Eduroam unter Linux/en: Unterschied zwischen den Versionen

Version vom 16. Januar 2025, 10:48 Uhr

Die deutsche Version finden Sie auf der Seite Eduroam unter Linux

Das Zertifikat des Radius Servers wurde am 14.01.2025 ausgetauscht. Falls Ihr Gerät Sie dazu auffordert, für eduroam ein Zertifikat zu prüfen oder einem neuen Zertifikat zu vertrauen, sollten Sie den Fingerprint des Zertifikats kontrollieren. Die meisten Geräte sollten sich weiterhin automatisch mit eduroam verbinden. Mehr Details zum Verhalten auf den einzelnen Geräten hier zum ausklappen:

Details: Fingerprint Zertifikat Radius-Server

Je nach Gerät kann es sein, dass Sie sich erneut mit eduroam verbinden müssen, das Zertifikat erneut auswählen oder dem Zertifikat vertrauen müssen.

sha1 Fingerprint=22:8B:F4:7C:AC:00:BD:F6:77:F9:39:78:B5:AF:BF:66:C0:5C:84:D6

sha256 Fingerprint=98:A9:22:F8:DC:C9:92:EA:19:B1:97:5A:44:D7:CA:01:30:4E:CB:2F:14:69:79:18:5F:69:8A:25:03:E1:05:88

sha512 Fingerprint=3D:FA:3B:AA:D4:41:B0:4F:AA:C6:F1:58:CA:D3:A2:B6:1A:23:52:B2:9E:92:6D:C0:2B:B5:ED:50:8D:1D:FF:34:29:FC:D3:B5:6F:4C:8D:7F:A0:85:8B:38:B0:46:C5:17:98:2A:72:25:41:42:5D:39:BA:40:1D:9C:F3:14:24:64

macOS

Zertifikat einblenden um das Zertifikat zu prüfen
Fortfahren um dem Zertifikat zu vertrauen

iPhone und iPad

Zertifikat anzeigen um das Zertifikat zu prüfen
Zertifikat akzeptieren um dem Zertifikat zu vertrauen

Windows

Zertifikatsdetails anzeigen um das Zertifikat zu prüfen
Verbinden um dem Zertifikat zu vertrauen

These instructions for setting up the eduroam WLAN at the University of Paderborn apply to devices with Linux via the user interface (GUI). As an example, the network is set up here under Ubuntu 14.04 LTS with Gnome Desktop. Depending on the Linux version, the settings may vary slightly. Please note that the Notebook Café does not offer immediate Linux support.

What to do?[Bearbeiten | Quelltext bearbeiten]

Create your personal university network certificate
- <optional> Download the root certificate. This is a standard root certificate, so it should already exist.
Set up the eduroam network.
Delete any existing webauth profile so that the device automatically connects to eduroam.
Special case: Depending on the Linux version, uni-paderborn.de must be entered under Domain/domain.

Step-by-step instructions[Bearbeiten | Quelltext bearbeiten]

Provide certificates[Bearbeiten | Quelltext bearbeiten]

Access using a browser such as B. Firefox or Internet Explorer, open the service portal, log in with your user name and password and apply for a new certificate under "WLAN". Enter the name of the device on which the certificate is to be installed.
A password will then be automatically generated for the certificate and displayed on the following page. It is best if the password is copied for further installation.

Click "Neues Zertifikat erstellen".

Give the certificate a unique name (Ex: Laptop xy)
Select Version 2 as the file format.
Then click on "Neues Zertifikat zusenden".

A new network certificate has been created for you.
First copy the Import Password to the clipboard.
Now click on "Netzwerkzertifikat herunterladen".
Then click "CA-Zertifikat herunterladen".

Save both certificates e.g. B. in your user folder or another safe location. Do not delete/move this folder!

Set up Eduroam[Bearbeiten | Quelltext bearbeiten]

Open the status menu.
Select "WLAN-Netzwerke auswählen".

Choose eduroam.

Set up eduroam as follows:

Security: WPA & WPA2 Enterprise
Legitimation: TLS
Identity: <username>@uni-paderborn.de (replace <username> with your university account
Domain (if available): radius.uni-paderborn.de
CA Certificate:' Select the USERTrust RSA Certification Authority certificate (USERTrustRSACertificationAuthority.crt).
Password CA certificate: Remains blank.
User certificate: Select your personal network certificate (the file that ends in .p12 and contains your university account username).
User certificate password: Remains blank.
Secret user key: Is usually automatically filled with "User certificate" - otherwise insert it yourself
User key password: Import password for your personal network certificate.

