Hi,
I’m getting some training in network administration (meaning windows
mostly), and these days we are trying a corporate network Wi-Fi, meaning a
machine with windows server 2008 connected via ethernet to a linksys router
with wifi AP, and another machine running windows 7 as client to the domain.
The server has active directory, radius server, certificate server, network
policy and access services; more or less, we are following this paper:
<http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/>
So… the training is windows mostly (I did not succeed with the above, I’m
a Linux guy; but others in the room did, so we have some working setups).
And today I happened to read a post here where somebody said they managed
to get a similar situation working with a Linux client
<http://forums.opensuse.org/showthread.php?t=469463>, so I decided to
change the Win 7 client with an openSUSE 12.1 client, and I dedicated part
of the afternoon to install it on a spare partition we had left in
preparation (we also intend to play with Asterisk later on).
The Linux install managed to connect instantly to the wifi, when configured
as a plain standard wpa, both using ifup or network manager. But when we
tried the corporate setup, it failed.
NM did see the wifi connection, and it detected the parameters as an
enterprise setup, the same as David described in his post:
Code:
Wireless Security: WPA and WPA2 Enterprise
Authentication: Protected EAP (PEAP) (or mschap something?)
Anonymous Identity: (blank)
Subject: <will be filled in automatically>
CA Certificate: certificado.cer
PEAP Version: Automatic
Inner Authentication: MSCHAPv2
Username: bob
Password: foobar
] Ask for password every time
[x] Show password
First I tried without certificate (you can say “ignore” to the warning),
but no go. Then I tried with certificate, but we weren’t sure how to
extract the certificate from the windows server.
What I see in the messages log and the Netmanager log is that the wifi
“associates”, whatever that means. But after… dunno, 1/2 minute the popup
returns asking to verify the settings and password. Nothing in the log
about this. And in the Windows server we were not capable of finding an
appropriate “event”, which is their type of logs. I did not know about the
wpa_supplicant.log, I’ll look at it tomorrow.
I also do not know if I have to join the Linux machine to the Windows
domain for this to work. I have never done this…
Ideas, anyone?
I can not provide logs nor command output, I’m at home now. Tomorrow
afternoon I’ll go back and can try again, and post any logs needed, but I
would like to have some extra ideas so that I can try again.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)