Hi,
Many thanks for the detailed answer!
WPA Enterprise does not work for the full Jessie (amd64) OS (installed
on a fast USB stick). I removed these WPA Enterprise settings and
reconfigured them again without success twice. Unsecured Wifi
connections can always be established, but not the (highly) secured WPA
ones. Only the Gnome desktop is installed. Maybe, I messed up the system
by first installing the wrong firmware (ipw2x00) and subsequently the
iwlwifi one.
What else could I have done incorrectly?
Best regards,
François
On 01/27/2015 03:37 AM, Stefan Lippers-Hollmann wrote:
Hi
On 2015-01-26 "François P. Rotzinger" <[email protected]> wrote:
[...]
The following details on
the WPA I'am using might be of interest to you: Security: WPA & WPA2
Enterprise, Authentication: Tunneled TLS, CA certificate:
Thawte_Premium_Server_CA.pem, Inner authentication: MSCHAPv2.
With Ubuntu 14.04 (amd64) everything works fine on the same hardware.
This might work in your installed Ubuntu system, and I'm pretty
confident that it would work in a full Debian installation as well,
but I'm rather sure that it does not work in Ubuntu's installer
either - which is quite different from an installed system.
The wpasupplicant udeb only supports plain WPA1 or WPA2 (and WEP or
unencrypted networks). IEEE8021X, also known as WPA Enterprise, is only
available to the full wpasupplicant package, not the udeb. Beyond
enabling support for IEEE8021X to the wpasupplicant udeb, d-i/ netcfg
would also require extensive changes to support these encryption
methods - neither sounds very likely (this gets exponentially complex[1]
(and large for the initrd environment of d-i) to manage the
certificate handling or just to provide a functional input mask to
configure the vastly different flavours possible with IEEE8021X.
After installing Debian to the harddisk, configuring IEEE8021X should
be rather straight forward, be it via network-manager or
wpasupplicant's plain ifupdown integration, see
/usr/share/doc/wpasupplicant/examples/
for example configuration. Depending on the actual wireless
environment you might have to extract or convert the required
certificates for Linux. If you have a working configuration
for Ubuntu, it should be possible to re-use this for Debian
verbatim.
Regards
Stefan Lippers-Hollmann
[1] IEEE8021X doesn't stand for a specific kind of wlan
encryption, but covers a wide array of individually
layered encryption schemes (MSCHAPV2 or TTLS, certificates
required for either server or client - or for both,
individual user names and password combinations on to - or
handling all this via certificates, etc. pp.).
--
François P. Rotzinger
Privat-docent (lecturer)
Ecole Polytechnique Fédérale de Lausanne (EPFL)
Institut des Sciences et Ingénierie Chimiques (ISIC)
Station 6
CH-1015 Lausanne
Switzerland
