Re: WPA Enterprise TTLS

From: "Darren Albers" <dalbers gmail com>
To: "Sylvain Courtois" <courtois crans org>
Cc: networkmanager-list gnome org
Subject: Re: WPA Enterprise TTLS
Date: Wed, 14 Nov 2007 15:02:46 -0500

On Nov 12, 2007 4:59 PM, Sylvain Courtois <courtois crans org> wrote:
> Robert Love a écrit :
> > On Wed, 2006-03-22 at 18:38 +0000, bloch verdurin com wrote:
> >
> >> Today I've been trying to connect to a wireless network that uses
> >> 802.11x.
> >>
> >> I was told by someone who connected using an Apple laptop that I needed
> >> to use TTLS "with PAP".  In the WPA Enterprise window that appeared when
> >> I tried to connect using Network Manager, there was no option I could
> >> see to choose PAP instead of anything else.
> >>
> >> Is this a missing feature or am I missing something?
> >>
> >> I'm using the version in FC5.
> >>
> >> I can send a log file if that would be helpful.
> >
> > If you need to use PAP as the second-stage authenticator, we do not
> > support that.  I have been intending to add second-stage authentication,
> > but I don't know a lot about it.
> >
> > If you could get a hold of a working wpa_supplicant.conf for your
> > configuration, that would be a start.
> >
> >       Robert Love
>
> Hello
>
> I've got the same problem, and I have a wpa_supplicant config which
> works for me.
> It is equivalent to the config you can see in this page for MS Windows
> (it's a web page of the university where I work):
> http://wifi.uvsq.fr/secure.php
>
> For resuming (in french):
> - Authentification réseau : WPA2 - Entreprise
> - Chiffrement des données : AES - CCMP
> - Type d'authentification : TTLS
> - Protocole d'Authentification : PAP
> - Références de l'utilisateur: Demander à chaque connexion
> and a ssl certificate is needed too.
>
> Here is my wpa_supplicant config file (attachement). I hope it will help.
>
> I stay tuned if you wan't me to give more details or to test something.
> But unfortunately I've no (or just a bit) experience in developping.
>
> Regards
> --
> Sylvain Courtois
> http://absolut.taket.org/
>
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=0
> eapol_version=1
> ap_scan=2
> fast_reauth=1
> network={
>
> ssid="WPA2_UVSQ"
> key_mgmt=WPA-EAP
> proto=WPA2
> pairwise=CCMP
> group=CCMP
> eap=TTLS
> ca_cert="/root/UVSQCAcert.crt"
> identity="sylvcour"
> password="********"
> phase2="auth=PAP"
>
> }
>
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list
>
>

Version 0.6.5 should support what you are looking for.  Try the following:
Hit "Connect to other wireless network" and select the following settings:
Wireless Security: WPA2 Enterprise
EAP Method: TTLS
Key Type: Automatic (You may need to select AES-CCMP)
Phase2 Type: PAP
Identity: sylvcour
Password: <Enter your password>
Anonymous Identity: Leave Blank
Client Certificate: Leave at None
CA Certificate: Select your cert
Private Key File: Leave at None
Private Key Password: Leave and None

Follow-Ups:
- Re: WPA Enterprise TTLS
  - From: Sylvain Courtois

References:
- Re: WPA Enterprise TTLS
  - From: Sylvain Courtois

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]