[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipw2x00 with WPA


On 2015-01-26 "François P. Rotzinger" <francois.rotzinger@epfl.ch> wrote:
> The following details on 
> the WPA I'am using might be of interest to you: Security: WPA & WPA2 
> Enterprise, Authentication: Tunneled TLS, CA certificate: 
> Thawte_Premium_Server_CA.pem, Inner authentication: MSCHAPv2.
> With Ubuntu 14.04 (amd64) everything works fine on the same hardware.

This might work in your installed Ubuntu system, and I'm pretty 
confident that it would work in a full Debian installation as well,
but I'm rather sure that it does not work in Ubuntu's installer 
either - which is quite different from an installed system.

The wpasupplicant udeb only supports plain WPA1 or WPA2 (and WEP or 
unencrypted networks). IEEE8021X, also known as WPA Enterprise, is only
available to the full wpasupplicant package, not the udeb. Beyond 
enabling support for IEEE8021X to the wpasupplicant udeb, d-i/ netcfg 
would also require extensive changes to support these encryption 
methods - neither sounds very likely (this gets exponentially complex[1]
(and large for the initrd environment of d-i) to manage the 
certificate handling or just to provide a functional input mask to 
configure the vastly different flavours possible with IEEE8021X.

After installing Debian to the harddisk, configuring IEEE8021X should
be rather straight forward, be it via network-manager or 
wpasupplicant's plain ifupdown integration, see 


for example configuration. Depending on the actual wireless 
environment you might have to extract or convert the required
certificates for Linux. If you have a working configuration
for Ubuntu, it should be possible to re-use this for Debian

	Stefan Lippers-Hollmann

[1]	IEEE8021X doesn't stand for a specific kind of wlan
	encryption, but covers a wide array of individually
	layered encryption schemes (MSCHAPV2 or TTLS, certificates
	required for either server or client - or for both,
	individual user names and password combinations on to - or
	handling all this via certificates, etc. pp.).

Attachment: pgpxeTnoKoI_5.pgp
Description: Digitale Signatur von OpenPGP

Reply to: