Návody FIT
Jdi na navigaci

Linux

Configuring with CAT

  1. Make sure you have set up eduroam password.
  2. Install the dbus-python package.
    Arch Linux

    Download and install the package manager for Python – pip.

    sudo pacman -S python-pip

    Download and install the dbus-python package.

    pip install dbus-python

    Debian / Ubuntu

    Download and install the package manager for Python – pip.

    sudo apt install python3-pip

    Download and install the dbus-python package.

    pip install dbus-python

    Fedora

    Download and install the package manager for Python – pip.

    sudo dnf install python3-pip

    Download and install the dbus-python package.

    pip install dbus-python

    openSUSE

    Download and install the package manager for Python – pip.

    sudo zypper install python-pip

    Download and install the dbus-python package.

    pip install dbus-python

  3. Go to this link and click on download the eduroam configuration profile.

    linux 01.en

  4. Save the profile.

    linux 02.en

  5. Navigate to the configuration file folder and run the file.

    linux 03.en

  6. In the pop-up window, confirm that you are a member of organization CTU.

    linux 04.en

  7. Enter your username in the form <username>@cvut.cz

    linux 05.en

  8. Enter eduroam password.

    linux 06.en

  9. Connect to wi-fi eduroam.

    linux 07.en

  10. Certificate must be present in the connection details.

    linux 08.en

    Secure connection to the eduroam network was successful. By using the eduroam network, you agree to CTU network usage policy.

In case of problems, see Troubleshooting section.

Manually configuring with iwd

If you are using iwd (iNet wireless daemon) and are not using NetworkManager, you must configure manually - the CAT tool does not support iwd.

  1. If you don’t have iwd installed yet, install the iwd package from your distribution’s repositories.

  2. Create a MD4 hash of your eduroam password (replace <PASSWORD> with your password eduroam password):

    printf '<PASSWORD>' | iconv -t utf16le | openssl md4 | cut -d' ' -f2

  3. Prepare a /var/lib/iwd/eduroam.8021x configuration file for iwd readable only by the root user:

    sudo install /dev/null -D -m 600 -o root -g root /var/lib/iwd/eduroam.8021x

  4. Add the following configuration to the /var/lib/iwd/eduroam.8021x file:

    [Security]
EAP-Method=PEAP
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-ServerDomainMask=radius.cvut.cz
EAP-PEAP-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt  1
EAP-Identity=<CVUT-USERNAME>@cvut.cz  2
EAP-PEAP-Phase2-Identity=<CVUT-USERNAME>@cvut.cz  2
EAP-PEAP-Phase2-Password-Hash=<PASSWORD-HASH>  3

[Settings]
AutoConnect=true
    1. If you do not have this "USERTrust RSA Certification Authority" root certificate file, download it from from here.
    2. Replace <CVUT-USERNAME> with your username (e.g. flynnkev).
    3. Replace <PASSWORD-HASH> with the password hash created in step 1.
  5. Turn on the iwd service/daemon if it is not already running (note: no need to restart it).

  6. Connect to eduroam:

    iwctl station wlan0 connect eduroam

    If you get a Device wlan0 not found error, your WiFi adapter’s network interface is probably named something else; the iwcl device list command will list the available interfaces.

Upozornění:

MD4 is not a secure hashing function, MD4 hashed passwords can be cracked (converted to the original password) in hours to seconds! It is therefore necessary to ensure that the configuration file /var/lib/iwd/eduroam.8021x does not fall into the wrong hands. However, at least weak hashing is better than no hashing at all.

In case of trouble, use the Troubleshooting section