Connecting to KIT and eduroam
The following shows how to connect to KIT. The configuration for the SSID eduroam is done analogously.
The T-TeleSec GlobalRoot Class 2 certificate is required. It is included in the debian/ubuntu package ca-certificates and can be downloaded here. The installed certificate can be found in the file /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem.
- Wireless security: WPA & WPA Enterprise
- Authentication: Tunneled TLS
- Anonymous identity: firstname.lastname@example.org
- Domain: radius-wlan.scc.kit.edu (option is missing in older versions of Network Manager)
- CA certificate: /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
- Inner authentication: PAP
- Username: your KIT account (e.g. email@example.com or firstname.lastname@example.org)
- Password: your password
If you want to use wpa_supplicant without a gui, enter in the configuration file:
More information on wpa_supplicant can be found in the archlinux wiki.
If you want to use iwd, you must create a configuration file /var/lib/iwd/KIT.8021x that contains the following. ca_cert is configured for Debian/Ubuntu. For other distributions it may differ. See also the information about the CA certificate at the top of this page.
EAP-Identity=anonymous∂ kit edu
EAP-TTLS-Phase2-Identity=ab1234∂ kit edu