Using eduroam on Linux installations without NetworkManager
It is possible to use eduroam networks on Linux distributions that do not use NetworkManager to connect to wireless networks.
What is eduroam? #
eduroam is a network of academical institutions over the world that enables wireless internet connection for any student, researcher or educator that studies or works in a member institution.
Typically what you would find is a WiFi SSID of the hosting country (i.e. unitn-x in Università di Trento) and a parallel SSID called eduroam. If properly configured, the network should easily connect automatically.
Typically eduroam networks have:
- type WPA2 Enterprise (AES)
- IEEE 802.11 a/b/g/n 2.4Ghz/5Ghz standard
- Protected EAP (PEAP) authentication system
What is eduroam CAT #
eduroam CAT means Configuration Assistant Tool, and can be downloaded from the eduroam CAT webpage. It is available for MS Windows, Mac OS, Linux, Chrome OS, Android or by getting the raw EAP config.
Configuring eduroam without NM #
Unfortunately, on Linux the automatical config works only for those distros that have NetworkManager, i.e. Debian, Ubuntu, Fedora, etc.
Other distros, such as ArchLinux, do not use NetworkManager as default manager for wireless connection: for example Arch uses netctl
, and this example will be based on that.
- First of all, download the eduroam CAT installer
- Run the Python script by running
python eduroam-linux-nameofinstitution.py
- Follow the instructions. You will be asked your username, then to enter your password twice.
- Once you have inserted the data, the software will tell you that NetworkManager has not been found, so it will save the data as a
wpa_supplicant
config text. Confirm that. - By default, the program will install the config file and the certificate in the
$XDG_CONFIG_HOME
folder. If the environment variable is not set, the$HOME/.config
folder will be used. - Under the config folder, a new
cat_installer
folder will be created. Look into that folder, check whetherca.pem
andcat-installer.conf
are there. - If you are using ArchLinux and netctl, you can copy and paste the section between curly brackets directly in the
WPAConfigSection
of a netctl profile (a text file saved in the/etc/netctl
folder; its filename will be used as profile name, so to start the profile you should issue the following command:sudo netctl start profile_name
). Remember only to wrap each line of theWPAConfigSection
with quotes. See for example:
Description='Profile for the eduroam network'
Interface=wlan0
Connection=wireless
Security=wpa-configsection
ESSID=eduroam
IP=dhcp
WPAConfigSection=(
'ssid="eduroam"'
'key_mgmt=WPA-EAP'
'pairwise=CCMP'
'group=CCMP TKIP'
'eap=PEAP'
'ca_cert="/home/user/.config/cat_installer/ca.pem"'
'identity="user@institution.edu"'
'altsubject_match="DNS:asd1.institution.edu"'
'phase2="auth=MSCHAPV2"'
'password="password"'
)
Remember to check the permissions to the profile, because in this case the password will be saved in a readable format. Refer to the ArchWiki page for more details.
Hope this will be useful for you!