Page 1 of 2

Wireless WPA2 Enterprise Authentication

Posted: Tue Nov 01, 2016 10:37 am
by vincny
Hi Support,

Any chance to support Wireless WPA2 Enterprise authentication in the near future?

Thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Wed Nov 02, 2016 12:53 pm
by aka
There are a lot of buzzwords about WPA2 Enterprise. What exactly do you need?

Re: Wireless WPA2 Enterprise Authentication

Posted: Wed Nov 02, 2016 6:17 pm
by vincny
Hi Aka,

Basically, I am looking forward if you and your team could add the following WPA-EAP authentication for rpi :

# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
# (e.g., Radiator)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="user@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=10
}

Your help is very much appreciated.

Many thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Thu Nov 03, 2016 10:38 am
by vincny
Hi Aka,

To be exact:

Wireless LAN interface config:

nano /etc/network/interfaces

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

WPA Supplication config:

nano /etc/wpa_supplicant/wpa_supplicant.conf

# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
# (e.g., Radiator)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="user@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=10
}

Thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Thu Nov 03, 2016 3:27 pm
by aka
I'll try to add custom wpa_supplicant.conf support a bit later. Sorry, too busy now.

Re: Wireless WPA2 Enterprise Authentication

Posted: Thu Nov 03, 2016 4:12 pm
by vincny
Hi Aka,

Great to hear that you are on it!
Hope to see the feature soon.

Thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Wed Nov 09, 2016 2:28 am
by aka
Please, try wtware 5.4.54.

Install it on SD.

Create wpa_supplicant.conf (lower case!) file in configs folder on SD. Start from wtware default to make sure, that everything goes right:

Code: Select all

ctrl_interface=/var/run/wpa_supplicant
network={
   ssid="put-wifi-ssid-here"
   psk="put-password-here"
}
Run wtware. It should connect. If it does, add your settings instead of wtware default.

Re: Wireless WPA2 Enterprise Authentication

Posted: Wed Nov 09, 2016 6:38 am
by vincny
Hi Aka,

First of all, thank you very much for your effort, but I have to bring you some bad news.

1. After reinstall the new version, I get a message File not found "SourceCodePro-Regular.ttf"
2. After Re-image the WTware SD card, I created wpa_supplicant.conf in the config folder:

ctrl_interface=/var/run/wpa_supplicant
network={
ssid="My SSID"
key_mgmt=WPA-EAP
eap=PEAP
identity="myusername"
password="password"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=1
}

3. When running on the WTware on Raspberry PI 3 Wireless is not connecting and it is asking for WIFI configuration.
The default configure only accept No Encryption or WPA/WPA2 PSK.

I have added some photo, if it help.
Did I do anything wrongly?
Appreciate if you can relook into it.

Thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Wed Nov 09, 2016 5:20 pm
by aka
Please, try 5.4.56.

Re: Wireless WPA2 Enterprise Authentication

Posted: Thu Nov 10, 2016 5:05 am
by vincny
Hi Aka,

Good job! We are almost there, I am now able to authenticate using the config file but I have problem getting DHCP IP address.
The DHCP work fine on other devices, could it be that the following wlan0 DHCP configuration?

nano /etc/network/interfaces

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Update:

In additional, I cannot get wireless IP address even non encrypted/no password WIFI SSID which worked on version 5.4.52.

Thanks a million,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Thu Nov 10, 2016 4:22 pm
by aka
Does it works with static IP? You connected to terminal server and got windows desktop?

Re: Wireless WPA2 Enterprise Authentication

Posted: Thu Nov 10, 2016 4:40 pm
by vincny
Hi Aka,

Nope not working with static ip.
I tried to set the static IP during initial SD card install but not working.

Thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Fri Nov 11, 2016 1:47 am
by aka
If static IP does not work, why you think WiFi works?

Re: Wireless WPA2 Enterprise Authentication

Posted: Fri Nov 11, 2016 3:12 am
by vincny
Hi Aka,

I have a radius server for wireless authentication.
I check the log it is authenticating the wireless session from rpi 3, further more the status is successful.

Additional info:

I can also see that rpi 3 is connected to the Wireless LAN control just that it cannot get an IP address
and the connect will drop off after a few minute fail to get IP address.

Maybe the new version static IP only apply to LAN network and not Wireless?
Just my guess.

Thanks,
Ken

Re: Wireless WPA2 Enterprise Authentication

Posted: Mon Nov 14, 2016 6:26 am
by aka
Let us now dig deeper.
Download, install, write on SD: http://pxe.ru/files/testing/201611132210.zip
Write wpa_supplicant.conf in /confgs/ on SD.
Boot.
Configure static IP (by the way, does your radius server work with static ip? why does connection drop after it failed to get IP address?)
Configure local config. Write "server=1.2.3.4" in config.
Reboot. Do not enter setup anymore, let it boot.
It will open command prompt. Type:
ifconfig
Make screen photo.
Type:
iwconfig
Photo again. Type:
ping -c 1 12.34.56.78
replace 12.34.56.78 with real pingable ip in wifi subnet. Photo.
Type:
cat /tmp/all.log
Photo.
Press Shift-PageUp.
Photo.
Repeat "Press Shift-PageUp. Photo." three times.
Do you still need wtware and wpa2 enterprise?