Wiki - WLANSetup

The Simple WLAN: ESSID wu

The easiest way to get online is to use the ESSID wu

After connecting, you'll be redirected to a login page, where you will have to provide your username and password. After some time you might need to authentificate again.

SSH etc will work.

Note: We've been informed that this WLAN is due to be turned off some time after YAPC. So it should work during the conference. But to be on the safe side it might be a good idea to prepare your laptop for the other WLAN (see below)

The Complex (but more secure) WLAN: ESSID wu-dot1x

This WLAN uses the ESSID wu-dot1x.

There are detailed (but german) instructions available here: http://www.wu-wien.ac.at/zid/anleitungen/wlan *NOTE* the instructions for
Mac OSX are incorrect, see below for better instructions.

There you can find instructions for various operating systems (if you don't speak german, ask some of the orgas for help, or try to navigate the windows by guessing :-)

Linux

Here's a translation of the Linux instructions (centered on Debian/Ubuntu):

Prerequisites

We are all using Kernels $> 2.6.18$, so all further descriptions are based on those. Of course, you need the module that supports your WLAN-Card. You will also need these modules:

• michael_mic
• aes_i586
• ieee80211
• ieee80211_crypt
• ieee80211_crypt_ccmp

You can probably check if your WLAN Interface ist working, by typing this as
root:

% iwlist scan 2>&1>/dev/null & sleep 5 ; iwlist scan | grep 'wu-dot1x'

You will also need the following packages installed:

• wpa_supplicant
• wireless-tools
• ca-certificates

% sudo apt-get install wpasupplicant wireless-tools ca-certificates

Configuration of WPA-Supplicant

If you are using a recent Ubuntu and your laptop is well configured, just tell the Network Manager that you want to use WPA2 and your username is <username> and your password is <password>.

Else, using Debian or some other linux, edit the file: /etc/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
ap_scan=2

network={
# wu
ssid="wu-dot1x"
id_str="wu"
scan_ssid=1
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP
eap=PEAP
identity="<username>"
password="<password>"

ca_cert=
"/usr/share/ca-certificates/mozilla/
GTE_CyberTrust_Global_Root.crt"
phase1="include_tls_length=1"
phase2="autheap=MSCHAPv2"
}

If you need to download the root certificate, do this:

% wget -O GTE_CyberTrust_Global_Root.crt \
% http://www.wu-wien.ac.at/zid/downloads/wlan_dotlx_root-zertifikat

This should suffice. Start your connection with the following command:

% sudo wpa_supplicant -w -c /etc/wpa_supplicant.conf -i eth1 -D wext -d
% sudo dhclient eth1

wpa_cli should give you something like this if you were successful:

% /sbin/wpa_cli status
Selected interface 'eth2'
bssid=00:12:7f:84:58:c1
ssid=wu-dot1x
id=1
id_str=wu
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
ip_address=137.208.195.195
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS

You should now be able to use the WLAN.

Mac OSX

The German instructions on the wu-wien website are somewhat misleading... due to a bug in Mac OSX, you have about 1.5 seconds to change the trust level screen that pops up. To solve this, use this procedure:

• Log in using the untrusted "wu" network (or any other network), and then proceed to download the Root certificate

• Rename this file so the file ends in .crt, for example, call it GTE-root.crt

• Click this file in Finder. This opens Keychain, asking you to add the certificate.

• Add the certificate to your "X509 Anchors"

• If a notice pops up "duplicate key", use Keychain to locate the old (and possibly expired) version of the "GTE Cybertrust Root" certificate, and delete it. Then proceed to import the above key again.

• (Again) Use Keychain to locate the "GTE Cybertrust Root" certificate. Change the Trust settings to "always trust".

• Now switch network to "wu-dot1x", and login. Remember to *add @wu-wien.ac.at* to your login name, or *you won't be able to login*.

• If it doesn't work immediately, hit "try again" a few times... apparently it sometimes needs multiple attempts.

version 10 saved on 28/08/07 18:41 by Jan-Pieter Cornet (‎JohnPC‎)

Home | Tags | Recent changes | History