Pages

Monday, May 18, 2009

How to configure Ubuntu 8.10 / 9.04 for 802.1x WPA TKIP environment

IIUM wireless environment implement WPA authentication and TKIP encryption. The overall using 802.1x authentication method which deploy protected EAP (PEAP) using EAP token. User database stored in a Radius server by using FreeRadius running on FreeBSD platform. 


One of my user said, before upgrading his Ubuntu 8.10, he was using Ubuntu Hardy Heron 8.04. The previous Ubuntu is running well. Once he upgrade it to Ubuntu 8.10, he cannot get connected to our secure wireless environment anymore. 

Hmmmmm... while other user with other stardard OS e.g Windows XP, Mac OS and Windows Vista doesn't have any problem, so I suspect, the WPA configuration in Ubuntu 8.10 something need to change drastically. It seems like doesn't works well in a secured wireless environment. 

We have tried and yes, it does not work with IIUM wireless campus. I tried to switch to fedora 10, but the result is still the same. Then we tried to migrate to knoppix, my best linux distro ever, but still not working and become more worst when knoppix cannot detect Intel PRO/Wireless 3945ABG device. We dont want to use ndiswrapper since it finally could corrupt my entire OS. FYI, Suse linux will work smoothly with IIUM wireless.


When Ubuntu come out with new release, 9.04 and 9.10 alpha, my friend wasexciting because the new relase might help student who really like ( dont know why, yet Ubuntu still look nothing for me) to have a great bonding with Ubuntu, but the result is still disappointing. The main issue is that since the release 8.10 version, Ubuntu has come with standard Network Manager with not support of PEAP/TKIP, the main authentication for IIUM wireless connection. So, the bestsolution for this is to swtich to Wicd, the open source Gnome-independency Network manager.

1. Get the Wicd either direct download by using command terminal sudo apt-getinstall wicd , or just download from Synaptic Package Manager for those who dont want to play around with command terminal.

using command





sudo apt -get install wicd


using synaptic package manager


2. Go to etc/wicd/encryption/templates/peap-tkip to customize the setting. Please take note that ubuntu has by default disable the root password. So you cannot just simple open form file browser. You can either open the file using command sudo ect/wicd/…../peap-tkip at terminal or just type on terminal “sudo passwd root” to enable you root password. Please also take not the file is located at the root folder, not home folder.

Change this:
name = PEAP with TKIP
author = Fralaltro
version = 1
require identity *Identity password *Password ca_cert *Path_to_CA_Cert
-----
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="$_ESSID"
scan_ssid=$_SCAN
proto=WPA
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=PEAP
identity="$_IDENTITY"
password="$_PASSWORD"
ca_cert="$_CA_CERT"
phase1="peaplabel=0"
phase2="auth=MSHAPV2"
}

to become this:

name = PEAP with TKIP
author = Fralaltro
version = 1
require identity *Identity password *Password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="$_ESSID"
scan_ssid=$_SCAN
proto=WPA
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=PEAP
identity="$_IDENTITY"
password="$_PASSWORD"
phase1="peaplabel=0"
phase2="auth=EAP Token"
}

3. After that, go to Application > Internet > Wicd Network Manager. select iium community and click on Advanced Setting. Tick Use Encryption and select PEAP with TKIP.


Then, just type your username and password….and thats it and it works…

FB Comments