Back to article
Configuring Strong Wi-Fi (802.1X) Authentication in Linux, Part II
Supplicants and Authentication
December 15, 2009
Last month, we discovered 802.1X authentication and how it works with encryption techniques to secure wireless networks. We learned WEP encryption is dead, WPA is okay, and WPA2 is the best. We found that the Wi-Fi Protected Access versions can be used in two very different modes: Personal (PSK) which is easy to setup and Enterprise which uses 802.1X authentication to provide adequate security for business networks.
In the previous part, we also discovered the two main 802.1X supplicants (clients): Xsupplicant and wpa_supplicant. We used wpa_supplicant via Ubuntu's networking GUI. Now we're going to discuss how to manually configure wpa_supplicant using it's configuration file, in case your Linux distribution doesn't interface with the supplicant.
Configuring wpa_supplicant via the config file
If you've installed wpa_supplicant yourself, you can set it up via the configuration file. If the supplicant came with your Linux distribution, you still might choose to use the configuration file to fine-tune the authentication and encryption settings.
Here are a few general parameters you may want to set that apply to all networks you connect to:
You specify the details of networks you want to connect to in blocks using brackets. The supplicant will try to connect to the listed networks in the order they appear in. Before you take the time to configure all the settings, you might want to check if the supplicant is working fine with your wireless driver by connecting to an unencrypted AP first, using the following block:
Before you configure more network blocks, let's review some of the possible fields you can use in them to configure the network settings:
Now lets put some of these fields to use in some network block examples.
Here's an example of a network block configured to connect to a WPA-Enterprise network with 802.1X authentication (using the PEAP protocol which requires users to enter login credentials):
For instance, this is an example of a network block configured to connect to a WPA2-Enterprise network with 802.1X authentication (using EAP-TLS which requires client and server certificates):