Raspbmc with WPA Enterprise (802.1x)_zhanglizhuo的博客-程序员宅基地

技术标签: Raspberry PI  

Since I own a Raspberry Pi, I experimented a lot with that incredible device. It has so many capabilities and for a price of 45 € to about 60 € (depends on your needs and if you want accessories) you get a device you can pretty much do everything with. I used it as Samba4 PDC, a DAAP media server and so on. It is pretty neat for experimenting and developing your skills but when it comes down to get a greater insight in providing productive Active Directory services, you feel way more confident with an actual Windows Server PDC. All in all I am fascinated what a great job the guys from the Samba project have done over the years. I started with configuring Samba2. With version 4 it is even possible to deploy and administer GPOs for XP and Win7 in a very effective way. Sorry to wander from the subject but certain things need to be said.

Nevertheless let us talk about Raspbmc, which i know installed on my Raspberry Pi for primary use. I tested all the 3 major XBMC editions and got stuck with Raspbmc because it supported most of my needs, e.g. install separate software, tools and with the most recent version it got a lot quicker in responding and speed. Furthermore Raspbmc is the only of the major distributions that supports fast forward and rewind when using SMB shares as a source. With OpenELEC for example, you would not be able to use apt and therefore not be able to use 802.1x as an authentication method for WiFi access.

Finally we got 802.1x and Raspbmc. 802.1x is a standard for authentication in networks and got pretty common for WiFi networks in organizations and universities. It has great potential because you use a RADIUS server for authentication and you can secure the connection with e.g. EAP-TLS and PEAP. We could talk more about that but I think people reading this article may just want to know how to get Raspbmc to work with that so-called WPA Enterprise. We are almost there, seriously. In this article I am providing a method which describes connect to a 802.1x secured network with PEAP-MSCHAPv2 since this is the most common used methods in university and organizational WiFi networks. The method would be the same for EAP-TLS and certificates. Please refer to the link on the end of this article for the necessary commands. This solution might not look very elegant at first but there actually is no way to get this working through the UI, because none of the distributions included it until now, although it would not be a lot of work to actually do this. So let us get started!

At first we need to make sure that WiFi on the Pi is completely unconfigured. For this delete the SSID and the WPA/WPA2-PSK settings in the Pi UI, and just to make sure, reboot the device. We need to do this because Raspbmc always is trying to reset settings according to the defined ones in the UI. I think the best way to get this whole thing up and running is to use the ethernet interface of the Pi. Configure your computer to share an internet connection (Note: 802.1x connections can not be shared on most systems) or use a the wired network if available. Sharing your WiFi connection on your computer will setup a DHCP server too, so you do not have to worry about IPs. The best way would be to use an existing wired network. We need an internet connection because we need apt to install some software.

UPDATE

It seems that either raspmc or Raspbian itself changed the way network-manager is used by the it. Although I think it all has to do something with providing the certificate of the RADIUS server, which is now necessary. Nevertheless I figured out an easier way to connect to a WPA Enterprise network. Especially changing from WPA Enterprise to WPA/WPA2 PSK networks and back is now easier.

SSH into your Pi:

ssh [email protected]
sudo -s

Now wpasupplicant is installed by default. If an interface is not configured via /etc/network/interfaces, then it will be configured via NetworkManager which the new version of raspbmc apparently now uses to configure wireless and wired networks. So if we configure it via the interfaces file for WPA Enterprise it should be using this configuration first. To switch back to the configured settings via gui, one simply comments out the entries in the interfaces file.

What is necessary is to copy the RADIUS certificate to some location on the pi. There are many ways on how to obtain it, google or your network administrator may be your friend here. I copied mine to /certs/radius.pem

Here are the two example files. (wpa_supplicant.conf has to be generated from scratch).

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
   network={
   ssid="SobieskiNET"
   key_mgmt=WPA-EAP
   eap=PEAP
   ca_cert="/certs/radius.pem"
   identity=“username”
   password=“password”
   phase2="MSCHAPV2"
}

/etc/network/interfaces

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Now simply reboot the pi and it should connect. I’m going to try the switching by commenting out the lines in interfaces and setting some other WiFi via gui to check whether it primarily uses the configuration in the interfaces file, or if it interferes with NetworkManager. I’m currently using the method above and have not changed anything in the gui on the basis of an installation from scratch.

LINKS
http://w1.fi/wpa_supplicant/


https://achtnullzwei.wordpress.com/2013/10/30/raspbmc-with-wpa-enterprise-802-1x/

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zhanglizhuo/article/details/42244815

智能推荐

Activity生命周期场景解析_亦心谷的博客-程序员宅基地

初识Activity活动是一种包含用户界面的组件,主要用于和用户进行交互。我们在开发中创建Activity后,通过调用setContentView(View)方法来给该Activity指定一个布局界面,而这个界面就是提供给用户进行交互的。返回栈Android系统中是通过任务(Task)来管理活动的。一个任务就是一组放在栈里的活动的集合,因此这个栈也被称做返回栈(Back Stack)。栈是一...

