Thursday, December 5, 2019

connecting to wifi in a self created certificate enterprise environment

Basically, my office environment needs me to connect with a self signed certificate for our wifi, and in GNU/Linux, this was a lot harder than I expected.

In short, you can't use the default/easy to use nmcli. But you have to set your username/password directly in the wpa_supplicant conf, and just connect directly with the wpa_supplicant program.


This is what works

you can get the list of SSIDs available by

nmcli device wifi list


# 1 make this file
################################################################################
# /etc/wpa_supplicant.conf
network={
ssid="XXX"
key_mgmt=WPA-EAP
identity="your_username"
password="your_password"
}

################################################################################

# enable wpa_supplicant (connect to wifi)
wpa_supplicant -Dnl80211 -iwlx00018e8e09f2 -c /etc/wpa_supplicant.conf


#then you have to do dhclient to get an IP
sudo dhclient wlx00018e8e09f2


This is what I also needed to do for my crappy wifi usb card


ended up creating a script to enable my crappy usb wifi
################################################################################
modprobe rt2800usb


echo "0789 0168" > /sys/bus/usb/drivers/rt2800usb/new_id

# wpa_supplicant -B -Dnl80211 -iwlx00018e8e09f2 -c /etc/wpa_supplicant.conf &
wpa_supplicant -Dnl80211 -iwlx00018e8e09f2 -c /etc/wpa_supplicant.conf &

sleep 3
echo killing initial wpa_supplicant
killall wpa_supplicant

sleep 3
echo starting final wpa_supplicant

Some of the things I tried and didn't work


nmcli doesn't work as it NEEDS to do cacert validation, apparently that
can't be disabled on the program...

this also didn't work 
dconf write /org/gnome-nm-applet/eap/70b2f88f-1c43-45e0-acd5-276f66bd0b98/ignore-phase2-ca-cert false

dconf write /org/gnome-nm-applet/eap/70b2f88f-1c43-45e0-acd5-276f66bd0b98/ignore-ca-cert true

this works for non enterprise wifi devices I guess
nmcli device wifi connect XXX username XXX password XXX
Posted by rikijpn at 6:56 PM 0 comments
Labels: , , , , ,

cross cable connection

How to connect two GNU/Linux computers with a cross cable


on box1
sudo ifconfig enp1s0 192.168.0.1 netmask 255.255.255.0 up


on box2
sudo ifconfig enp1s0 192.168.0.2 netmask 255.255.255.0 up
here I'm using enp1s0 as my eth0 interface name, it might just be eth0 on yours. You can check with whatever you get as LAN by the "ip a show" command

This is the cable I got, but any cross cable should do


Posted by rikijpn at 6:38 PM 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)