Connecting to a 802.1x EAP-PEAP wireless network with no phase2-auth in Linux

linux networking wireless-networking networkmanager 802.1x

6,651

So it seems like this problem has been known for years in NetworkManager. I was not able to connect with Connman or any other "network manager".

Instead configuring wpa_supplicant directly will accomplish this:

Create a wpa_supplicant.conf file. Mine is *ssid*.conf

Add the following to the file:

ctrl_interface=DIR=/var/wpa_supplicant
network={
    ssid="*ssid*"
    key_mgmt=WPA-EAP
    eap=PEAP
    phase2="none"
    identity="*username*"
    password="*password*"
}

Now run wpa_supplicant and point it to the config. Make sure other "network managers" like NetworkManager are turned off and enable your wireless interface first if it's down.
```
$ sudo wpa_supplicant -B -i *interface* -c *ssid*.conf
```
Now you just need to set up the standard ip networking information. Easiest way is to just use dhcp.

It's pretty annoying that I have to do this but I've written a small script that automates this. I just have to run it when I want to connect to my school wifi.

Source: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1578589 and https://wiki.archlinux.org/index.php/WPA_supplicant

6,651

Author by

Kalq

Updated on September 18, 2022

Comments

Kalq over 1 year

My school's wifi network uses PEAP 802.1x authentication but with no CA Cert and no Phase2 authentication.

My issue is that NetworkManager does not support not having Phase2 authentication. I've tried going into the /etc/NetworkManager/system-connections/*connection* and manually setting phase2-auth=none or phase2-auth=false or omitting it all-together but that doesn't seem to work. When I restart NetworkManager it no longer sees that profile because I assume it errors out. This appears to be a well-known "bug" that has been around for years so I imagine it's just straight up not possible with NetworkManager.

I've tried using Connman as well but with no success. If it's possible with Connman can somebody please guide me on how exactly to set it up.

I'm not married to NetworkManager, if there's a way to do this with wpa_supplicant, iw or whatever I'm more than willing to do that.

Thank you for you help.
- Spiff over 5 years
  
  I’m not sure I even understand why anyone would do PEAP without inner authentication. Maybe they just wanted a way to get stronger per-user per-session keys, but don’t care who joins the network?
- user1686 over 5 years
  
  Does your school have online documentation about connecting to their network?
- Kalq over 5 years
  
  Yeah I don't get it either but it is what it is. Unfortunately they don't have any documentation for Linux and only officially support windows 7 pro and above.