Friday, April 10, 2009

Abit AirPace, ath5k and eduroam

I tried to connect my university workstation to the wireless eduroam network on the campus. The workstation was delivered with an Abit AirPace wlan card (probably an Atheros 5006 chipset). The first thing necessary was the ath5k kernel module (my first shot using ndiswrapper didn't work). Both Debian lenny and Ubuntu intrepid-updates provide it.

Now there are generally 3 ways to connect to the AP. All making use of wpasupplicant. Further the certificate (may differ for the universities) is necessary.

/etc/wpa_supplicant/wpa_supplicant.conf

This is described at the sites of my university. It's written in German, but it should still be easy to understand. Let's just mention the snippet for /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=2
ap_scan=1
fast_reauth=1

network={
        ssid="eduroam"
        key_mgmt=WPA-EAP
        proto=RSN
        pairwise=CCMP
        group=TKIP
        eap=TTLS
        anonymous_identity="anonymous@tu-dresden.de"
        identity="****@tu-dresden.de"
        password="****"
        ca_cert="/etc/wpa_supplicant/TUD-CACert.pem"
        phase2="auth=PAP"

}

Instead of the script suggested at the site above, you can also use this snippet in /etc/network/interfaces:

auto wlan0
iface wlan0 inet dhcp
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

/etc/network/interfaces

It is also possible to put the values directly into /etc/network/interfaces:

auto wlan0
iface wlan0 inet dhcp
        wpa-ssid eduroam
        wpa-proto RSN
        wpa-group CCMP TKIP
        wpa-pairwise CCMP TKIP
        wpa-key-mgmt WPA-EAP
        wpa-eap TTLS
        wpa-ca-cert /etc/wpa_supplicant/TUD-CACert.pem
        wpa-phase2 "auth=PAP"
        wpa-anonymous-identity anonymous@tu-dresden.de
        wpa-identity ****@tu-dresden.de
        wpa-password ****

network-manager

Here is a screenshot of the authentication dialog:

Screenshot of authentication dialog of network-manager

So now everybody at the University of Dresden wanting to use eduroam should hopefully be able to configure this connection on his Debian or Ubuntu system.

(WW) AllowEmtpyInput is on, devices using drivers <kbd> or <mouse> will be disabled

Maybe you will observe a changed mouse and keyboard behaviour after updating X.org recently in Debian Sid. Then you will probably discover the warning mentioned in the title in your X.org server log /var/log/Xorg.0.log. The very short and dirty solution to get things working for the moment is to put this into your /etc/X11/xorg.conf:

Section "ServerLayout"
    Option "AutoAddDevices" "off"
EndSection

See the first entry in /usr/share/doc/xserver-xorg/NEWS.Debian.gz and follow the mentioned links for more information. However, the above solution should only be a temporary workaround: Try to migrate things (I will post changes for my system asap).