Friday, April 10, 2009

Abit AirPace, ath5k and eduroam

I tried to connect my university workstation to the wireless eduroam network on the campus. The workstation was delivered with an Abit AirPace wlan card (probably an Atheros 5006 chipset). The first thing necessary was the ath5k kernel module (my first shot using ndiswrapper didn't work). Both Debian lenny and Ubuntu intrepid-updates provide it.

Now there are generally 3 ways to connect to the AP. All making use of wpasupplicant. Further the certificate (may differ for the universities) is necessary.

/etc/wpa_supplicant/wpa_supplicant.conf

This is described at the sites of my university. It's written in German, but it should still be easy to understand. Let's just mention the snippet for /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=2
ap_scan=1
fast_reauth=1

network={
        ssid="eduroam"
        key_mgmt=WPA-EAP
        proto=RSN
        pairwise=CCMP
        group=TKIP
        eap=TTLS
        anonymous_identity="anonymous@tu-dresden.de"
        identity="****@tu-dresden.de"
        password="****"
        ca_cert="/etc/wpa_supplicant/TUD-CACert.pem"
        phase2="auth=PAP"

}

Instead of the script suggested at the site above, you can also use this snippet in /etc/network/interfaces:

auto wlan0
iface wlan0 inet dhcp
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

/etc/network/interfaces

It is also possible to put the values directly into /etc/network/interfaces:

auto wlan0
iface wlan0 inet dhcp
        wpa-ssid eduroam
        wpa-proto RSN
        wpa-group CCMP TKIP
        wpa-pairwise CCMP TKIP
        wpa-key-mgmt WPA-EAP
        wpa-eap TTLS
        wpa-ca-cert /etc/wpa_supplicant/TUD-CACert.pem
        wpa-phase2 "auth=PAP"
        wpa-anonymous-identity anonymous@tu-dresden.de
        wpa-identity ****@tu-dresden.de
        wpa-password ****

network-manager

Here is a screenshot of the authentication dialog:

Screenshot of authentication dialog of network-manager

So now everybody at the University of Dresden wanting to use eduroam should hopefully be able to configure this connection on his Debian or Ubuntu system.