UbuntuHelp:WifiDocs/EduPaSS
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
Joining the eduPaSS WiFi Network
This document is intended to help setting up an eduPaSS wireless connection with Ubuntu Linux or any GNOME-based system (KDE should work with the WPA Supplicant file detailed here).
eduPaSS is a large Wi-Fi network, used throughout Victorian government schools in Australia.
These instructions were collated from mailing lists and manpages by Laurie Savage. Thanks to Donna Benjamin and Ian Green.
Step by Step Guide
1. Create a Mac certificate on edupass. My certificate archive was called "savubuntu.zip" - this name is important, it will be the machine name used later. The zip file contains "root.pem" and "usercert.p12" (in my case "savubuntu.p12")and I unzipped the file into /home/user/Documents/eduPaSS.
2. Convert usercert.p12 to usercert.pem and userkey.pem using openssl in a terminal:
openssl pkcs12 -nocerts -in usercert.p12 -out userkey.pem openssl pkcs12 -clcerts -nokeys -in usercert.p12 -out usercert.pem
Remember to substitute your certificate's name for usercert
3. Install the wpasupplicant and network-manager-gnome packages using Synaptic or apt-get:
sudo apt-get install wpasupplicant network-manager-gnome
4. Comment out all references in /etc/network/interfaces to wireless interfaces. If you don't do this you will not see any wireless networks in NetworkManager's menu.
5. Restart and run nm-applet (the GNOME front end to NetworkManager).
killall nm-applet nm-applet &
The nm-applet icon appears on the panel in the notification area.
6. Click on the applet and choose Connect to Other Wireless Network
SSID = eduPaSS-XXXX-01 (Replace XXXX with the school number) Wireless Security = WPA Enterprise EAP Method = TLS Key Type = Dynamic WEP (Auto will work too) ID = [machine name on certificate] (savubuntu in my case) Client cert = usercert.pem CA cert = root.pem Private key = userkey.pem Private key password = [password used to create the Macintosh certificate]
7. Hit connect.
8. You will be asked for a key ring password the first time it connects. If you have not created a key ring for other applications this is a local, machine based password and you will be prompted to create one the first time you connect.
WPA Supplicant Configuration
My /etc/wpa_supplicant/wpa_supplicant.conf file looks like:
fast_reauth=1
network={
ssid="eduPaSS-XXXX-01"
key_mgmt=IEEE8021X
eap=TLS
identity="savubuntu"
ca_cert="/home/sav/Documents/eduPaSS/root.pem"
client_cert="/home/sav/Documents/eduPaSS/savubuntucert.pem"
private_key="/home/sav/Documents/eduPaSS/savubuntukey.pem"
private_key_passwd="password used to create the Mac certificates"
eapol_flags=3
}
I needed to manually edit it because earlier attempts to set this up had created some glitches. With this .conf file I can boot into KDE and access the network easily.
The GNOME NetworkManager is a lovely tool, it detects new networks and you only need to choose them from the list. I have noticed it drops the connection a bit after rebooting, possibly the change of WEP key or something else on my system that is disturbing it. It connects fine when you click the applet again but a it's a little annoying.