C++ 友元函数_玻璃年华Alex的博客-程序员宅基地

转自:http://blog.csdn.net/insistgogo/article/details/66086721、为什么要引入友元函数:在实现类之间数据共享时,减少系统开销,提高效率      具体来说:为了使其他类的成员函数直接访问该类的私有变量      即:允许外面的类或函数去访问类的私有变量和保护变量,从而使两个类共享同一函数      优点:能够提高效率

Eclipse插件_weixin_33887443的博客-程序员宅基地

2019独角兽企业重金招聘Python工程师标准>>> ...

系统学习图像算法Day.21——C++基础——复合类型、数组、字符串、结构体、共用体、枚举、指针_敏而好学无止境的博客-程序员宅基地

复合类型的概念数组:定义数组、特定类型的数组、从0开始编号、赋值的几种方法、sizeof用于数组名与数组元素的区别,初始化字符串:初始化、字符串常量、字符串常量、使用strlen、sizeof 的区别、cin输入字符串的局限性:空格的作用(cin.getline、cin.get 的运用<以及他们是否保存换行符)、长度的影响string类简介:初始化、定义、长度结构体:定义结构体、定义...

Markdown输入_xor0ne_10_01的博客-程序员宅基地

将自己不懂的慢慢汇集1、输入数学符号数学符号

在Linux服务器上增加硬盘没那么简单【转】_weixin_34236869的博客-程序员宅基地

运维案例:HP服务器,LINUX系统在保障数据的前提下扩展/home分区部门需求:研发部门提出需要在现有的服务器上扩容磁盘空间,以满足开发环境的磁盘需求。现有空间1.6T需要增加到2T.需求调查分析:1、硬件环境:服务器 hp dl380 GEN9,磁盘配置(600G*4),raid5;当前还有4个硬盘槽位可用。2、系统:ubuntu 1404,系统整体空间1.6T...

随便推点

搜索的关键字变色_weixin_43831302的博客-程序员宅基地

data:{listDataCopy:[]}// 搜索关键字searchTap: function () {var that = this;that.setData({listDataCopy: that.data.listData})var data = that.data.listData;var newData = that.data.listDataCopy;for ...

SIFT特征向量_艳光普照的博客-程序员宅基地

http://blog.csdn.net/pp5576155/article/details/7000060sift特征可以用于人脸识别,图像检索 图像匹配 图像拼接,sift特征具有旋转不变形,尺度不变形,光照不变形等,此算法已广泛应用于人脸识别 图像检索 图像匹配 图像拼接的研究。 1 SIFT 发展历程  SIFT算法由D.G.Lowe 1999年提出,2

Jmeter分布式_尘_晨的博客-程序员宅基地_jmeter分布式

前言控制机称为主机,被控制机(服务机器)称为从机。无论从机是windows系统还是linux系统,首先要配置好java环境。jdk下载(这里是1.8.0_191版本)windows jdk网盘下载,提取码 8888linux jdk网盘下载,提取码 8888环境变量配置java环境变量配置 windows和linux1.主机需要改(windows系统为例)1.1 Jmeter bin目录下jmeter.properties文件 编辑改:server.rmi.ssl.disabl

python requirements.txt批量下载安装离线_Ljq730828的博客-程序员宅基地

有些情况下我们需要下载N个第三方包,或者下载的包依赖其它包,一个个下载非常浪费时间。这时我们可以通过如下两种方式的命令批量下载。方式1pip download -d /tmp/packagesdir <packagename>方式2pip download -d /tmp/packagesdir -r requirements.txt其中req...

git首次提交及错误 ! [rejected] master -> master (fetch first)_淼小宝的博客-程序员宅基地

git首次提交及错误 ! [rejected] master -> master (fetch first)git initgit add .git commit -m ‘首次提交’git remote add origin ‘远程地址’git push -u origin master推送的时候出现的错误:解决:git pull --rebase origin mastergit push origin master...

python可以这样学这本书怎么样_Python可以这样学_weixin_39691748的博客-程序员宅基地

第1章Python基础11.1Python是一种什么样的语言11.2Python开发环境21.2.1百家争鸣的繁荣景象21.2.2IDLE简单使用61.3变量、运算符与表达式91.3.1Python变量与内置数据类型91.3.2常用内置函数151.3.3运算符与表达式211.3.4人机对话基本接口251.4模块安装与使用281.4.1安装Python扩展库281.4.2模块导入与使用301.4.3...