l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2009 Oct 08 22:19

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Connecting to moobilenetx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Connecting to moobilenetx



Greetings all,

It took me some time to figure out how to get my connection to moobilenetx
on the UCD campus working last year, so I decided to write a guide for
anyone who decides to use it.

1. Check for WPA support In a virtual terminal (xterm, rxvt, Konsole, GNOME
Terminal, etc.), type:

       /sbin/iwlist auth

   If you have WPA support, you should see something like the following:

       $ /sbin/iwlist auth 
       lo        no authentication information.  
       wlan0     Authentication capabilities :
                       WPA 
                       WPA2 
                       CIPHER-TKIP 
                       CIPHER-CCMP 
                       [...]

2. Make sure you have wpa_supplicant installed 
   As root in a virtual terminal running bash, type:

	PATH=$PATH:/usr/sbin:/sbin which wpa_supplicant

    If you see something like this, then you have wpa_supplicant.

	# PATH=$PATH:/usr/sbin:/sbin which wpa_supplicant
	/usr/sbin/wpa_supplicant

    If you don't have wpa_supplicant, get it from your distribution's
repositories.

    Here are a few examples, all executed as root:

	Debian-based distributions (1) (Ubuntu, Linux Mint, Debian, etc.):
        aptitude update
        aptitude install wpasupplicant

	Fedora: yum install wpasupplicant

	openSUSE: zypper install wpa_supplicant

	Mandriva: urpmi wpa_supplicant

	Arch Linux: pacman -S wpa_supplicant

	Gentoo: emerge -av net-wireless/wpa_supplicant

3. Configure wpa_supplicant in /etc/wpa_supplicant.conf 

Open /etc/wpa_supplicant.conf as root with your favorite text editor
(Caution: Running graphical applications via sudo may leave X unusable.
Instead, run graphical applications as root after entering root shell with
sudo -i or su. If X does become unusable, remove your user's ~/.Xauthority
file.) If /etc/wpa_supplicant.conf does not exist, create it.

    Copy the following into your file:

	ctrl_interface=/var/run/wpa_supplicant 
        ctrl_interface_group=0
        eapol_version=1 
        ap_scan=1 
        fast_reauth=1

	network={ 
          ssid="moobilenetx"
          scan_ssid=1
          key_mgmt=WPA-EAP
          eap=PEAP TTLS
          ca_cert="/path/to/cert"
          identity="janedoe"
          password="passw0rd"
          phase1="peaplabel=0"
          phase2="auth=MSCHAPV2"
        }

    Replace janedoe with your UCD login id and passw0rd with your kerberos
password. Replace /path/to/cert with the path to the root certificate
bundle, which you may download here (2) or find on your filesystem (try  wc
-l $(locate ca-bundle) or find / -name *ca-bundle* -exec wc -l {} + and see
if the certificate bundles that show up have a lot of certificates -- more
than 2,000 lines).

4. Connect to moobilenetx As root in a virtual terminal:

	Check to see that your computer sees moobilenetx: 
        iwlist wlan0 scan | grep moobilenetx

	Try to connect (be sure to replace wlan0 with your wireless
interface): 
        wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf

If you see something like this, then you're connected. You may or may not
get the OpenSSL error, depending on your wireless card, but it should not
cause problems with your connection. The command will not terminate after
it connects, so press Ctrl - C to stop the execution of the command (NB:
This will close your connection. If you wish to skip running wpa_supplicant
in daemon mode for now, press Ctrl - Z to stop the command, type bg to
background the process, and go on to step 5):

       # wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf
       CTRL-EVENT-SCAN-RESULTS
       Trying to associate with xx:xx:xx:xx:xx:xx (SSID='moobilenetx'
freq=xxxx MHz)
       Associated with xx:xx:xx:xx:xx:xx
       CTRL-EVENT-EAP-STARTED EAP authentication started
       CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
       OpenSSL: tls_connection_handshake - Failed to read possible
Application Data error:00000000:lib(0):func(0):reason(0)
       EAP-MSCHAPV2: Authentication succeeded
       EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
       CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

       WPA: Key negotiation completed with xx:xx:xx:xx:xx:xx [PTK=TKIP
GTK=TKIP]
       CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx:xx completed
(auth) [id=0 id_str=]

    Now that you've -- hopefully -- connected, run wpa_supplicant in daemon
mode:
	wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B

5. Get an IP address so you can use the network As root in a virtual
terminal, replacing wlan0 with your wireless interface and hostname with
your computer's name where applicable:

	dhclient wlan0

    or

	dhcpcd wlan0

    or

	pump -i wlan0 -h hostname

Links: 
1. http://en.wikipedia.org/wiki/Category:Debian-based_distributions
2. http://curl.haxx.se/docs/caextract.html

I realize my guide probably has many problems with formatting and such, but it can be revised.

-Eric
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.