Hi, Many thanks for the detailed answer! WPA Enterprise does not work for the full Jessie (amd64) OS (installed on a fast USB stick). I removed these WPA Enterprise settings and reconfigured them again without success twice. Unsecured Wifi connections can always be established, but not the (highly) secured WPA ones. Only the Gnome desktop is installed. Maybe, I messed up the system by first installing the wrong firmware (ipw2x00) and subsequently the iwlwifi one. What else could I have done incorrectly? Best regards, François On 01/27/2015 03:37 AM, Stefan
Lippers-Hollmann wrote:
Hi On 2015-01-26 "François P. Rotzinger" <francois.rotzinger@epfl.ch> wrote: [...]The following details on the WPA I'am using might be of interest to you: Security: WPA & WPA2 Enterprise, Authentication: Tunneled TLS, CA certificate: Thawte_Premium_Server_CA.pem, Inner authentication: MSCHAPv2. With Ubuntu 14.04 (amd64) everything works fine on the same hardware.This might work in your installed Ubuntu system, and I'm pretty confident that it would work in a full Debian installation as well, but I'm rather sure that it does not work in Ubuntu's installer either - which is quite different from an installed system. The wpasupplicant udeb only supports plain WPA1 or WPA2 (and WEP or unencrypted networks). IEEE8021X, also known as WPA Enterprise, is only available to the full wpasupplicant package, not the udeb. Beyond enabling support for IEEE8021X to the wpasupplicant udeb, d-i/ netcfg would also require extensive changes to support these encryption methods - neither sounds very likely (this gets exponentially complex[1] (and large for the initrd environment of d-i) to manage the certificate handling or just to provide a functional input mask to configure the vastly different flavours possible with IEEE8021X. After installing Debian to the harddisk, configuring IEEE8021X should be rather straight forward, be it via network-manager or wpasupplicant's plain ifupdown integration, see /usr/share/doc/wpasupplicant/examples/ for example configuration. Depending on the actual wireless environment you might have to extract or convert the required certificates for Linux. If you have a working configuration for Ubuntu, it should be possible to re-use this for Debian verbatim. Regards Stefan Lippers-Hollmann [1] IEEE8021X doesn't stand for a specific kind of wlan encryption, but covers a wide array of individually layered encryption schemes (MSCHAPV2 or TTLS, certificates required for either server or client - or for both, individual user names and password combinations on to - or handling all this via certificates, etc. pp.). -- François P. Rotzinger Privat-docent (lecturer) Ecole Polytechnique Fédérale de Lausanne (EPFL) Institut des Sciences et Ingénierie Chimiques (ISIC) Station 6 CH-1015 Lausanne Switzerland |