Hi On 2015-01-29, François P. Rotzinger wrote: > Hi, > I configured WPA with Network-Manager, exactly as described in the link > you gave me. "eduroam" does not work with Jessie and the Intel Centrino > Wireless-N 2230 Wifi card, but it works with both Wheezy and Jessie for > the Intel Centrino Ultimate-N 6300 3x3 AGN" Wifi card - everything > configured with Network-Manager. Furthermore, "eduroam" works for the > Intel Centrino Wireless-N 2230 Wifi card and Ubuntu 14.04. The problem > seems to be related to the Intel Centrino Wireless-N 2230 card and maybe > the Realtek firmware. I have not yet tried the manual configuration of > wpa_supplicant.conf. > What do you think about this? This is very, very unlikely. Drivers based on mac80211 provide a generic, (mostly) hardware independent API to the userland and wpasupplicant. This means wpasupplicant is mostly independent of the used wireless hardware, meaning that bugs normally either happen for all wlan hardware or are working with all hardware[1]. What differentiates IEEE8021X from plain wpa2 are additional encryption layers not done in hardware, but purely in software/ in wpasupplicant (better devices/ drivers can do AES in hardware, but this is the same for both plain wpa2 and IEEE8021X). So given that plain wpa2 is working, it's (almost) impossible that IEEE8021X does not - if it's configured correctly. While network-manager is indeed easier for the common user, it's harder to debug and to confirm that the used configuration between two systems/ installations is indeed identical. This is easier to confirm using wpa_supplicant.conf and ifupdown. Therefore I'd suggest testing it this way, e.g. via: # cat /etc/network/interfaces allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant-wlan0.conf iface wlan0 inet6 auto privext 2 # cat /etc/wpa_supplicant/wpa_supplicant-wlan0.conf ctrl_interface=/run/wpa_supplicant ctrl_interface_group=netdev network={ priority=8 ssid="epfl" key_mgmt=WPA-EAP proto=WPA2 eap=TTLS identity="GASPAR@epfl.ch" password="MY_PASSWORD" anonymous_identity="anonymous@epfl.ch" phase2="auth=MSCHAPV2" ca_cert="/etc/ssl/certs/Thawte_Premium_Server_CA.pem" subject_match="CN=radius.epfl.ch" } You will have to customize your configuration, of course - and need to ensure that /etc/ssl/certs/Thawte_Premium_Server_CA.pem exists and contains the right certificate. Warning, this example ignores potentially needed additional interfaces and assumes that network-manager has been stopped/ disabled while testing, ifupdown needs to manage this interface. activate the interface (auto-active after rebooting) # ifup wlan further debugging information is available via # wpa_cli (interesting commands in the wpa_cli shell are status, scan and scan_results). Disclaimer: I unfortunately don't have access to modern Intel wlan cards, my most modern Intel wlan card is the old IPW2200BG, and there are often bugreports against iwlwifi (I'm not quite sure if this is caused their sheer volume on the market, problems caused by leaked after-market engineering samples[2]or driver/ hardware inherent issues). It's been a while since I could personally test IEEE8021X, as I don't have a testing environment for it locally. Regards Stefan Lippers-Hollmann [1] This is a simplified view on it, based on how userland (== wpasupplicant) sees the device (all mordern devices are nl80211, only wext based ones are different). Of course there may be bugs lingering in kernel, firmware or hardware which may be specific to a particular wireless chipset (different feature sets, interface combinations, hardware offload for encryption methods, etc.). [2] This *is* often an issue as Intel doesn't sell wlan cards to individuals, so cards that end up on the free market are often pre-release hardware with known bugs or no driver support at all. Devices sold as part of notebooks or as original replacement parts from notebook vendors are of course not plagued by this.
Attachment:
pgp0tnGXWznVQ.pgp
Description: Digitale Signatur von OpenPGP