Linux

WLAN configuration

Connecting to KIT and eduroam

The following shows how to connect to KIT. The configuration for the SSID eduroam is done analogously.

Network Manager

Choose the network KIT in the Network Manager [figure 1]. Configure the settings and click on "Connect" [figure 2].

• Wireless security: WPA & WPA Enterprise
• Authentication: Tunneled TLS
• Anonymous identity: anonymous@kit.edu
• Domain: radius-wlan.scc.kit.edu (option is missing in older versions of Network Manager)
• CA certificate: /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
• Inner authentication: PAP
• Username: your KIT account (e.g. ab1234@kit.edu or uxxxx@kit.edu)
• Password: your password

wpa_suppliant

If you want to use wpa_supplicant without a gui, enter in the configuration file:

network={
ssid="KIT"
key_mgmt=WPA-EAP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TTLS
phase2="auth=PAP"
anonymous_identity="anonymous@kit.edu"
identity="ab1234@kit.edu"
password="password"
ca_cert="/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem"
altsubject_match="DNS:radius-wlan.scc.kit.edu"
}

More information on wpa_supplicant can be found in the archlinux wiki.

iwd

If you want to use iwd, you must create a configuration file /var/lib/iwd/KIT.8021x that contains the following. ca_cert is configured for Debian/Ubuntu. For other distributions it may differ. See also the information about the CA certificate at the top of this page.

[Security]
EAP-Method=TTLS
EAP-Identity=anonymous ∂does-not-exist.kit edu
EAP-TTLS-CACert=/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
EAP-TTLS-ServerDomainMask=radius-wlan.scc.kit.edu
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=ab1234 ∂does-not-exist.kit edu
EAP-TTLS-Phase2-Password=password

[Settings]
AutoConnect=true