Linux
WLAN configuration
Connecting to KIT and eduroam
The following shows how to connect to KIT. The configuration for the SSID eduroam is done analogously.
The T-TeleSec GlobalRoot Class 2 certificate is required. It is included in the debian/ubuntu package ca-certificates and can be downloaded here. The installed certificate can be found in the file /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem.
You can either use the Network Manager, a graphical user interface for wpa_supplicant, or wpa_supplicant itself.
Network Manager
Choose the network KIT in the Network Manager [figure 1]. Configure the settings and click on "Connect" [figure 2].
- Wireless security: WPA & WPA Enterprise
- Authentication: Tunneled TLS
- Anonymous identity: anonymous@kit.edu
- Domain: radius-wlan.scc.kit.edu (option is missing in older versions of Network Manager)
- CA certificate: /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
- Inner authentication: PAP
- Username: your KIT account (e.g. ab1234@kit.edu or uxxxx@kit.edu)
- Password: your password
wpa_suppliant
If you want to use wpa_supplicant without a gui, enter in the configuration file:
network={
ssid="KIT"
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
phase2="auth=PAP"
anonymous_identity="anonymous@kit.edu"
identity="ab1234@kit.edu"
password="password"
ca_cert="/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem"
altsubject_match="DNS:radius-wlan.scc.kit.edu"
}
More information on wpa_supplicant can be found in the archlinux wiki.
iwd
If you want to use iwd, you must create a configuration file /var/lib/iwd/KIT.8021x that contains the following. ca_cert is configured for Debian/Ubuntu. For other distributions it may differ. See also the information about the CA certificate at the top of this page.
[Security]
EAP-Method=TTLS
EAP-Identity=anonymous ∂does-not-exist.kit edu
EAP-TTLS-CACert=/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
EAP-TTLS-ServerDomainMask=radius-wlan.scc.kit.edu
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=ab1234 ∂does-not-exist.kit edu
EAP-TTLS-Phase2-Password=password
[Settings]
AutoConnect=true