Jdi na navigaci

Linux

Configuring with CAT

Důležité:

The latest version of the pkcs11-provider package currently prevents some distributions from connecting to the eduroam network. Fedora 41 OS is affected at the moment, see bug report. The solution is to downgrade the package from version 0.5-4 back to version 0.5-3:

sudo dnf downgrade pkcs11-provider

Make sure you have set up eduroam password.
Install the dbus-python package.
Arch Linux
Download and install the package manager for Python – pip.
sudo pacman -S python-pip

Download and install the dbus-python package.

pip install dbus-python
Debian / Ubuntu
Download and install the package manager for Python – pip.
sudo apt install python3-pip

Download and install the dbus-python package.

pip install dbus-python
Fedora
Download and install the package manager for Python – pip.
sudo dnf install python3-pip

Download and install the dbus-python package.

pip install dbus-python
openSUSE
Download and install the package manager for Python – pip.
sudo zypper install python-pip

Download and install the dbus-python package.

pip install dbus-python
Go to this link and click on download the eduroam configuration profile.
Save the profile.
Navigate to the configuration file folder and run the file.
In the pop-up window, confirm that you are a member of organization CTU.
Enter your username in the form <username>@cvut.cz
Enter eduroam password.
Connect to wi-fi eduroam.
Certificate must be present in the connection details.

Secure connection to the eduroam network was successful. By using the eduroam network, you agree to CTU network usage policy.

In case of problems, see Troubleshooting section.

Manually configuring with iwd

If you are using iwd (iNet wireless daemon) and are not using NetworkManager, you must configure manually - the CAT tool does not support iwd.

If you don’t have iwd installed yet, install the iwd package from your distribution’s repositories.
Create a MD4 hash of your eduroam password (replace <PASSWORD> with your password eduroam password):
```
printf '<PASSWORD>' | iconv -t utf16le | openssl md4 | cut -d' ' -f2
```
Prepare a /var/lib/iwd/eduroam.8021x configuration file for iwd readable only by the root user:
```
sudo install /dev/null -D -m 600 -o root -g root /var/lib/iwd/eduroam.8021x
```

Add the following configuration to the /var/lib/iwd/eduroam.8021x file:

[Security]
EAP-Method=PEAP
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-ServerDomainMask=radius.cvut.cz
EAP-PEAP-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt  1
EAP-Identity=<CVUT-USERNAME>@cvut.cz  2
EAP-PEAP-Phase2-Identity=<CVUT-USERNAME>@cvut.cz  2
EAP-PEAP-Phase2-Password-Hash=<PASSWORD-HASH>  3

[Settings]
AutoConnect=true

If you do not have this "USERTrust RSA Certification Authority" root certificate file, download it from from here.
Replace <CVUT-USERNAME> with your username (e.g. flynnkev).
Replace <PASSWORD-HASH> with the password hash created in step 1.

Turn on the iwd service/daemon if it is not already running (note: no need to restart it).
Connect to eduroam:
```
iwctl station wlan0 connect eduroam
```
If you get a Device wlan0 not found error, your WiFi adapter’s network interface is probably named something else; the iwcl device list command will list the available interfaces.

Upozornění:

MD4 is not a secure hashing function, MD4 hashed passwords can be cracked (converted to the original password) in hours to seconds! It is therefore necessary to ensure that the configuration file /var/lib/iwd/eduroam.8021x does not fall into the wrong hands. However, at least weak hashing is better than no hashing at all.

In case of trouble, use the Troubleshooting section.