Info-beamer OS and eduroam

Hello,

We are currently trying to run the info-beamer OS on Raspberry PI Zeros in eduroam.
We have a working wpa.conf for eduroam however, it seems to have issues with connecting to eduroam on the info-beamer OS.
The API Packet shows me the following result:

I’d be glad to have any kind of help with this issue.

Doesn’t eduroam require some certificate to set up/verify a connection? Is that referenced from the wpa.conf? If not, place that file into the /config directory on the SD card. You can then reference it as /config/ from within the wpa.conf file.

Its in the info-beamer OS

Might make sense to explicitly copy the required cert to the /config directory and then reference it from wpa.conf using a ca_cert="/config/xxxx" line? I’m really no expert in all the details of using wpa_supplicant outside of the bare preshared key methods. I found this regarding wpa_suppliant in combination with eduroam: LRZ: eduroam unter Linux (wpa_supplicant).

Good Day to you all,

I tried that today, but this sadly it didn’t solve the issue.
I also talked with the network administrator of the university.
He sees no error in the configuration, but from the behavior he sees for the device on the Radius server: It apparently looks like the wpa_supplicant package is broken, because it uses the outer identity when it should use the inner identity. He encountered that error with some Samsung smart boards.

Maybe a test .iso with another/fixed wpa_supplicant package?

I don’t really know what inner vs outer identify is and if that’s something that was an issue with wpa_supplicant itself rather than a configuration error. I found this wiki: wpa supplicant › WLAN › Wiki › ubuntuusers.de. Does this help?

network={
  ssid="Netzwerkname" 
  key_mgmt=IEEE8021X
  eap=TTLS                                       #Verschlüsselung während der Authentifizierung
  anonymous_identity="anonymous"                 #Äussere Identität
  identity="Benutzer@Authentifizierungs-Server"  #Innere Identität
  password="Passwort"                            #Passwort
  phase2="auth=PAP"
  #ca_cert="PFAD_ZUM_STAMMZERTIZIKAT/ZERTIFIKAT" #optionale Angabe des zu verwendenden Stammzertifikats
}

Hello, currently, I’m using this:

 network={
   ssid="eduroam"
   proto=RSN
   key_mgmt=WPA-EAP
   ca_cert="/config/T-TeleSec_GlobalRoot_Class_2.pem" 
   eap=PEAP
   identity="account@university.tld"
   domain_suffix_match="university.tld" 
   subject_match="eduroam.university.tld"
   anonymous_identity="eduroam@university.tld" 
   password="something"
   phase1="peaplabel=0"
   phase2="auth=MSCHAPV2"
}

TTLS is not really recommended, but it usually works too, except in this case it didn’t.
I’m not quite sure about the: IEEE8021X I’m no network expert, but if it works I’ll ask our network administrator about it.
However, your example wpa configuration also includes the: anonymous_identity and the regular identity.
Which probably will lead to the same problem: that the anonymous_identity is used in places where the regular identity should be used (radius server). But I can test it next time I’m in range of eduroam.

Thanks for all your help

Nope dosen’t work, sorry, we are trying something else now as a temporary Workaround.
However, it’s probably a good idea fixing the eduroam issues since it’s not just one university.