Dot1X with WPA Enterprise in Linux - not an option?


I used the search + Advanced Search, tool but nothing came up regarding this: if this has already been addressed, would you be so kind to point me in that direction?

I work for a system integrator, and I’m currently investigating the possibility to migrate to a few different Linux distros which I’m testing. We work with enterprise customers with large datacenters based off of both Microsoft and Linux software. We install mainly CISCO hardware, so we cover from layer 1 to layer 7 - networking, routing, collaboration, datacenter and logical & physical security. We seldom program, mainly regarding CISCO apis.
I seem to have reached an impasse which has no solution on Linux though. That is, seamless Dot1x management for wifi. I understood it is possible to join a Linux machine to a domain using PowerBroker cli utility, and I have a feeling that would cause for certificate exchange between the AD/CA and the Linux client, allowing for a much easier Dot1X authentication of WPA-TLS. Still, that wouldn’t be a viable solution when we are working at customers’ sites.

I imagine that the wpa_supplicant.conf file could allow for different SSIDs to be configured in it (I imagine it could, though I cannot find documentation of it and I haven’t tested it), but that would solve half the problem. The Network Manager interface specifically requests for client and server certificates to be installed PRIOR to join the network. This is something that both in IOS and Windows OSes has been resolved some time ago, allowing for clients to exchange insecure certificates with a radius server and still accept authentication.

Looking through all of the LINUX documentation I could find in the last 72 hours, it appears that there is no way AS OF TODAY to have a Linux machine to join 2 different Dot1X enabled wifi networks. Assuming that the wpa_supplicant.conf file could be configured for 2 different SSIDs, you still would need to ask your client to issue specific certificates which you would then need to convert to Linux format. That sounds like at least 1 hour of work that you would lose for this specific task.

Has OpenSuse addressed this issue? If so, how? I’d really love to be able to mainstream Linux instead that MAC/Win for our daily tasks - the fact for instance that Linux has the ability to manage most kinds of VPNs without the need of third-party software is one of the major selling points for us.

Thank you for any and all replies.


Hey everyone, I recently received a username and password to use on our corporate WiFi however I am unable to connect to it from my laptop running Ubuntu Raring 64-bit. I can connect to it using my Android phone since it has an option to specify the inner authentication as none however on Ubuntu it keeps prompting me for my password. What I have tried thus far is a fair amount of searching which eventually led me to this unresolved thread where a few users are having the same problem. I also found another thread that suggested I remove the system-ca-certs=true line from the config file in /etc/NetworkManager/system-connections/ but alas that did not help either. In the aforementioned unresolved thread it says something about manually editing the wpa-supplicant.conf file to get it to connect but I’m not exactly too sure how to go about doing this. If anyone could provide me with some guidance I would be greatly appreciative!

Apart from the fact that to me it looks that this is a different problem from the one this thread is above, it seems to be about Ubuntu and these are the openSUSE forums.

So please, when you have a problem, start a thread of your own in the most fitting sub-forum, with a good title that draws the attention of those you need. And of course when you run Ubuntu, then the best thing is to do so at the Unbuntu forums.

I also found another thread that suggested I remove the system-ca-certs=true line from the config file in /etc/NetworkManager/system-connections/ but alas that did not help either. Plex Kodi Lucky Patcher