The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[JP Ebejer <jean.p.ebejer AT um.edu.mt>]

Dear Robert,

Some updates.  When I try "station wlan0 connect eduroam" I get "Not Configured" error in the iwctl shell.  

If I look into journalctl -u iwd.service, I see:

"Failed to load "/var/lib/iwd/ca.pem".

Note that this certificate is created by the cat tool, and I copied it over to /var/lib/iwd/ (and fixed the eduroam.8021x file accordingly).  How do I determine what is wrong with this and identify a fix?

ps. as a side note this is the generated (untouched and incorrect) supplicant file by the cat tool (but I do not use this file and create a iwd equivalent as described in my first email):

network={
        ssid="eduroam"
        key_mgmt=WPA-EAP
        pairwise=CCMP
        group=CCMP TKIP
        eap=TTLS
        ca_cert="/home/xxx/.cat_installer/ca.pem"
        identity="jean.p.ebejer AT um.edu.mt"
        altsubject_match="DNS:wifiauth.um.edu.mt"
        if Config.eap_outer == 'PEAP' or Config.eap_outer == 'TTLS':
            phase2="auth=PAP"
            password="FAKE"
            if Config.anonymous_identity != '':
                anonymous_identity="anonymous AT s2.um.edu.mt"
        if Config.eap_outer == 'TLS':
            private_key_passwd="FAKE"
            private_key="/home/xxx/.cat_installer/user.p12"
}

There is some Python code in there.

Many thanks

On Sun, 18 Apr 2021 at 18:20, Grätz, Robert <robert.graetz AT charite.de> wrote:

Dear Ebejer,

>When I run the CAT tool, I get a wpa_supplicant file (which has some incorrect syntax in it but this is not a big deal and I clean this manually).

Could you describe the incorrect syntax error, please. Maybe explicit with the generated configuration? Maybe we have to fix this at our installer.

What are the error messages if you run [1].

[iwd]# station <device> connect eduroam

Best regards

Robert

[1]: https://wiki.archlinux.org/index.php/Iwd#Connect_to_a_network

---

Von: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org> im Auftrag von JP Ebejer <jean.p.ebejer AT um.edu.mt>
Gesendet: Freitag, 16. April 2021 23:48:59
An: cat-users AT lists.geant.org
Betreff: [ext] [[cat-users]] Help with setting up eduroam on Arch Linux using iwd

 

Dear all,

I have downloaded the CAT tool for my University (eduroam-linux-UoM.py) which I ran on ArchLinux.  My wireless wifi driver is iwlwifi.

When I run the CAT tool, I get a wpa_supplicant file (which has some incorrect syntax in it but this is not a big deal and I clean this manually).  I used the generated certificates, and details etc. in network manager applet (1.20) to try to set up eduroam.  However the network manager gives me the error "802.1x connections must have IWD provisioning files" as described in https://wiki.archlinux.org/index.php/NetworkManager.

I create an iwd config file (/var/lib/iwd/eduroam.8021x) with the following contents (mostly as described in https://wiki.archlinux.org/index.php/Iwd#Eduroam):

[Security]
EAP-Method=TTLS
EAP-Identity=anonymous AT s2.um.edu.mt
EAP-TTLS-CACert="/home/fake.username/.cat_installer/ca.pem"
EAP-TTLS-Phase2-Method=Tunneled-PAP
EAP-TTLS-Phase2-Identity=fake.name AT um.edu.mt
EAP-TTLS-Phase2-Password=fake.password

[Settings]
AutoConnect=true

However I am unable to connect to eduroam using these details and NetworkManager/iwd.

Note that the wpa_supplicant file (after cleaning it up manually from some badly generated config):

network={
        ssid="eduroam"
        key_mgmt=WPA-EAP
        pairwise=CCMP
        group=CCMP TKIP
        eap=TTLS
        ca_cert="/home/fake.username/.cat_installer/ca.pem"
        identity="fake.name AT um.edu.mt"
        altsubject_match="DNS:wifiauth.um.edu.mt"
        phase2="auth=PAP"
        password="fake.password"
        anonymous_identity="anonymous AT s2.um.edu.mt"
}

Any ideas what I am doing wrong and  how I can fix this to be able to connect to eduroam from Arch Linux using iwd?

Any help is appreciated, as I am stuck.

--

Dr Jean-Paul Ebejer | Senior Lecturer BSc (Hons) (Melita), MSc (Imperial), DPhil (Oxon.) Centre for Molecular Medicine and Biobanking Office 320, Biomedical Sciences Building, University of Malta, Msida, MSD 2080.  MALTA. T: (00356) 2340 3263 Associate Member Department of Artificial Intelligence Where am I?

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

--

Dr Jean-Paul Ebejer | Senior Lecturer BSc (Hons) (Melita), MSc (Imperial), DPhil (Oxon.) Centre for Molecular Medicine and Biobanking Office 320, Biomedical Sciences Building, University of Malta, Msida, MSD 2080.  MALTA. T: (00356) 2340 3263 Associate Member Department of Artificial Intelligence Where am I?