Differences

This shows you the differences between two versions of the page.

--- wiki:eduroam [2024/08/25 20:49] – [Example configurations] admin
+++ wiki:eduroam [2024/08/25 20:51] (current) – [Example configurations] admin
@@ Line 26: / Line 26: @@
 === IWD ===
   * [[https://wiki.archlinux.org/title/iwd#eduroam|IWD on Arch Linux]]
+As described above, the eduroam certificates should first be downloaded and placed in an accessible location. Then the three certificates must be combined together like so (the order is important):
+cat 'usertrustrsaca [jdk].cer' 'digicertglobalrootca [jdk].cer' 'comodoaaaca [jdk].cer' > eduroam.pem
+Then create the following file, replacing YourDirectoryID and YourHash (the correct filename is crucial):
+/var/lib/iwd/eduroam.8021x:
+[Security]
+EAP-Method=PEAP
+EAP-Identity=anonymous@umd.edu
+EAP-PEAP-CACert=/var/lib/iwd/eduroam.pem
+EAP-PEAP-ServerDomainMask=wireless.umd.edu
+EAP-PEAP-Phase2-Method=MSCHAPV2
+EAP-PEAP-Phase2-Identity=YourDirectoryID@umd.edu
+EAP-PEAP-Phase2-Password-Hash=YourHash
+In this example, the config expects the combined certificate to be at /var/lib/iwd/eduroam.pem.
+[[https://wiki.archlinux.org/title/Iwd#EAP-PEAP|The arch wiki]] describes how YourHash may be generated. A password hash is used instead of the plaintext password for security. File permissions for the certificate and config file should also be made as restrictive as possible, e.g., owned by root with mode 600.
+=== WPA Supplicant ===
+  * [[https://www.freebsd.org/cgi/man.cgi?query=wpa_supplicant.conf#EXAMPLES|WPA Supplicant on FreeBSD]]
+===== Official UMD references =====
+  * [[https://itsupport.umd.edu/itsup[[https://ask.eng.umd.edu/page.php?id=105787|https://ask.eng.umd.edu/page.php?id=105787]]port?id=kb_article_view&sysparm_article=KB0016964|UMD IT article]]
+  * UMD Engineering article