Re: Connecting to Wireless 802.1x EAP
On Thu, 29 Jan 2015 08:40:21 +0000
Darac Marjal <mailinglist@darac.org.uk> wrote:
> On Wed, Jan 28, 2015 at 03:15:46PM -0500, Stephen R Guglielmo wrote:
> > Hi guys,
> >
> > I have a debian laptop running jessie using the iwlwifi driver. I
> > can connect to WPA2-PSK networks just fine. However, my campus has a
> > wireless network that uses WPA-EAP/PEAP authentication. I have read
> > the Debian wiki page[1] on the subject and it claims I need to
> > provide a certificate.
>
> According to wikipedia, EAP encompasses a whole variety of
> authentications methods ranging from certificates, to passwords, to
> pre-shared keys, even to SIM cards.
>
Indeed. I have a feeling it's only EAP-TLS that requires a client
certificate.
> >
> > I have an android phone that can connect to the network using my
> > user/pass. It does not require any type of certificate. In fact, for
> > the 'Certificate' setting, it defaults to "(none)" and that works.
> >
> > Why is it that I still need a certificate? Is there a way I can get
> > it from the wireless network itself? I've searched and my
> > university does not provide a certificate anywhere for download.
> >
Possibly the RADIUS authentication server will accept a number of
methods, but the only one it has in common with your laptop is one which
requires the certificate. EAP-PEAP was driven by Microsoft, as I recall,
but should be available on any platform, but because of that it needs
only a user name and password. It's some time since I looked into this,
but as I recall, PEAP does download a certificate. EAP-TLS requires a
client certificate signed by a certificate on the server, working the
same way as the preferred OpenVPN authentication. The whole point of
this type of authentication is that the signing certificate is *not*
part of a public key infrastructure.
--
Joe
Reply to: