Results 1 to 6 of 6

Thread: Does wicked support WPA-EAP-TLS configurations?

  1. #1

    Default Does wicked support WPA-EAP-TLS configurations?

    I have a corporate environment that I'm trying to connect to wirelessly. I set up everything in YaST lan using wicked, choosing "WPA-EAP" for my authentication type, then for "EAP Mode" I have "TLS" selected. I then point to the client/server certificates, the client key, save and I have no wireless connection.

    Checking in the syslog, wicked spits out:

    Code:
    wicked[890]: ifcfg-wlan0: no WIRELESS_WPA_PASSWORD value specified
    and that's about it. The option in YaST to enter a password is grayed out, and it's my assumption that passwords are not need using these certificates. I started looking around and saw this bug:https://github.com/openSUSE/wicked/issues/69

    which seems like what I would want for this to work.


    If this is not supported, the idea is kind of dead in the water. If it is, I have some questions about installing certificates as well if anyone can help. Thanks!

  2. #2
    Join Date
    Sep 2012
    Posts
    5,968

    Default Re: Does wicked support WPA-EAP-TLS configurations?

    What's wrong with using NetworkManager?

  3. #3

    Default Re: Does wicked support WPA-EAP-TLS configurations?

    Quote Originally Posted by arvidjaar View Post
    What's wrong with using NetworkManager?
    Nothing, but I'm asking about Wicked specifically since that's what's currently part of a production OS. Does that mean Wicked does not support 802.1x?

  4. #4
    Join Date
    Sep 2012
    Posts
    5,968

    Default Re: Does wicked support WPA-EAP-TLS configurations?

    Quote Originally Posted by Pickle View Post
    Nothing, but I'm asking about Wicked specifically since that's what's currently part of a production OS.
    What is production OS? NetworkManager is officially supported network management tool and is just as legitimate part of production OS as wicked. You have a task to complete - connect to you work environment - and it is logical to take tool that does the job.
    Does that mean Wicked does not support 802.1x?
    802.1x is not relevant because it is wired authentication, not wireles. But it is true, wicked does not really implement EAP-TLS, it even says it in manual page. The fact that YaST offers authentication method that does not works can be considered a bug.

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,862
    Blog Entries
    2

    Default Re: Does wicked support WPA-EAP-TLS configurations?

    802.1x (not to be confused with 802.11) is almost always implemented as an enterprise capable wireless authentication method, often referred to as a "portless firewall." Although technically its pieces might be implemented over a wired only (802.3) network, I've not seen it. The reason why this is a "portless firewall" and different than more common WPA authentication is that 802.1x requires authentication before an IP address is issued, thought to be more secure than conventional connections which are issued a working IP address before authentication either denies or approves access.

    Answering the original question...
    No, Wicked does not support 802.1x.
    You either need to use Network Manager, an alternative wireless connection manager or proprietary software typically from the vendor of the access point.

    TSU

    Addition DR:TMI
    I notieced awhile back EAP in Wicked as well and didn't follow up on that.
    The problem is that wicked only supports "simple" network connections and maybe EAP is a newly supported protocol to use for simple connections.
    Problem for Wicked is that it's not just the initial authentication protocol, 802.1x is a somewheat complex, multi-step process where you first authenticate through the AP to a remote credentials database or authenticator of some sort (eg RADIUS or LDAP or AD), before a separate step to set up the actual wireless session. Am skipping over many details, but the setup and process can be complex and fairly long.
    And, Wicked today just doesn't support these different steps.
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6

    Default Re: Does wicked support WPA-EAP-TLS configurations?

    Thank you guys for the information. I really appreciate it.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •