Basics
This post provides very simple instructions for connecting to the uog-wifi-secure network at University of Guelph (specifically proven working in 2018). These instructions can likely be adapted to any WPA-enterprise network utilizing EAP-PEAP (MSCHAPv2) and any device using wpa_supplicant. From raspbian you can edit two files, /etc/network/interfaces
(to enable our interfaces, i.e. turn them on) and /etc/wpa_supplicant/wpa_supplicant.conf
(for entering the required parameters). If you find errors in this document I would appreciate you contacting me via twitter @co60ca and suggesting updates.
Use the following settings for /etc/wpa_supplicant/wpa_supplicant.conf
country=CA
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
identity="yourwholeemail@uoguelph.ca"
password="yourpasswordgoeshere"
eap=PEAP
phase2="auth=MSCHAPV2"
ssid="uog-wifi-secure"
key_mgmt=WPA-EAP
}
After configuring your wpa_supplicant settings alter your network config /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet dhcp
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Restarting your raspberry pi with shutdown -r now
should connect you to WiFi.
Securing your password
wpa_supplicant has a method of storing the password in a non human readable manner via hashing. However, an attacker could simply copy the hashed password to their system to impersonate you. In order to do this hashing you need to generate the hash from your password and prefix it with hash:
To generate your hash use the following command from a linux or Mac shell, simply copy and paste into terminal and write your password followed with enter. It will not echo so you do not need to clear your history.
stty -echo ; read -p "Enter your password: " pass ; echo -ne "\nhash:" && echo -n $pass | iconv -t
UTF-16LE
| openssl md4 | cut -f2 -d ' ' ; stty echo
The echoed text is your hash. For example: hash:00feca478f2e9c69cb02d417df51628e
. Replace your password in /etc/wpa_supplicant/wpa_supplicant.conf
with it. As such:
country=CA
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
identity="yourwholeemail@uoguelph.ca"
password=hash:00feca478f2e9c69cb02d417df51628e
eap=PEAP
phase2="auth=MSVCAPV2"
ssid="uog-wifi-secure"
key_mgmt=WPA-EAP
}