shortcut to content

Minnesota State University, Mankato

Minnesota State University, Mankato

Connecting to MavNET with Linux

Page address: http://www.mnsu.edu/its/mavnet/linux.html

This is not an officially supported document or configuration. Please send suggestions for improvement to ricardo.muggli@mnsu.edu

Introduction

This document is written with Debian GNU/Linux Squeeze in mind, though it should be adaptable for other distributions. Any command that starts with apt is Debian specific. All of these instructions assume you are working with root privileges and that you already have a wireless card installed and working. Your mileage may vary.

Step 1: Installing WPA Supplicant

In order to connect to MavNet-Encrypted you'll need to have WPA Supplicant installed.

# su
# apt-get install wpasupplicant

Step 2: Edit /etc/network/interfaces

In order for your wireless card to actually use WPA Supplicant you need to edit /etc/network/interfaces with your favorite text editor. In the example we'll use nano:

# nano /etc/network/interfaces

You'll need to add an entry under the line for your wireless card. In this example we'll assume your network interface is wlan0. The line you add needs to contain the path to your wpa_supplicant.conf file. This file may not exist yet, that's okay as long as the folder /etc/wpa_supplicant does exist. Be sure that there is only one wlan0 defined in the file. The edited entry should something look like this:

iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Step 3: Editing /etc/wpa_supplicant/wpa_supplicant.conf

You'll need to edit or create /etc/wpa_supplicant/wpa_supplicant.conf so WPA Supplicant can connect to the correct networks. In our example we'll use nano to do the editing.

# touch /etc/wpa_supplicant/wpa_supplicant.conf
# chmod 700
/etc/wpa_supplicant/wpa_supplicant.conf
# chown root.root
/etc/wpa_supplicant/wpa_supplicant.conf
# nano /etc/wpa_supplicant/wpa_supplicant.conf

Just paste in the following section. If the file already contains some text you can probably delete the text, back up the file, or just comment out everything by adding a '#' to the beginning of the line. Don't forget to change 'your_username' and 'your_password' to the username and password you use to check MavMail.

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=dialout #you may need to change dialout

#network={           #this block lets you connect to any open
# ssid=""            #network if the defined networks aren't present
# key_mgmt=NONE      #wpa_supplicant works from the bottom up
#}                   #so this will be the last resort network, if uncommented.

network={            #this block looks for MavNet-Encrypted
   ssid="MavNet-Encrypted"
   scan_ssid=1
   key_mgmt=WPA-EAP
   eap=PEAP
   ca_cert="/etc/ssl/certs/ValiCert_Class_2_VA.pem"
   subject_match="/O=acs.mnsu.edu/OU=Domain Control Validated/CN=acs.mnsu.edu"
   identity="your_username" #change this
   password="your_password" #change this
}

Step 4: Connecting to MavNet-Encrypted

First bring down your wireless interface:

# ifdown wlan0

Then bring it back up:

# ifup wlan0

Step 5: Checking the Connection

Assuming you didn't get any errors in the previous steps, your wireless card should be working. To check it do:

# wpa_cli status

It should give you some output similar to this:

Selected interface 'wlan0'
bssid=00:11:29:55:c6:a9
ssid=MavNet-Encrypted
id=1
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=COMPLETED
ip_address=134.29.81.222
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=25 (EAP-PEAP)
EAP TLS cipher=AES256-SHA
EAP-PEAPv1 Phase2 method=MSCHAPV2

Then you're probably all set. Try opening your web browser and see if it works; if it doesn't see the next section.

Notes

These instructions were written using Debian GNU/Linux, your mileage may vary, configs may move around, but the example wpa_supplicant.conf 'should' be correct but may be in a different place on your system. If you're having problems getting your connection to work these three commands could be helpful:

# man wpa_supplicant
# man wpa_supplicant.conf
# man wpa_cli

They are your new friends; become acquainted with them.

While debugging you may have to kill rouge wpa_supplicant processes and delete files from /var/run/ and /var/run/wpa_supplicant/ that contain your interface in the filename before trying it again.

Good luck.