Go to navigation

Linux

Configuring with CAT

  1. Make sure you have set up eduroam password.
  2. Install the dbus-python package.
    Arch Linux

    Download and install the package manager for Python – pip.

    sudo pacman -S python-pip

    Download and install the dbus-python package.

    pip install dbus-python

    Debian / Ubuntu

    Download and install the package manager for Python – pip.

    sudo apt install python3-pip

    Download and install the dbus-python package.

    pip install dbus-python

    Fedora

    Download and install the package manager for Python – pip.

    sudo dnf install python3-pip

    Download and install the dbus-python package.

    pip install dbus-python

    openSUSE

    Download and install the package manager for Python – pip.

    sudo zypper install python-pip

    Download and install the dbus-python package.

    pip install dbus-python

  3. Go to this link and click on download the eduroam configuration profile.

    linux 1 en
  4. Save the profile.

    linux 2 en
  5. Navigate to the configuration file folder and run the file.

    linux 3 en
  6. In the pop-up window, confirm that you are a member of organization CTU.

    linux 4 en
  7. Enter your username in the form <username>@cvut.cz

    linux 5 en
  8. Enter eduroam password.

    linux 6 en
  9. Connect to wi-fi eduroam.

    linux 7 en
  10. Certificate must be present in the connection details.

    linux 8 en

Manually configuring with iwd

If you are using iwd (iNet wireless daemon) and are not using NetworkManager, you must configure manually - the CAT tool does not support iwd.

  1. If you don’t have iwd installed yet, install the iwd package from your distribution’s repositories.
  2. Create a MD4 hash of your eduroam password (replace <PASSWORD> with your password eduroam password):

    printf '<PASSWORD>' | iconv -t utf16le | openssl md4 | cut -d' ' -f2
  3. Prepare a /var/lib/iwd/eduroam.8021x configuration file for iwd readable only by the root user:

    sudo install /dev/null -D -m 600 -o root -g root /var/lib/iwd/eduroam.8021x
  4. Add the following configuration to the /var/lib/iwd/eduroam.8021x file:

    [Security]
    EAP-Method=PEAP
    EAP-PEAP-Phase2-Method=MSCHAPV2
    EAP-PEAP-ServerDomainMask=radius.cvut.cz
    EAP-PEAP-CACert=/etc/ssl/certs/USERTrust_RSA_Certification_Authority.crt  1
    EAP-Identity=<CVUT-USERNAME>@cvut.cz  2
    EAP-PEAP-Phase2-Identity=<CVUT-USERNAME>@cvut.cz  2
    EAP-PEAP-Phase2-Password-Hash=<PASSWORD-HASH>  3
    
    [Settings]
    AutoConnect=true
    1. If you do not have this "USERTrust RSA Certification Authority" root certificate file, download it from from here.
    2. Replace <CVUT-USERNAME> with your username (e.g. flynnkev).
    3. Replace <PASSWORD-HASH> with the password hash created in step 1.
  5. Turn on the iwd service/daemon if it is not already running (note: no need to restart it).
  6. Connect to eduroam:

    iwctl station wlan0 connect eduroam

    If you get a Device wlan0 not found error, your WiFi adapter’s network interface is probably named something else; the iwcl device list command will list the available interfaces.

Caution:

MD4 is not a secure hashing function, MD4 hashed passwords can be cracked (converted to the original password) in hours to seconds! It is therefore necessary to ensure that the configuration file /var/lib/iwd/eduroam.8021x does not fall into the wrong hands. However, at least weak hashing is better than no hashing at all.

In case of trouble, use the Troubleshooting section.