Skip navigation.
Orion's Travels
 family | medicine | news | search | travels
Home » blogs » orion's blog

school network

Submitted by orion on Wed, 2007-10-03 15:34. | | | |

I recently started back at school and, being one of the leading academic postgraduate institutions in the world, there is very good network access. However, not surprisingly, the support for linux is minimal - and being that I run Debian on an old powerbook, the computer help desk people all seemed to be more impressed with my machine but unable to help. They use Red Hat, though, and I was able to get one of the guys to show me the dhcp server logs, which was great as I could then tell what was working or not...

Anyhow, this is how I got it all working. The basic information that I had consisted of the help guides for windoze XP and vista macosx users produced by the IT department, thus I knew basic info (what the protocols were, most likely, and also of course my username, password, etc).

Ok, so the first thing was to do some research. Well, I browsed the web and got lots of helpful advice, but the job then was to collate it into something I could use. Biggest problem was that the majority of resources are designed for intel architectures - yep, that's not me. I'm quite familiar now with the 'Grand Unified Bootloader' which is used for much of Debian - alas, again not powerpc, although I hear it's under development. So, the alternative is 'yaboot' which works with oldworld and newworld powerpc. But maybe I'm getting ahead of myself.

I use wpasupplicant to help maintain my wireless interface.

[Note: there was a long interval between writing the above and what follows!]

My first discovery, given that the School uses a combination of WPA2-PEAP-MSCHAPv2 (my understanding being that there is an initial authentication with the access point [AP] and then a second round of authentication with the actual network itself) was that I probably needed xsupplicant. What was this? Well, it was downloadable via apt which is always good, and I had found some configuration details on the net:

....Errrr - now lost them. But I do have the config changes I made for xsupplicant after installation:


### GLOBAL SECTION

default_netname = default
logfile = /var/log/xsupplicant.log
default_interface = eth2

###  NETWORK SECTION
## Default Network Section
default
{
}

eduroam
{ 
  type = wireless
  allow_types = eap_peap
  identity = "eepiamor@lshtm.ac.uk"
  wpa_pairwise_cipher = tkip
  wpa_group_cipher = tkip
  eap-peap {
      inner_id = "eepiamor@lshtm.ac.uk"
      root_dir = /etc/ssl/certs
      chunk_size = 1398
      random_file = /dev/urandom
      allow_types = eap_mschapv2
      eap-mschapv2 {
        username = "eepiamor@lshtm.ac.uk"
        password = "changed"
      }
  }
}

Unfortunately, this didn't work. Hmm, so what now? A new guy had recently started on the IT help desk at this point (remember, I said it had been quite a while!) and I showed him my problem as he was into networking a bit - had already puzzled over the problem of getting his mobile online, plus was a bit of a linux hacker, too. The first thing that we did together was to run wpa_supplicant on its' own, without the xsupplicant, and try to see what we got. This showed us that there was a connection being made, but that some of the authentication wasn't being completed (we could see the server certificate, but it wasn't being allowed for some reason - why?). We went away to think about this and, to my great fortune, he had ideas that I did not have during the intervening week.

Thus, the following time we were able to meet, he'd brought his Suse laptop in and was online. After few modifications of my config file, I was able to get online also - this is now what my computer looks like:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
        ssid="eduroam"
        key_mgmt=WPA-EAP
        proto=WPA2
        eap=PEAP
        phase2="auth=MSCHAPV2"
        identity="eepiamor@lshtm.ac.uk"
        password="changed"
}

There was one final stage to do - of getting through the PacketFence security barrier, but I'd already done that using the mac OSX that was also installed on my computer (I find this helpful as I can run 'mol' - maconlinux - and use the citrix novell client for powerpc to then connect to the school network from outside).

There are a couple of problems remaining which I will have to go into further slightly later, but now I have to run....

» orion's blog | login or register to post comments