On Thu, 29 Jan 2015 08:40:21 +0000 Darac Marjal <mailingl...@darac.org.uk> wrote:
> On Wed, Jan 28, 2015 at 03:15:46PM -0500, Stephen R Guglielmo wrote: > > Hi guys, > > > > I have a debian laptop running jessie using the iwlwifi driver. I > > can connect to WPA2-PSK networks just fine. However, my campus has a > > wireless network that uses WPA-EAP/PEAP authentication. I have read > > the Debian wiki page[1] on the subject and it claims I need to > > provide a certificate. > > According to wikipedia, EAP encompasses a whole variety of > authentications methods ranging from certificates, to passwords, to > pre-shared keys, even to SIM cards. > Indeed. I have a feeling it's only EAP-TLS that requires a client certificate. > > > > I have an android phone that can connect to the network using my > > user/pass. It does not require any type of certificate. In fact, for > > the 'Certificate' setting, it defaults to "(none)" and that works. > > > > Why is it that I still need a certificate? Is there a way I can get > > it from the wireless network itself? I've searched and my > > university does not provide a certificate anywhere for download. > > Possibly the RADIUS authentication server will accept a number of methods, but the only one it has in common with your laptop is one which requires the certificate. EAP-PEAP was driven by Microsoft, as I recall, but should be available on any platform, but because of that it needs only a user name and password. It's some time since I looked into this, but as I recall, PEAP does download a certificate. EAP-TLS requires a client certificate signed by a certificate on the server, working the same way as the preferred OpenVPN authentication. The whole point of this type of authentication is that the signing certificate is *not* part of a public key infrastructure. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150129182812.406a4...@jresid.jretrading.com
