Connecting to University of Cincinnati's Securewireless with netctl
If you’ve set-up an Arch Linux installation, and you’ve used wifi-menu
then
you’ve used netctl before and didn’t even know it. netctl
is
… a CLI-based tool used to configure and manage network connections via profiles. It is a native Arch Linux project for network configuration.
I used to think that the wifi-menu
dialouge was a cute little installer helper
program, but I learned later, that it can be used to automatically generate
profiles in /etc/netctl
that you can subsequently use to reconnect to network
later with
# netctl start INTERFACE-SSID
… where INTERFACE is the name of your wireless interface device (see below) and SSID is the “name” of the network.
I was a little disappointed (but not too shocked) when wifi-menu
failed to
connect to the University of Cincinnati’s Securewireless
network. This short
guide will discuss the steps needed to connect to Securewireless
using
netctl
, and discuss why these extra steps are needed.
Connect to Securewireless — tl;dr
Create and edit the file /etc/netctl/INTERFACE-Securewireless
as root (using
sudo
). Note that INTERFACE should be the name of your wireless interface.
Use ip link
to find out what it is. While the interface prefix is not
mandatory, it does help you stay organized, wifi-menu
adds it by default, and
you’ll need it below.
Connection='wireless'
Interface=INTERFACE
Security='wpa-configsection'
Description="UC eduroam-like network"
IP='dhcp'
TimeoutWPA=30
WPAConfigSection=(
'ssid="Securewireless"'
'key_mgmt=WPA-EAP'
'identity="UC_USER_NAME"'
'password="UC_CENTRAL_LOGIN_PASSWORD"'
)
Where INTERFACE
is your wireless interface as described above,
UC_USER_NAME
is your 6+2 user name without the domain suffix (e.g. smithbb1
not smithbb1@mail.uc.edu), and UC_CENTRAL_LOGIN_PASSWORD
is the central
login password that you use for all of your UC services. (Leave in the quotes
around the actual username and password.)
Details
The magic is in the wpa-configsection
/WPAConfigSection
. This allows you to
step outside of simple WEP/WPA/WPA2 shared passphrase paradigm and set the
security stack exactly how you need as if you were setting up wpa_supplicant
by hand. There’s a lot you can do here, like connect to an eduroam
network or use another pre-agreed upon security certificate, but UC’s setup is
pretty simple. If you need to see all of the settings you can put in the
WPAConfigSection, see the manual page for wpa_supplicant
or look at a sample
wpa_supplicant.conf.
University of Cincinnati uses WPA Enterprise much like other universities.
According to UC’s IT Handbook (last page)(pdf), Securewireless
uses:
- WPA2 Enterprise Security
- Protected Extensible Authentication Protocol (PEAP)
- No enterprise security certificate
Through trial and error, I found the simplest WPAConfigSection
needed to
successfully connect. ssid
is set to Securewireless
, the name of UC’s
network. key_mgmt=WPA-EAP
tells the WPA supplicant to use and identity
and
password
through (Protected) Extensible Authentication Protocol to connect to
the network.
I hope that this either helps you connect to Securewireless
at UC or points
you in the right direction for creating a profile to connect to your WPA
Enterprise network at your school/work.