Nachedem man sich eine EGM_KENNUNG besorgt hat, kann man alternativ zu bspw. Network-Manager den WPA-Supplicant verwenden und diesen über die Datei /etc/wpa_supplicant/wpa_supplicant.conf für das eduroam WLAN an der RWTH konfigurieren
mkdir /tmp/eduroam && cd /tmp/eduroam wget https://pki.pca.dfn.de/rwth-ca/pub/cacert/rootcert.crt -O Deutsche_Telekom_Root_CA_2.crt openssl x509 -in Deutsche_Telekom_Root_CA_2.crt -inform DER -out Deutsche_Telekom_Root_CA_2.pem -outform PEM wget https://pki.pca.dfn.de/rwth-ca/pub/cacert/intermediatecacert.crt -O DFN-Verein_PCA_Global-G01.crt openssl x509 -in DFN-Verein_PCA_Global-G01.crt -inform DER -out DFN-Verein_PCA_Global-G01.pem -outform PEM wget https://pki.pca.dfn.de/rwth-ca/pub/cacert/cacert.crt -O RWTH_Aachen_CA.crt openssl x509 -in RWTH_Aachen_CA.crt -inform DER -out RWTH_Aachen_CA.pem -outform PEM # do not overwrite sudo cp -i * /etc/ssl/certs/ sudo chmod 644 *.crt cd && rm -rf /tmp/eduroam
mkdir /tmp/eduroam && cd /tmp/eduroam wget https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/rootcert.crt -O T-TeleSec_GlobalRoot_Class_2.crt openssl x509 -in T-TeleSec_GlobalRoot_Class_2.crt -inform DER -out T-TeleSec_GlobalRoot_Class_2.pem -outform PEM wget https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/intermediatecacert.crt -O DFN-Verein_Certification_Authority_2.crt openssl x509 -in DFN-Verein_Certification_Authority_2.crt -inform DER -out DFN-Verein_Certification_Authority_2.pem -outform PEM wget https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt -O DFN-Verein_Global_Issuing_CA.crt openssl x509 -in DFN-Verein_Global_Issuing_CA.crt -inform DER -out DFN-Verein_Global_Issuing_CA.pem -outform PEM # do not overwrite sudo cp -i * /etc/ssl/certs/ sudo chmod 644 *.crt cd && rm -rf /tmp/eduroam
zcat /usr/share/doc/wpa_supplicant/examples/wpa_supplicant.conf.gz | sed '1,/# Example blocks:/!d' > /etc/wpa_supplicant/wpa_supplicant.conf
cat << EOT >> /etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=PEAP
ca_cert="/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem"
phase2="auth=MSCHAPV2"
identity="EGM_KENNUNG@rwth.edufi.de"
domain_suffix_match="radius.rz.rwth-aachen.de
subject_match="radius.rz.rwth-aachen.de"
anonymous_identity="EGM_KENNUNG@rwth.edufi.de"
# echo -n plaintext_password_here | iconv -t utf16le | openssl md4
password=hash:XXX
# wenn es nicht anders geht plain text password
# password="YYY"
EOT
cat << EOT >> /etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=TTLS
ca_cert="/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem"
phase2="auth=MSCHAPV2"
identity="EGM_KENNUNG@rwth.edufi.de"
domain_suffix_match="radius.rz.rwth-aachen.de"
subject_match="radius.rz.rwth-aachen.de"
anonymous_identity="EGM_KENNUNG@rwth.edufi.de"
# echo -n plaintext_password_here | iconv -t utf16le | openssl md4
password=hash:XXX
# wenn es nicht anders geht plain text password
# password="YYY"
EOT
cat << EOT >> /etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=TTLS
ca_cert="/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem"
phase2="auth=PAP"
identity="EGM_KENNUNG@rwth.edufi.de"
domain_suffix_match="radius.rz.rwth-aachen.de"
subject_match="radius.rz.rwth-aachen.de"
anonymous_identity="EGM_KENNUNG@rwth.edufi.de"
# wegen PAP wird hier das Passwort im Klartext benötigt
password="yyy"
EOT
ip link set wlan0 up
ps -ef | fgrep wpa kill $PID
wpa_supplicant -i wlan0 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf -d
iwconfig | fgrep ESSID
dhclient wlan0
ping -c3 www.rwth-aachen.de