Linux: Connecting to Wireless Internet on 'restricted.utexas.edu'

Depending on the Linux distribution you use, you can connect to the restricted.utexas.edu wireless network in one of three ways: through the native Network Manager, WICD, or the wpa_supplicant software.

Caution: Follow these instructions carefully. Using this wireless network when your computer is not properly configured can expose your personal data. In particular, you could be vulnerable to connecting to a fake access point, exposing your personal data. This is called a “man-in-the-middle” attack. Your computer will be properly configured if you follow our instructions.


Ubuntu: Connecting to 'restricted.utexas.edu' using Network manager

This procedure connects Ubuntu computers to the restricted.utexas.edu wireless network using the Network Manager.

Configuration: Network Manager

Time to complete the procedure: 10 minutes

  1. Download the certificate file. You can obtain this file from the guest.utexas.edu wireless network if necessary.
  2. Click the Network Manager icon and select the restricted.utexas.edu wireless network.
  3. Select the following options in the Wireless Network Key Required dialog box.
    • Wireless Security: WPA2 Enterprise [recommended] or WPA Enterprise.
    • EAP Method: TTLS
    • Key Type: AES [recommended for WPA2] or TKIP
    • Password: [Your UT EID password]
    • CA Certificate File: cacerts.pem

    Keep the default settings for the other fields in the dialog box.

    Note: The WPA2 security protocol is recommended for campus wireless network users; however, the network also supports WPA. Select the AES encryption type for WPA2 and the TKIP type for WPA.
  4. Click the Connect button to complete the configuration and connect to the restricted.utexas.edu network.

Ubuntu: Connecting to 'restricted.utexas.edu' using WICD

Configuration: wicd

Time to complete the procedure: 10 minutes

  1. Download the certificate file. You can obtain this file from the guest.utexas.edu wireless network if necessary.
  2. Make sure you have the WICD client installed.
  3. Run wicd-client -n and select the restricted.utexas.edu wireless network.
  4. Select the following options under the Use Encryption check box.
    • PEAP with TKIP/MSCHAPV2 in the drop-down
    • Identity: [Your UT EID]
    • Password: [Your UT EID password]
    • Path to CA Cert: /path/to/cacerts.pem
  5. Click the OK button to complete the configuration and connect to the restricted.utexas.edu network.

Connecting to 'restricted.utexas.edu' with wpa_supplicant software

This procedure connects Linux computers to the restricted.utexas.edu wireless network using the wpa_supplicant software. You will use your UT EID and password to log in.

Configuration: wpa_supplicant using TTLS

Time to complete the procedure: 30 minutes

IMPORTANT:

Installing the Wireless Certificate

  1. Make a new certificate directory for the certificate file using the following commands:
    mkdir /etc/wpa
    mkdir /etc/wpa/certs
  2. Download the certificate file into /etc/wpa/certs

Installing wpa_supplicant

  1. Download the wpa_supplicant. The latest version as of August 1, 2006, is wpa_supplicant-0.4.9.tar.gz. When you are prompted, select Save to disk.

    Note: More information is available at Linux WPA/WPA2/IEEE 802.1X Supplicant pages.
    Note: This was tested under Linux kernel 2.4.31 with gcc 3.3.6 and openssl 0.9.7g.
  2. Extract the files and create the directory wpa_supplicant-0.4.9 using the following command:
    tar -xvzf wpa_supplicant-0.4.9.tar.gz
    
  3. Move to the new wpa_supplicant-0.4.9 directory:
    cd wpa_supplicant-0.4.9  
    
  4. Copy the default configuration file, defconfig, to a new file, .config. This way you can edit the .config file without changing the default file.
    cp defconfig .config
  5. Open the .config file with your favorite editor. For example, if you use VI, enter:
    vi .config
  6. In the .config file, uncomment the lines for the Ethernet card driver you are using. You can uncomment the lines by removing the # sign from the beginning of the line.

    If include or library files are needed for your Ethernet card driver, uncomment the lines that adds those files. For example, if you use the madwifi driver, you would change the .config file as follows:

    #CONFIG_DRIVER_MADWIFI=y
    # Change include directories to match with the local setup
    #CFLAGS += -I../madwifi/wpa 
    
    to
    
    CONFIG_DRIVER_MADWIFI=y
    # Change include directories to match with the local setup
    CFLAGS += -I../madwifi-0.9.1

    If your Ethernet card driver specifies a directory, be sure to change the directory path appropriately.

  7. Read through the .config file and make any other changes that are needed for your Ethernet card driver.
  8. Save the .config file and exit the text editor.
  9. To compile the .config file, run the following command:
    make

    You should see system information scroll by while the .config file is compiling.

  10. To copy the binary files to /usr/local/bin and install the supplicant, run the following command:
    make install

Configuring wpa_supplicant

  1. Locate the following or create a new directory:
    mkdir /etc/wpa
  2. Move to the directory you just created:
    cd wpa
  3. Open a new file, config, with your favorite editor. For example, if you use VI, enter:
    vi config
  4. Enter the following text in the new config file:
    fast_reauth=0
    
    network={
    	ssid="restricted.utexas.edu"
    	key_mgmt=WPA-EAP
    	eap=TTLS
    	ca_cert="/etc/wpa/certs/cacerts.pem"
     subject_match="CN=restricted.utexas.edu"
    	anonymous_identity="anonymous"
    	identity="myuteid"	
    	password="mypassword"
    	phase2="auth=MSCHAPV2"
    }  
    Note 1: You are turning off fast_reauth with the line fast_reauth=0 because this feature of wpa_supplicant does not work properly in this environment.

    Note 2: Some Linux distributions, such as Fedora, ask for this information in a dialog box. Use the same information as you would enter in the config file. For the data encryption type, enter "TKIP."

Running wpa_supplicant

  1. Run wpa_supplicant using the following parameters:
    /usr/local/sbin/wpa_supplicant -Bw -D<drivername> 
    -i<interfacename> -c<configfile> For example, if you use madwifi, enter: /usr/local/sbin/wpa_supplicant -Bw -Dmadwifi -iath0 -c/etc/wpa/config

    Note: When you run the supplicant, it may need to try several times before it connects.

If you want the supplicant to start up automatically when you boot your machine, you can put the parameters listed above in a startup file (for example, in /etc/rc.d/rc.wireless).