Hello,
We are currently trying to run the info-beamer OS on Raspberry PI Zeros in eduroam.
We have a working wpa.conf for eduroam however, it seems to have issues with connecting to eduroam on the info-beamer OS.
The API Packet shows me the following result:
I’d be glad to have any kind of help with this issue.
Doesn’t eduroam require some certificate to set up/verify a connection? Is that referenced from the wpa.conf? If not, place that file into the /config directory on the SD card. You can then reference it as /config/ from within the wpa.conf file.
Its in the info-beamer OS
Might make sense to explicitly copy the required cert to the /config
directory and then reference it from wpa.conf using a ca_cert="/config/xxxx"
line? I’m really no expert in all the details of using wpa_supplicant outside of the bare preshared key methods. I found this regarding wpa_suppliant in combination with eduroam: LRZ: eduroam unter Linux (wpa_supplicant).
Good Day to you all,
I tried that today, but this sadly it didn’t solve the issue.
I also talked with the network administrator of the university.
He sees no error in the configuration, but from the behavior he sees for the device on the Radius server: It apparently looks like the wpa_supplicant package is broken, because it uses the outer identity when it should use the inner identity. He encountered that error with some Samsung smart boards.
Maybe a test .iso with another/fixed wpa_supplicant package?
I don’t really know what inner vs outer identify is and if that’s something that was an issue with wpa_supplicant itself rather than a configuration error. I found this wiki: wpa supplicant › WLAN › Wiki › ubuntuusers.de. Does this help?
network={
ssid="Netzwerkname"
key_mgmt=IEEE8021X
eap=TTLS #Verschlüsselung während der Authentifizierung
anonymous_identity="anonymous" #Äussere Identität
identity="Benutzer@Authentifizierungs-Server" #Innere Identität
password="Passwort" #Passwort
phase2="auth=PAP"
#ca_cert="PFAD_ZUM_STAMMZERTIZIKAT/ZERTIFIKAT" #optionale Angabe des zu verwendenden Stammzertifikats
}
Hello, currently, I’m using this:
network={
ssid="eduroam"
proto=RSN
key_mgmt=WPA-EAP
ca_cert="/config/T-TeleSec_GlobalRoot_Class_2.pem"
eap=PEAP
identity="account@university.tld"
domain_suffix_match="university.tld"
subject_match="eduroam.university.tld"
anonymous_identity="eduroam@university.tld"
password="something"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
TTLS is not really recommended, but it usually works too, except in this case it didn’t.
I’m not quite sure about the: IEEE8021X I’m no network expert, but if it works I’ll ask our network administrator about it.
However, your example wpa configuration also includes the: anonymous_identity and the regular identity.
Which probably will lead to the same problem: that the anonymous_identity is used in places where the regular identity should be used (radius server). But I can test it next time I’m in range of eduroam.
Thanks for all your help
Nope dosen’t work, sorry, we are trying something else now as a temporary Workaround.
However, it’s probably a good idea fixing the eduroam issues since it’s not just one university.