TU Berlin eduroam - How to get Wireless LAN working with wpa_supplicant.conf and hashed password
up vote
4
down vote
favorite
I was struggling for awhile searching for a good wpa_supplicant.conf to
get access to the "eduroam" Wireless LAN network at the TU Berlin.
Since I know for sure, that it is not trivial and that the bash-script
actually saves your password in plain text I want to present the solution
to this problem in the answer.
So that anyone in the future can follow a real guide to get eduroam
working and not the fuzzy solution the tubIT presents you.
The tubIT solution (namely Configuration Assistant Tool or
direct here for the tubIT version) does not work properly (securely)
with wpa_supplicant nor is it build to do so.
cat was created with a (the) network manager
(GNOME freedesktop NetworkManager) in mind.
wpa-supplicant eduroam
asked Jun 5 at 12:23
Patrick Abraham
716
add a comment |
up vote
4
down vote
favorite
I was struggling for awhile searching for a good wpa_supplicant.conf to
get access to the "eduroam" Wireless LAN network at the TU Berlin.
Since I know for sure, that it is not trivial and that the bash-script
actually saves your password in plain text I want to present the solution
to this problem in the answer.
So that anyone in the future can follow a real guide to get eduroam
working and not the fuzzy solution the tubIT presents you.
The tubIT solution (namely Configuration Assistant Tool or
direct here for the tubIT version) does not work properly (securely)
with wpa_supplicant nor is it build to do so.
cat was created with a (the) network manager
(GNOME freedesktop NetworkManager) in mind.
wpa-supplicant eduroam
asked Jun 5 at 12:23
Patrick Abraham
716
@RuiFRibeiro This was a self-answered question, just took a while to write it down. Couldn't tag it as such, since I don't have the reputation. And I might add this was like 5 hours of work, screaming and hate.
– Patrick Abraham
Jun 5 at 13:18
To access Eduroam WIFI use the simple script provided by them here: cat.eduroam.org
– Kiwy
Jun 5 at 14:42
@Kiwy cat.eduroam.org is a script based on network manager. And also does not encrypt your password if it is forced to use wpa_supplicant. This is even stated in the question itself.
– Patrick Abraham
Jun 5 at 16:45
add a comment |
up vote
4
down vote
favorite
up vote
4
down vote
favorite
I was struggling for awhile searching for a good wpa_supplicant.conf to
get access to the "eduroam" Wireless LAN network at the TU Berlin.
Since I know for sure, that it is not trivial and that the bash-script
actually saves your password in plain text I want to present the solution
to this problem in the answer.
So that anyone in the future can follow a real guide to get eduroam
working and not the fuzzy solution the tubIT presents you.
The tubIT solution (namely Configuration Assistant Tool or
direct here for the tubIT version) does not work properly (securely)
with wpa_supplicant nor is it build to do so.
cat was created with a (the) network manager
(GNOME freedesktop NetworkManager) in mind.
wpa-supplicant eduroam
asked Jun 5 at 12:23
Patrick Abraham
716
I was struggling for awhile searching for a good wpa_supplicant.conf to
get access to the "eduroam" Wireless LAN network at the TU Berlin.
Since I know for sure, that it is not trivial and that the bash-script
actually saves your password in plain text I want to present the solution
to this problem in the answer.
So that anyone in the future can follow a real guide to get eduroam
working and not the fuzzy solution the tubIT presents you.
The tubIT solution (namely Configuration Assistant Tool or
direct here for the tubIT version) does not work properly (securely)
with wpa_supplicant nor is it build to do so.
cat was created with a (the) network manager
(GNOME freedesktop NetworkManager) in mind.
wpa-supplicant eduroam
wpa-supplicant eduroam
asked Jun 5 at 12:23
Patrick Abraham
716
asked Jun 5 at 12:23
Patrick Abraham
716
edited Nov 26 at 14:50
asked Jun 5 at 12:23
Patrick Abraham
716
asked Jun 5 at 12:23
Patrick Abraham
716
asked Jun 5 at 12:23
Patrick Abraham
716
716
@RuiFRibeiro This was a self-answered question, just took a while to write it down. Couldn't tag it as such, since I don't have the reputation. And I might add this was like 5 hours of work, screaming and hate.
– Patrick Abraham
Jun 5 at 13:18
To access Eduroam WIFI use the simple script provided by them here: cat.eduroam.org
– Kiwy
Jun 5 at 14:42
@Kiwy cat.eduroam.org is a script based on network manager. And also does not encrypt your password if it is forced to use wpa_supplicant. This is even stated in the question itself.
– Patrick Abraham
Jun 5 at 16:45
add a comment |
@RuiFRibeiro This was a self-answered question, just took a while to write it down. Couldn't tag it as such, since I don't have the reputation. And I might add this was like 5 hours of work, screaming and hate.
– Patrick Abraham
Jun 5 at 13:18
To access Eduroam WIFI use the simple script provided by them here: cat.eduroam.org
– Kiwy
Jun 5 at 14:42
@Kiwy cat.eduroam.org is a script based on network manager. And also does not encrypt your password if it is forced to use wpa_supplicant. This is even stated in the question itself.
