Eduroam support in Network Manager
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
network-manager (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: network-manager
Eduroam is wide-european academic wireless network used by students and researchers. The idea of a network is quite simple - student or researcher register himself by his/her dometic organization. When user goes to some other academic institution, which is part of Eduroam network, he can register (authenticate) himself with his username and password and gets the access to the internet (this is done trough LDAP servers). I am from Slovenia and almost all bigger faculties are now part of Eduroam network, and network "roaming" works very well. Some of my friends also ent abroad (for instance in Sweden), and were able to use Eduroam network there with no problem. Eduroam network is being developed, but the goal is to be accessible to all european students and researchers. So Eduroam support is quite important by my opinion.
Basically all tools someone needs are already included in Ubuntu (i. e. wpa supplicant). User needs username and password and certificate of his domestic organisation. Unfortunately some organisations know only Windows operating system and gave users certificates in .cer form, while WPA supplicant needs certificate in .pem form. But this is no big problem, since one form of certificate can easily be transformed into other.
However, Eduroam uses WPA2, but in Ubuntu is not working, because it uses WPA2 with LDAP support and some other modifications.
My proposal is to add new feature of Network Manager. Network Manager:
- should be able to configure Eduroam support. It can be done even automatically, since Eduroam has his own unique SSID "eduroam".
- support diferent profiles (for different users on the same machine). The problem here is that there should be mechanisms to hide someone password from other users (profiles). This can be done with some form of encryption (like Firefox's password manager) - user would be able to protect his profile with his own password. The other option is to give the usser possibility not to save his password to his profile.
- automatically support for conversion of .cer to .pem certificates (by running a command "openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem"
Basically configuration file looks like that:
ctrl_interface=
ctrl_interface_
eapol_version=1
ap_scan=1
network={
ssid="eduroam"
proto=WPA WPA2
key_
group=CCMP TKIP
eap=TTLS
<email address hidden>"
ca_
phase2=
<email address hidden>"
password=
}
Network Manager should be able to prompt user for:
- <email address hidden>" (needs to enter just "organisation.edu")
- ca_cert=
- <email address hidden>" (need to enter "<email address hidden>")
- password="PASSWORD" (unfortunately password is in plaintext, but this file is accesible only through root privileges)
In order to connect user, Network Manager should run this two commands:
sudo wpa_supplicant -B -i wlan0 -c /path/to/
sudo dhclient wlan0
So in configuration there should also be information about the wireless interface (eth1, wlan0,...) and WPA supplicant driver ("-D wext" - wext is the most commond, or some else - they are listed in man wpa_supplicant).
This feature will enable students and researchers accross the Europe to use Eduroam easily with Ubuntu.
Changed in network-manager: | |
status: | New → Fix Released |
This should work fine since Network-Manager 0.6.5 has support for phase 2 authentication. You can test it easily with Gutsy Tribe 5 Desktop CD.