examples, all executed as root: Debian-based distributions (1) (Ubuntu, Linux Mint, Debian, etc.): aptitude update aptitude install wpasupplicant Fedora: yum install wpasupplicant openSUSE: zypper install wpa_supplicant Mandriva: urpmi wpa_supplicant Arch Linux: pacman -S wpa_supplicant Gentoo: emerge -av net-wireless/wpa_supplicant 3. Configure wpa_supplicant in /etc/wpa_supplicant.conf Open /etc/wpa_supplicant.conf as root with your favorite text editor (Caution: Running graphical applications via sudo may leave X unusable. Instead, run graphical applications as root after entering root shell with sudo -i or su. If X does become unusable, remove your user's ~/.Xauthority file.) If /etc/wpa_supplicant.conf does not exist, create it. Copy the following into your file: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 eapol_version=1 ap_scan=1 fast_reauth=1 network={ ssid="moobilenetx" scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP TTLS ca_cert="/path/to/cert" identity="janedoe" password="passw0rd" phase1="peaplabel=0" phase2="auth=MSCHAPV2" } Replace janedoe with your UCD login id and passw0rd with your kerberos password. Replace /path/to/cert with the path to the root certificate bundle, which you may download here (2) or find on your filesystem (try wc -l $(locate ca-bundle) or find / -name *ca-bundle* -exec wc -l {} + and see if the certificate bundles that show up have a lot of certificates -- more than 2,000 lines). 4. Connect to moobilenetx As root in a virtual terminal: Check to see that your computer sees moobilenetx: iwlist wlan0 scan | grep moobilenetx Try to connect (be sure to replace wlan0 with your wireless interface): wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf If you see something like this, then you're connected. You may or may not get the OpenSSL error, depending on your wireless card, but it should not cause problems with your connection. The command will not terminate after it connects, so press Ctrl - C to stop the execution of the command (NB: This will close your connection. If you wish to skip running wpa_supplicant in daemon mode for now, press Ctrl - Z to stop the command, type bg to background the process, and go on to step 5): # wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf CTRL-EVENT-SCAN-RESULTS Trying to associate with xx:xx:xx:xx:xx:xx (SSID='moobilenetx' freq=xxxx MHz) Associated with xx:xx:xx:xx:xx:xx CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) EAP-MSCHAPV2: Authentication succeeded EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully WPA: Key negotiation completed with xx:xx:xx:xx:xx:xx [PTK=TKIP GTK=TKIP] CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx:xx completed (auth) [id=0 id_str=] Now that you've -- hopefully -- connected, run wpa_supplicant in daemon mode: wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B 5. Get an IP address so you can use the network As root in a virtual terminal, replacing wlan0 with your wireless interface and hostname with your computer's name where applicable: dhclient wlan0 or dhcpcd wlan0 or pump -i wlan0 -h hostname Links: 1. http://en.wikipedia.org/wiki/Category:Debian-based_distributions 2. http://curl.haxx.se/docs/caextract.html I realize my guide probably has many problems with formatting and such, but it can be revised. -Eric