<variable> domain:
1. uni-paderborn.de (Some Linux versions require this entry)
2. radius.uni-paderborn.de (or this one)
3. <leave blank> (or something like that, if it shows at all)

Troubleshooting[Bearbeiten | Quelltext bearbeiten]

Add manually[Bearbeiten | Quelltext bearbeiten]

You may also be able to add the eduroam network manually:

Connection name: Can be freely selected
SSID: eduroam
See above for remaining settings.

Ubuntu[Bearbeiten | Quelltext bearbeiten]

Some customers report problems setting up eduroam on Ubuntu 22.04 and newer. The problem is described here:

https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1958267

Attention:

The following solution suggestion comes from a customer. Use at your own risk. There was no examination by the ZIM.

1) Find wpa_supplicant service file with `systemctl status wpa_supplicant`.
    For me, the path is "/lib/systemd/system/wpa_supplicant.service"
2) In that file, (with superuser rights), add the line
    `Environment="OPENSSL_CONF=/usr/lib/ssl/openssl.cnf"`
3) Backup old config:
    `sudo cp /usr/lib/ssl/openssl.cnf /usr/lib/ssl/openssl.cnf.backup`
4) Modify "openssl.cnf" like follows:
    a) Below "[openssl_init]" add the line "ssl_conf = ssl_sect".
    b) At the end of the file, add
      [ssl_sect]
      system_default = system_default_sect

      [system_default_sect]
      Options = UnsafeLegacyRenegotiation
      CipherString = DEFAULT:@SECLEVEL=1
5) Restart the service `sudo systemctl restart wpa_supplicant.service`.
    If that doesn't work, reboot.

Linux Mint[Bearbeiten | Quelltext bearbeiten]

On Linux Mint it can happen that the user certificate cannot be selected when selecting it in the network settings. Linux Mint does not recognize the file extension/format .p12 in the selection.

Solution:[Bearbeiten | Quelltext bearbeiten]

Convert user certificate from P12 to PEM format

openssl pkcs12 -in Network_Certificate_UNIACCOUNTNAME_XXXX.p12 -out Network_Certificate_UNIACCOUNTNAME_XXXX.pem -nodes

After the conversion you can continue as described.

@@ Zeile 4: / Zeile 4: @@
 |translated title=eduroam on Linux
 }}
-<br>
-<bootstrap_card color=info header="Fingerprint certificate radius server" collapsible>
-The certificate for the radius server will be changed on January 14, 2025. If your device asks you to check a certificate for Eduroam or to trust a new certificate, you should check the certificate’s fingerprint. Most devices should still automatically connect to Eduroam.
+{{Fingerprint_Radiuszertifikat}}
-<br>
-<pre>sha1 Fingerprint=22:8B:F4:7C:AC:00:BD:F6:77:F9:39:78:B5:AF:BF:66:C0:5C:84:D6</pre>
-<pre>sha256 Fingerprint=98:A9:22:F8:DC:C9:92:EA:19:B1:97:5A:44:D7:CA:01:30:4E:CB:2F:14:69:79:18:5F:69:8A:25:03:E1:05:88</pre>
-<pre>sha512 Fingerprint=3D:FA:3B:AA:D4:41:B0:4F:AA:C6:F1:58:CA:D3:A2:B6:1A:23:52:B2:9E:92:6D:C0:2B:B5:ED:50:8D:1D:FF:34:29:FC:D3:B5:6F:4C:8D:7F:A0:85:8B:38:B0:46:C5:17:98:2A:72:25:41:42:5D:39:BA:40:1D:9C:F3:14:24:64</pre>
-[[Datei:Radius-certificate-warning-macos.png|links|mini|ohne|350px|macOS: Klicken Sie auf Zertifikat einblenden.]]
-<br clear=all>
-[[Datei:Radius-certificate-warning-ios.png|links|mini|ohne|350px|iPhone und iPad: Klicken Sie auf Zertifikat anzeigen]]
-</bootstrap_card>
-<br>
 These instructions for setting up the eduroam WLAN at the University of Paderborn apply to devices with Linux via the user interface (GUI). As an example, the network is set up here under Ubuntu 14.04 LTS with Gnome Desktop. Depending on the Linux version, the settings may vary slightly. Please note that the Notebook Café does not offer immediate Linux support.

	Mo-Do	Fr
Vor-Ort-Support	08:30 - 16:00	08:30 - 14:00
Telefonsupport	08:30 - 16:00	08:30 - 14:00

Mo-Do	Fr
08:00 - 16:00	08:00 - 14:30