[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipw2x00 with WPA



Hi,
Many thanks for the detailed answer!

WPA Enterprise does not work for the full Jessie (amd64) OS (installed on a fast USB stick). I removed these WPA Enterprise settings and reconfigured them again without success twice. Unsecured Wifi connections can always be established, but not the (highly) secured WPA ones. Only the Gnome desktop is installed. Maybe, I messed up the system by first installing the wrong firmware (ipw2x00) and subsequently the iwlwifi one.

What else could I have done incorrectly?
Best regards,
François

On 01/27/2015 03:37 AM, Stefan Lippers-Hollmann wrote:
Hi

On 2015-01-26 "François P. Rotzinger" <francois.rotzinger@epfl.ch> wrote:
[...]
The following details on 
the WPA I'am using might be of interest to you: Security: WPA & WPA2 
Enterprise, Authentication: Tunneled TLS, CA certificate: 
Thawte_Premium_Server_CA.pem, Inner authentication: MSCHAPv2.
With Ubuntu 14.04 (amd64) everything works fine on the same hardware.
This might work in your installed Ubuntu system, and I'm pretty 
confident that it would work in a full Debian installation as well,
but I'm rather sure that it does not work in Ubuntu's installer 
either - which is quite different from an installed system.

The wpasupplicant udeb only supports plain WPA1 or WPA2 (and WEP or 
unencrypted networks). IEEE8021X, also known as WPA Enterprise, is only
available to the full wpasupplicant package, not the udeb. Beyond 
enabling support for IEEE8021X to the wpasupplicant udeb, d-i/ netcfg 
would also require extensive changes to support these encryption 
methods - neither sounds very likely (this gets exponentially complex[1]
(and large for the initrd environment of d-i) to manage the 
certificate handling or just to provide a functional input mask to 
configure the vastly different flavours possible with IEEE8021X.

After installing Debian to the harddisk, configuring IEEE8021X should
be rather straight forward, be it via network-manager or 
wpasupplicant's plain ifupdown integration, see 

	/usr/share/doc/wpasupplicant/examples/

for example configuration. Depending on the actual wireless 
environment you might have to extract or convert the required
certificates for Linux. If you have a working configuration
for Ubuntu, it should be possible to re-use this for Debian
verbatim.

Regards
	Stefan Lippers-Hollmann

[1]	IEEE8021X doesn't stand for a specific kind of wlan
	encryption, but covers a wide array of individually
	layered encryption schemes (MSCHAPV2 or TTLS, certificates
	required for either server or client - or for both,
	individual user names and password combinations on to - or
	handling all this via certificates, etc. pp.).

-- 
François P. Rotzinger
Privat-docent (lecturer)
Ecole Polytechnique Fédérale de Lausanne (EPFL)
Institut des Sciences et Ingénierie Chimiques (ISIC)
Station 6
CH-1015 Lausanne
Switzerland

Reply to: