Connecting Raspberry PI to Eduroam using WPA Supplicant

Connecting Raspberry PI to Eduroam using WPA Supplicant

I recently got a command line version of Rapsbian 8 (Jessie) installed on my new Raspberry PI 3 by a friend. For development purposes, I wanted to connect it to my universities wifi. The university uses (as many nowadays do) the eduroam infrastructure. It was my first time to connect to a wifi via command line and it was a struggling experience in the first place. In the end it turned out to be very easy, once you know the correct configuration, the correct commands, their purpose and the specific places to look at.

Many Parts for One Process

Connecting to a wifi via command line in Raspbian follows basically the following steps (assuming you do not use network mager). Your network interface wlan0 starts (via ifup wlan0) and checks in the interfaces file (default: /etc/network/interfaces) for what type of connection configuration it should use (manual, static, dhcp) and if it should use a config or roaming config (default: /etc/wpa_supplicant/wpa_supplicant.conf).

Before your network interface can retrieve an ip address, it requires a valid authentication to the endpoint. Therefore, you need to configure your wpa_supplicant.conf file because this file stores your user login credentials and your authentication method. You usually receive them from your institution when you apply for using their infrastructure. When your network interface (wlan0) starts, it will use these configurations to create the “handshake” with the endpoint.

The following manual guides you step by step towards a working wifi connection with your eduroam network. Of course there are many other configurations available but this guide will only back those, required to establish a connection.

 

Step 1 – Preparations

At very first switch to root user. From now on, you don’t need to sudo every command. On my Raspbian I can use the following:

 $ sudo -i 

Usually this is not working on a regular Debian system. There, you would have to use su to switch to root.

Then backup the files to be modified. Since you are root user, there is no mechanism preventing you from messing up your config. You better be doing it.

$ mv /etc/network/interfaces /etc/network/interfaces.bak
$ mv /etc/wpa_supplicant/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant.conf.bak

Now lets shut down your interface wlan0 because it may have already been started automatically at systemstart. Also shutdown your ethernet interface eth0, because you use wifi only.

$ ifdown wlan0
$ ifdown eth0

If you have trouble shutting down, use (the) force.

$ ifdown --force wlan0
$ ifdown --force eth0

Check, if there are any processes running which are associated with wpa_supplicant.

$ ps aux | grep wpa_supplicant

If there are any entries besides the grep statement, you may run killall.

$ killall wpa_supplicant

Now you are prepared to edit your configuration files.

 

Step 2 – Interfaces

Now you configure the interface wlan0 in the interfaces file:

$ nano /etc/network/interfaces

This file contains startup configuration for all your network interfaces. The content of the file may differ from version to version, which is why I only show you the relevant entries to change. Leave the other entries (auto lo, eth0, wlan1 etc.) as they are.

iface wlan0 net manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default init dhcp

You basically tell your wlan0, that it should use a manual config on startup. If you want to know, why it is spa-roam instead of wpa-conf, you may read it up in the ubuntu users wiki. Save and close with nano. If you don’t know how to do that, check on the nano documentation or here.

 

Step 3 – Authentication using WPA Supplicant

Now open your wpa_supplicant.conf.

$ nano /etc/wpa_supplicant/wpa_supplicant.conf

Put your eduroam credentials into this file, like the following:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=netdev
network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=PEAP
phase2="auth=MSCHAPV2"
identity="yourUsername@yourInstitution"
anonymous_identity="anonymous@yourInstitution"
password="yourPassword"
}

You can use wget or curl to download the template from: http://jankuester.com/wp-content/uploads/wpa_supplicant.template.txt

Note that WPA2/PEAP/MSCHAPV2 connection does not use a pre shared key (PSK) and you have to enter your password in plain text. So do not forget to chmod your file after edit.

$ chmod 600 /etc/wpa_supplicant/wpa_supplicant.conf

Now you should be able test your authentication procedure with the wpa_supplicant command.

$ wpa_supplicant -i wlan0 -D weit -c /etc/wpa_supplicant/wpa_supplicant.conf

It’s output will indicate, wether the authentication succeeded or not. A succeeding authentication is easily identified, since it will contain “authentication succeeded”. If you read these words you may hit ctrl+c and continue to the next step. If you read something such as “authentication failure” you may check your wpa_supplicant.conf your typos. Note that some entries have quotation marks around their values and others don’t. Also check for the cases of the letters. An entry of “auth=MSCHAPv2” using a lowercase v for Version may be parsed as unknown auth method. There are other tricky errors, which may not clearly indicate their cause. These may include “invalid argument” or “device busy”. It is then good to check, wether there are still wpa_supplicant processes running and kill them. Also check, that wlan0 has been shut down and use –force if necessary.

 

Step 4 – Finally Connecting

Once your authentication has succeeded you may finally start up your wlan0 interface with your valid auth configuration.

$ ifup wlan0

If no errors occurred, you may check your access point via iwconfig.

$ ifconfig wlan0

If the output writes next to access point an entry different from “unknown access point”, usually a chain of hex values, you may have the chance of a connection. You can now check your ip address via ifconfig.

$ ifconfig wlan0

Your inet address entry should now have the typical range of your institution. Time to start a ping.

$ ping -c 3 www.debian.org

If you received packages then you have successfully connected to your wifi. For further and more detailed configuration you may look here. If you liked the guide, have questions left, found wrong or confusing information or just want to help to improve – just leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *