January 24, 2019

Configuring Strong Wi-fi (802.1x) Authentication in Linux - page 2

Don't Use WEP, WPA is Not Broken

  • November 23, 2009
  • By Eric Geier

Not only is Ubuntu 9.10 already loaded with the wpa_supplicant, its own networking GUI communicates directly with the supplicant. Configuring 802.1X authentication and connecting to WPA or WPA2 Enterprise networks in Ubuntu is pretty straightforward. When you're ready to connect, simply click the network icon on the top of the screen and select the network from the list.

If you're using a password-based EAP protocol, like the popular PEAPv0/EAP-MSCHAPv2, you'll be prompted to enter the authentication settings, such as seen in Figure 1. This also assumes the wireless card and driver supports WPA/WPA2.

figure 1

First, verify Wireless Security is set to WPA & WPA2 Enterprise. Then choose the Authentication protocol that's supported by the authentication server, such as the popular PEAP protocol. Unless your authentication server is set to accept anonymous connections, ignore that setting.

Next you should choose a CA Certificate file, so the client can verify it's connecting to a legitimate authentication server before completing its authentication. Though you can skip this setting, it's recommended to validate the server's certificate for full security. If the authentication server is loaded with a SSL certificate purchased from a Certificate Authority like VeriSign or Godaddy, you'll have to download their public root certificates from their site since Ubuntu isn't already loaded with them like in Windows. If you created your own self signed certificates like with openssl, you need to select the root CA certificate that was created.

Now you can set the other settings for the EAP type you selected. If you selected PEAP, for example, you can leave the PEAP Version as Automatic and the Inner Authentication as MSCHAPv2.

Finally, input a Username and Password that's setup in the authentication server or backend database.

When you're done, click Connect. Give it a couple of seconds to complete the 802.1X process and it should successfully connect up to the network. If not, double-check the settings and check the debug or logs on the authentication server.

Stay tuned--in the next part, we'll see how to manually configure the 802.1X supplicants.

Eric Geier is the Founder and CEO of NoWiresSecurity, which offers an outsourced RADIUS/802.1X authentication service to help small and medium sized organizations easily protect their Wi-Fi with enterprise-level encryption. He is also the author of many networking and computing books for brands like For Dummies and Cisco Press.

Most Popular LinuxPlanet Stories