– Patrick Abraham
Jun 5 at 16:45
@RuiFRibeiro This was a self-answered question, just took a while to write it down. Couldn't tag it as such, since I don't have the reputation. And I might add this was like 5 hours of work, screaming and hate.
– Patrick Abraham
Jun 5 at 13:18
@RuiFRibeiro This was a self-answered question, just took a while to write it down. Couldn't tag it as such, since I don't have the reputation. And I might add this was like 5 hours of work, screaming and hate.
– Patrick Abraham
Jun 5 at 13:18
To access Eduroam WIFI use the simple script provided by them here: cat.eduroam.org
– Kiwy
Jun 5 at 14:42
To access Eduroam WIFI use the simple script provided by them here: cat.eduroam.org
– Kiwy
Jun 5 at 14:42
@Kiwy cat.eduroam.org is a script based on network manager. And also does not encrypt your password if it is forced to use wpa_supplicant. This is even stated in the question itself.
– Patrick Abraham
Jun 5 at 16:45
@Kiwy cat.eduroam.org is a script based on network manager. And also does not encrypt your password if it is forced to use wpa_supplicant. This is even stated in the question itself.
– Patrick Abraham
Jun 5 at 16:45
add a comment |
1 Answer
1
active
oldest
votes
up vote
5
down vote
accepted
First of all, you have to make sure you installed the certificates you will need to get access.
These certificates can be found here as plain text.
You will need to rename them and move them to the correct location:
/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem
This should work, the only problem could be the .pem ending on some distros (e.g. Ubuntu), just renaming it to tu-cert.crt instead of tu-cert.pem should fix it.
Then update your trusted certificates.
Next up is the question how to hash your password, so you can store it without running the danger of someone sneaking into your files to grab your TU password.
Since you don't want to be enrolled in some random course.
Jokes aside, to hash your password is a good idea and won't hurt you. To do so just type the following line into your terminal:
echo -n plaintext_password_here | iconv -t utf16le | openssl md4
For Mac this would be
echo -n plaintext_password_here | iconv -t UTF-16LE | openssl md4
This will output a hashed version of your password which we will use in the wpa_supplicant.conf
If you can't copy it from the terminal, because you don't have X running add | tee ~/hashed_pw at the end to pipe the stdout to a file then you can use vim to open both files at the same time and yy the line to the other file.
Now add the following network to your wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="YOUR_USERNAME@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:YOUR_HASHED_PASSWORD
}
The hashed password needs to be there plain without ""!
If you for some reason changed .pem to .crt you need to change that here as well.
If I missed something or if there is any way to improve this guide, please comment or edit!
As a finishing touch an example:
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="angi.m@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:00000000000000000000000000000000
}
answered Jun 5 at 13:10
Patrick Abraham
716
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
accepted
First of all, you have to make sure you installed the certificates you will need to get access.
These certificates can be found here as plain text.
You will need to rename them and move them to the correct location:
/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem
This should work, the only problem could be the .pem ending on some distros (e.g. Ubuntu), just renaming it to tu-cert.crt instead of tu-cert.pem should fix it.
Then update your trusted certificates.
Next up is the question how to hash your password, so you can store it without running the danger of someone sneaking into your files to grab your TU password.
Since you don't want to be enrolled in some random course.
Jokes aside, to hash your password is a good idea and won't hurt you. To do so just type the following line into your terminal:
echo -n plaintext_password_here | iconv -t utf16le | openssl md4
For Mac this would be
echo -n plaintext_password_here | iconv -t UTF-16LE | openssl md4
This will output a hashed version of your password which we will use in the wpa_supplicant.conf
If you can't copy it from the terminal, because you don't have X running add | tee ~/hashed_pw at the end to pipe the stdout to a file then you can use vim to open both files at the same time and yy the line to the other file.
Now add the following network to your wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="YOUR_USERNAME@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:YOUR_HASHED_PASSWORD
}
The hashed password needs to be there plain without ""!
If you for some reason changed .pem to .crt you need to change that here as well.
If I missed something or if there is any way to improve this guide, please comment or edit!
As a finishing touch an example:
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="angi.m@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:00000000000000000000000000000000
}
answered Jun 5 at 13:10
Patrick Abraham
716
add a comment |
up vote
5
down vote
accepted
First of all, you have to make sure you installed the certificates you will need to get access.
These certificates can be found here as plain text.
You will need to rename them and move them to the correct location:
/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem
This should work, the only problem could be the .pem ending on some distros (e.g. Ubuntu), just renaming it to tu-cert.crt instead of tu-cert.pem should fix it.
Then update your trusted certificates.
Next up is the question how to hash your password, so you can store it without running the danger of someone sneaking into your files to grab your TU password.
Since you don't want to be enrolled in some random course.
