Wireless WPA2 Enterprise Authentication

All about WTware on Raspberry. WTware works with Raspberry Pi 4, Raspberry Pi 3B+, Pi 3 and Pi 2 devices
http://www.winterminal.com
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Support,

Any chance to support Wireless WPA2 Enterprise authentication in the near future?

Thanks,
Ken
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

There are a lot of buzzwords about WPA2 Enterprise. What exactly do you need?
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

Basically, I am looking forward if you and your team could add the following WPA-EAP authentication for rpi :

# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
# (e.g., Radiator)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="user@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=10
}

Your help is very much appreciated.

Many thanks,
Ken
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

To be exact:

Wireless LAN interface config:

nano /etc/network/interfaces

allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

WPA Supplication config:

nano /etc/wpa_supplicant/wpa_supplicant.conf

# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel
# (e.g., Radiator)
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="user@example.com"
password="foobar"
ca_cert="/etc/cert/ca.pem"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=10
}

Thanks,
Ken
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

I'll try to add custom wpa_supplicant.conf support a bit later. Sorry, too busy now.
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

Great to hear that you are on it!
Hope to see the feature soon.

Thanks,
Ken
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

Please, try wtware 5.4.54.

Install it on SD.

Create wpa_supplicant.conf (lower case!) file in configs folder on SD. Start from wtware default to make sure, that everything goes right:

Code: Select all

ctrl_interface=/var/run/wpa_supplicant
network={
   ssid="put-wifi-ssid-here"
   psk="put-password-here"
}
Run wtware. It should connect. If it does, add your settings instead of wtware default.
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

First of all, thank you very much for your effort, but I have to bring you some bad news.

1. After reinstall the new version, I get a message File not found "SourceCodePro-Regular.ttf"
2. After Re-image the WTware SD card, I created wpa_supplicant.conf in the config folder:

ctrl_interface=/var/run/wpa_supplicant
network={
ssid="My SSID"
key_mgmt=WPA-EAP
eap=PEAP
identity="myusername"
password="password"
phase1="peaplabel=1"
phase2="auth=MSCHAPV2"
priority=1
}

3. When running on the WTware on Raspberry PI 3 Wireless is not connecting and it is asking for WIFI configuration.
The default configure only accept No Encryption or WPA/WPA2 PSK.

I have added some photo, if it help.
Did I do anything wrongly?
Appreciate if you can relook into it.

Thanks,
Ken
Attachments
WIFI_Config2.png
WIFI_Config2.png (192.73 KiB) Viewed 42415 times
File not found.png
File not found.png (1.94 KiB) Viewed 42415 times
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

Please, try 5.4.56.
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

Good job! We are almost there, I am now able to authenticate using the config file but I have problem getting DHCP IP address.
The DHCP work fine on other devices, could it be that the following wlan0 DHCP configuration?

nano /etc/network/interfaces

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Update:

In additional, I cannot get wireless IP address even non encrypted/no password WIFI SSID which worked on version 5.4.52.

Thanks a million,
Ken
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

Does it works with static IP? You connected to terminal server and got windows desktop?
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

Nope not working with static ip.
I tried to set the static IP during initial SD card install but not working.

Thanks,
Ken
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

If static IP does not work, why you think WiFi works?
vincny
Posts: 35
Joined: Tue Nov 01, 2016 9:58 am

Re: Wireless WPA2 Enterprise Authentication

Post by vincny »

Hi Aka,

I have a radius server for wireless authentication.
I check the log it is authenticating the wireless session from rpi 3, further more the status is successful.

Additional info:

I can also see that rpi 3 is connected to the Wireless LAN control just that it cannot get an IP address
and the connect will drop off after a few minute fail to get IP address.

Maybe the new version static IP only apply to LAN network and not Wireless?
Just my guess.

Thanks,
Ken
aka
SUPPORT
SUPPORT
Posts: 939
Joined: Fri Dec 03, 2004 2:05 pm
Contact:

Re: Wireless WPA2 Enterprise Authentication

Post by aka »

Let us now dig deeper.
Download, install, write on SD: http://pxe.ru/files/testing/201611132210.zip
Write wpa_supplicant.conf in /confgs/ on SD.
Boot.
Configure static IP (by the way, does your radius server work with static ip? why does connection drop after it failed to get IP address?)
Configure local config. Write "server=1.2.3.4" in config.
Reboot. Do not enter setup anymore, let it boot.
It will open command prompt. Type:
ifconfig
Make screen photo.
Type:
iwconfig
Photo again. Type:
ping -c 1 12.34.56.78
replace 12.34.56.78 with real pingable ip in wifi subnet. Photo.
Type:
cat /tmp/all.log
Photo.
Press Shift-PageUp.
Photo.
Repeat "Press Shift-PageUp. Photo." three times.
Do you still need wtware and wpa2 enterprise?
Post Reply