EDV:EDUROAM

From KIP Wiki
Jump to navigationJump to search

A manual for different operating systems is available from the URZ:

URZ Eduroam (deutsch), URZ Eduroam (english)

Problems while updating eduroam certificates

Windows

If no longer a connection to eduroam can be established you have to update the certificates by installing eduroam again. You can get the installation tool on Configuration Assistant Tool (CAT).

If it's not able to open a connection after updating the certificates, you have to delete the installed ones. The possibility to do this in Windows is opening the certificate manager "certmgr.msc". There you have to search the certificate "T-TeleSec GlobalRoot Class 2" and remove all that are not valid till 2033. And then also search for certificates from "DFN-Verein Global Issuing CA" and remove all which are not valid till 2031.

Linux

For the installation on Linux you first download the installation script of the Universität Heidelberg from Configuration Assistant Tool (CAT) (it's a python script called "eduroam-linux-Universitat_Heidelberg-Standard_ab_2019.py"). After that remove the old profile by opening the configuration form of eduroam on the "NetworkManager" and clicking "forget connection". Then run the script with python.

-> Information page of URZ: auf deutsch, in english

eduroam über wpa_supplicant (Linux)

Hierzu gibt es eine Konfigurationsdatei:
File:Wpa supplicant.conf.txt

Die Datei sollte dann so aussehen:

# path to UNIX socket control interface
ctrl_interface=/var/run/wpa_supplicant

#eapol_version=1

ap_scan=1

network={
   ssid="eduroam"
   key_mgmt=WPA-EAP
   eap=TTLS
   proto=WPA RSN
   identity="uni-id@uni-heidelberg.de"
   anonymous_identity="anonymous@uni-heidelberg.de"
   ca_cert="/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem"
   phase2="auth=PAP"
   # Hier entweder das Klartext Passwort oder einen Hash davon (mkntpwd)
   password="xxxx" 
}

Abspeichern zum Beispiel unter dem Namen eduroam.conf.

Das ganze kann man dann Starten mit:

wpa_supplicant -B -i wlan0 /etc/wpa_supplicant/eduroam.conf

Falls der Daemon schon läuft dann mit folgendem Befehl beenden:

killall -15 wpa_supplicant