Jokes aside, to hash your password is a good idea and won't hurt you. To do so just type the following line into your terminal:
echo -n plaintext_password_here | iconv -t utf16le | openssl md4
For Mac this would be
echo -n plaintext_password_here | iconv -t UTF-16LE | openssl md4
This will output a hashed version of your password which we will use in the wpa_supplicant.conf
If you can't copy it from the terminal, because you don't have X running add | tee ~/hashed_pw at the end to pipe the stdout to a file then you can use vim to open both files at the same time and yy the line to the other file.
Now add the following network to your wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="YOUR_USERNAME@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:YOUR_HASHED_PASSWORD
}
The hashed password needs to be there plain without ""!
If you for some reason changed .pem to .crt you need to change that here as well.
If I missed something or if there is any way to improve this guide, please comment or edit!
As a finishing touch an example:
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="angi.m@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:00000000000000000000000000000000
}
answered Jun 5 at 13:10
Patrick Abraham
716
add a comment |
up vote
5
down vote
accepted
up vote
5
down vote
accepted
First of all, you have to make sure you installed the certificates you will need to get access.
These certificates can be found here as plain text.
You will need to rename them and move them to the correct location:
/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem
This should work, the only problem could be the .pem ending on some distros (e.g. Ubuntu), just renaming it to tu-cert.crt instead of tu-cert.pem should fix it.
Then update your trusted certificates.
Next up is the question how to hash your password, so you can store it without running the danger of someone sneaking into your files to grab your TU password.
Since you don't want to be enrolled in some random course.
Jokes aside, to hash your password is a good idea and won't hurt you. To do so just type the following line into your terminal:
echo -n plaintext_password_here | iconv -t utf16le | openssl md4
For Mac this would be
echo -n plaintext_password_here | iconv -t UTF-16LE | openssl md4
This will output a hashed version of your password which we will use in the wpa_supplicant.conf
If you can't copy it from the terminal, because you don't have X running add | tee ~/hashed_pw at the end to pipe the stdout to a file then you can use vim to open both files at the same time and yy the line to the other file.
Now add the following network to your wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="YOUR_USERNAME@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:YOUR_HASHED_PASSWORD
}
The hashed password needs to be there plain without ""!
If you for some reason changed .pem to .crt you need to change that here as well.
If I missed something or if there is any way to improve this guide, please comment or edit!
As a finishing touch an example:
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="angi.m@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:00000000000000000000000000000000
}
answered Jun 5 at 13:10
Patrick Abraham
716
First of all, you have to make sure you installed the certificates you will need to get access.
These certificates can be found here as plain text.
You will need to rename them and move them to the correct location:
/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem
This should work, the only problem could be the .pem ending on some distros (e.g. Ubuntu), just renaming it to tu-cert.crt instead of tu-cert.pem should fix it.
Then update your trusted certificates.
Next up is the question how to hash your password, so you can store it without running the danger of someone sneaking into your files to grab your TU password.
Since you don't want to be enrolled in some random course.
Jokes aside, to hash your password is a good idea and won't hurt you. To do so just type the following line into your terminal:
echo -n plaintext_password_here | iconv -t utf16le | openssl md4
For Mac this would be
echo -n plaintext_password_here | iconv -t UTF-16LE | openssl md4
This will output a hashed version of your password which we will use in the wpa_supplicant.conf
If you can't copy it from the terminal, because you don't have X running add | tee ~/hashed_pw at the end to pipe the stdout to a file then you can use vim to open both files at the same time and yy the line to the other file.
Now add the following network to your wpa_supplicant.conf
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="YOUR_USERNAME@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:YOUR_HASHED_PASSWORD
}
The hashed password needs to be there plain without ""!
If you for some reason changed .pem to .crt you need to change that here as well.
If I missed something or if there is any way to improve this guide, please comment or edit!
As a finishing touch an example:
network={
ssid="eduroam"
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP TKIP
eap=PEAP
ca_cert="/usr/share/ca-certificates/tu-berlin.de/tu-cert.pem"
identity="angi.m@win.tu-berlin.de"
domain_suffix_match="tubit.tu-berlin.de"
phase2="auth=MSCHAPV2"
password=hash:00000000000000000000000000000000
}
answered Jun 5 at 13:10
Patrick Abraham
716
edited Jun 5 at 13:48
answered Jun 5 at 13:10
Patrick Abraham
716
answered Jun 5 at 13:10
Patrick Abraham
716
answered Jun 5 at 13:10
Patrick Abraham
716
716
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f447979%2ftu-berlin-eduroam-how-to-get-wireless-lan-working-with-wpa-supplicant-conf-and%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
@RuiFRibeiro This was a self-answered question, just took a while to write it down. Couldn't tag it as such, since I don't have the reputation. And I might add this was like 5 hours of work, screaming and hate.
– Patrick Abraham
Jun 5 at 13:18
To access Eduroam WIFI use the simple script provided by them here: cat.eduroam.org
– Kiwy
Jun 5 at 14:42
@Kiwy cat.eduroam.org is a script based on network manager. And also does not encrypt your password if it is forced to use wpa_supplicant. This is even stated in the question itself.
– Patrick Abraham
Jun 5 at 16:45