On Mon, Apr 26, 2010 at 07:01:03PM +0100, Ben Thompson wrote:
> On Mon, Apr 26, 2010 at 07:26:48PM +0200, Esben Damgaard wrote:
> > Ben Thompson skrev:
> > >Hi
> > >
> > >Does/will it support WPA-Enterprise?
> > Currently it does not, but it could be added. If you can show me the
> > output of 'iwlist scan' (from the Neo) near a wpa-enterprise network
> > and tell me what information is needed to log in, maybe I can make
> > it.
>
> Hi
>
> There are a few different ways to do it because although you can get
> connected with just a username and password, there are also optional
> parameters for wpa_supplicant which force it not just to connect but
> also verify the identity of the network. I have my own ideas about
> how this should work, but probably the most basic way would be to also
> have an option to select a certificate from /etc/ssl/certs. Please let
> me know if you want my input and I will give you all the help I can.
>
> eth0 Scan completed :
> Cell 01 - Address: 00:1A:1E:E2:44:C0
> ESSID:"eduroam"
> Mode:Master
> Frequency:2.422 GHz (Channel 3)
> Quality=51/94 Signal level=-44 dBm Noise
> level=-95 dBm
> Encryption key:on
> Extra:bcn_int=100
>
> Extra:wpa_ie=dd160050f20101000050f20201000050f20201000050f201
Hi
Further to my previous email, could I make the following suugestions
on how to implement WPA-Enterprise in a simple way :-
GUI Requirements :-
1. User scans for networks and selects an SSID shown as WPA-Enterprise.
2. Setup screen is shown with three mandatory fields
a) Username - text entry from keyboard
b) Password - text entry from keyboard
c) Server Certificate - drop down list which selects .pem or .der files from
~/.wifi_certs/
and /etc/ssl/certs/ and also includes a option labelled "Send my password to
anyone (insecure!)"
WPA Supplicant config :-
If the user selects "Send my password to anyone (insecure!)",
wpa_supplicant config is as follows :-
network={
ssid=<selected SSID>
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP
identity=<entered username>
password=<entered password>
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
If the user selects a cert from /etc/ssl/certs wpa_supplicant config
is as follows :-
network={
ssid=<selected SSID>
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=PEAP TTLS
ca_cert="<path to user selected cert>"
identity=<entered username>
password=<entered password>
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
I think this would work for 99% of the networks out there. If anyone
needs to use a self signed cert they can put it in ~/wifi_certs.
Other protocols such as TTLS or TLS could be added later as could
things like CN check if they are deemed necesarry.
Ben
_______________________________________________
Shr-devel mailing list
[email protected]
http://lists.shr-project.org/mailman/listinfo/shr-devel
