Hi
On 2015-01-29, François P. Rotzinger wrote:
> Hi,
> I configured WPA with Network-Manager, exactly as described in the link
> you gave me. "eduroam" does not work with Jessie and the Intel Centrino
> Wireless-N 2230 Wifi card, but it works with both Wheezy and Jessie for
> the Intel Centrino Ultimate-N 6300 3x3 AGN" Wifi card - everything
> configured with Network-Manager. Furthermore, "eduroam" works for the
> Intel Centrino Wireless-N 2230 Wifi card and Ubuntu 14.04. The problem
> seems to be related to the Intel Centrino Wireless-N 2230 card and maybe
> the Realtek firmware. I have not yet tried the manual configuration of
> wpa_supplicant.conf.
> What do you think about this?
This is very, very unlikely. Drivers based on mac80211 provide a
generic, (mostly) hardware independent API to the userland and
wpasupplicant. This means wpasupplicant is mostly independent of
the used wireless hardware, meaning that bugs normally either
happen for all wlan hardware or are working with all hardware[1].
What differentiates IEEE8021X from plain wpa2 are additional
encryption layers not done in hardware, but purely in software/
in wpasupplicant (better devices/ drivers can do AES in hardware,
but this is the same for both plain wpa2 and IEEE8021X). So given
that plain wpa2 is working, it's (almost) impossible that IEEE8021X
does not - if it's configured correctly.
While network-manager is indeed easier for the common user, it's
harder to debug and to confirm that the used configuration between
two systems/ installations is indeed identical. This is easier to
confirm using wpa_supplicant.conf and ifupdown. Therefore I'd
suggest testing it this way, e.g. via:
# cat /etc/network/interfaces
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
iface wlan0 inet6 auto
privext 2
# cat /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=netdev
network={
priority=8
ssid="epfl"
key_mgmt=WPA-EAP
proto=WPA2
eap=TTLS
identity="GASPAR@epfl.ch"
password="MY_PASSWORD"
anonymous_identity="anonymous@epfl.ch"
phase2="auth=MSCHAPV2"
ca_cert="/etc/ssl/certs/Thawte_Premium_Server_CA.pem"
subject_match="CN=radius.epfl.ch"
}
You will have to customize your configuration, of course - and
need to ensure that /etc/ssl/certs/Thawte_Premium_Server_CA.pem
exists and contains the right certificate. Warning, this example
ignores potentially needed additional interfaces and assumes that
network-manager has been stopped/ disabled while testing, ifupdown
needs to manage this interface.
activate the interface (auto-active after rebooting)
# ifup wlan
further debugging information is available via
# wpa_cli
(interesting commands in the wpa_cli shell are status, scan and
scan_results).
Disclaimer: I unfortunately don't have access to modern Intel wlan
cards, my most modern Intel wlan card is the old IPW2200BG, and
there are often bugreports against iwlwifi (I'm not quite sure if
this is caused their sheer volume on the market, problems caused
by leaked after-market engineering samples[2]or driver/ hardware
inherent issues). It's been a while since I could personally test
IEEE8021X, as I don't have a testing environment for it locally.
Regards
Stefan Lippers-Hollmann
[1] This is a simplified view on it, based on how userland
(== wpasupplicant) sees the device (all mordern devices
are nl80211, only wext based ones are different). Of course
there may be bugs lingering in kernel, firmware or hardware
which may be specific to a particular wireless chipset
(different feature sets, interface combinations, hardware
offload for encryption methods, etc.).
[2] This *is* often an issue as Intel doesn't sell wlan cards to
individuals, so cards that end up on the free market are often
pre-release hardware with known bugs or no driver support at
all.
Devices sold as part of notebooks or as original replacement
parts from notebook vendors are of course not plagued by this.
Attachment:
pgp0tnGXWznVQ.pgp
Description: Digitale Signatur von OpenPGP