Connecting to eduroam via the Linux Command Line

1. Introduction

These instructions were originally made for eduroam on Ubuntu Linux, however Ubuntu released a graphical client which performed the entire page of instructions in 2 clicks of a mouse. The original instructions are hence provided as a starting point for experienced Linux users to attempt to get eduroam working on a Linux distribution for which there are no eduroam instructions currently provided. If you are a Ubuntu user, please use the graphical client instead.

We don't have the resources to create a working solution for every Linux distribution and each version of each distribution, so if you are successful, please feel free to submit the steps you used, any screenshots if using a graphical client and details of your exact distribtion to wireless@oucs.ox.ac.uk and we'll format your instructions and add them to the existing ones.

2. Linux Eduroam Command Line Instructions

This is the raw configuration required for `wpa_supplicant`, known to work under Ubuntu 6.06 LTS (a.k.a. Dapper Drake), using an Atheros chipset wireless card (the instructions were created with the `madwifi` linux driver with a Cisco Aironet PCMCIA).

Under Ubuntu the network interface configuration is stored in the file /etc/network/interfaces but this may of course be different for other Linux distributions. This is what the file must contain:

# the interface name may be different if you're not using an Atheros chipset card
# for example with the Wireless Extensions, you would use
# iface ethN inet dhcp
#     wpa-driver wext
# bring the interface up automatically. remove this line to disable that.
auto ath0
# this must use DHCP for the OUCS-based Eduroam service
iface ath0 inet dhcp
    # change this next line as appropriate (see above comment)
    wpa-driver madwifi
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Under Ubuntu, the way this works is that the appearance of an option in `/etc/network/interfaces` that has the prefix `wpa-` triggers the execution of the script at /etc/wpa_supplicant/ifupdown.sh, and it is this script that makes everything else work -- the locking of the SSID, configuring of the card, and so on. The main system network scripts then sort out the DHCP lease, and so on.

In this setup, the `/etc/wpa_supplicant/wpa_supplicant.conf` file used with the OUCS Eduroam service contained the following:

network={
    ssid="eduroam"
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=TTLS
    anonymous_identity="anonymous@ox.ac.uk"
    # adjust the following CA line as required to match your filename
    ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
    phase2="auth=MD5"
    # in the following line, replace <username> with your University Remote Access account username, without angle brackets
    # Remote access account is described at http://www.oucs.ox.ac.uk/network/remote/ 
    # (not your SSO). Append @OX.AC.UK after your username so
    # that eduroam knowns the authentication home site
    identity="<username>@ox.ac.uk"
    # in the following line, replace <password> with your University Remote Access account password, without angle brackets
    password="<password>"
}

If you don't have the AddTrust External Root certificate installed, you may download it from support.comodo.com reference that instead.

Now all that is needed is to restart your system's network services. Remember to unplug your wired network cable if you want to get right on and test it

$ sudo invoke-rc.d networking restart

Following that, your wireless interface should be up and running. Check that you have a DHCP lease, at least:

sudo ifconfig

ath0    ...etc...
        inet addr:172.17.92.200 Bcast:172.17.92.255 Mask:255.255.255.0
...etc...
sudo iwconfig
ath0    IEEE 802.11g  ESSID="eduroam"
...etc...

 

Written by IT Services. Latest revision 27 April 2017