Raspbmc with WPA Enterprise (802.1x)_zhanglizhuo的博客-程序员宅基地

技术标签: Raspberry PI  

Since I own a Raspberry Pi, I experimented a lot with that incredible device. It has so many capabilities and for a price of 45 € to about 60 € (depends on your needs and if you want accessories) you get a device you can pretty much do everything with. I used it as Samba4 PDC, a DAAP media server and so on. It is pretty neat for experimenting and developing your skills but when it comes down to get a greater insight in providing productive Active Directory services, you feel way more confident with an actual Windows Server PDC. All in all I am fascinated what a great job the guys from the Samba project have done over the years. I started with configuring Samba2. With version 4 it is even possible to deploy and administer GPOs for XP and Win7 in a very effective way. Sorry to wander from the subject but certain things need to be said.

Nevertheless let us talk about Raspbmc, which i know installed on my Raspberry Pi for primary use. I tested all the 3 major XBMC editions and got stuck with Raspbmc because it supported most of my needs, e.g. install separate software, tools and with the most recent version it got a lot quicker in responding and speed. Furthermore Raspbmc is the only of the major distributions that supports fast forward and rewind when using SMB shares as a source. With OpenELEC for example, you would not be able to use apt and therefore not be able to use 802.1x as an authentication method for WiFi access.

Finally we got 802.1x and Raspbmc. 802.1x is a standard for authentication in networks and got pretty common for WiFi networks in organizations and universities. It has great potential because you use a RADIUS server for authentication and you can secure the connection with e.g. EAP-TLS and PEAP. We could talk more about that but I think people reading this article may just want to know how to get Raspbmc to work with that so-called WPA Enterprise. We are almost there, seriously. In this article I am providing a method which describes connect to a 802.1x secured network with PEAP-MSCHAPv2 since this is the most common used methods in university and organizational WiFi networks. The method would be the same for EAP-TLS and certificates. Please refer to the link on the end of this article for the necessary commands. This solution might not look very elegant at first but there actually is no way to get this working through the UI, because none of the distributions included it until now, although it would not be a lot of work to actually do this. So let us get started!

At first we need to make sure that WiFi on the Pi is completely unconfigured. For this delete the SSID and the WPA/WPA2-PSK settings in the Pi UI, and just to make sure, reboot the device. We need to do this because Raspbmc always is trying to reset settings according to the defined ones in the UI. I think the best way to get this whole thing up and running is to use the ethernet interface of the Pi. Configure your computer to share an internet connection (Note: 802.1x connections can not be shared on most systems) or use a the wired network if available. Sharing your WiFi connection on your computer will setup a DHCP server too, so you do not have to worry about IPs. The best way would be to use an existing wired network. We need an internet connection because we need apt to install some software.

UPDATE

It seems that either raspmc or Raspbian itself changed the way network-manager is used by the it. Although I think it all has to do something with providing the certificate of the RADIUS server, which is now necessary. Nevertheless I figured out an easier way to connect to a WPA Enterprise network. Especially changing from WPA Enterprise to WPA/WPA2 PSK networks and back is now easier.

SSH into your Pi:

ssh [email protected]
sudo -s

Now wpasupplicant is installed by default. If an interface is not configured via /etc/network/interfaces, then it will be configured via NetworkManager which the new version of raspbmc apparently now uses to configure wireless and wired networks. So if we configure it via the interfaces file for WPA Enterprise it should be using this configuration first. To switch back to the configured settings via gui, one simply comments out the entries in the interfaces file.

What is necessary is to copy the RADIUS certificate to some location on the pi. There are many ways on how to obtain it, google or your network administrator may be your friend here. I copied mine to /certs/radius.pem

Here are the two example files. (wpa_supplicant.conf has to be generated from scratch).

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant
   network={
   ssid="SobieskiNET"
   key_mgmt=WPA-EAP
   eap=PEAP
   ca_cert="/certs/radius.pem"
   identity=“username”
   password=“password”
   phase2="MSCHAPV2"
}

/etc/network/interfaces

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Now simply reboot the pi and it should connect. I’m going to try the switching by commenting out the lines in interfaces and setting some other WiFi via gui to check whether it primarily uses the configuration in the interfaces file, or if it interferes with NetworkManager. I’m currently using the method above and have not changed anything in the gui on the basis of an installation from scratch.

LINKS
http://w1.fi/wpa_supplicant/


https://achtnullzwei.wordpress.com/2013/10/30/raspbmc-with-wpa-enterprise-802-1x/

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zhanglizhuo/article/details/42244815

智能推荐

Android设置变量值之——与或非(&、|、~)_聂建jian的博客-程序员宅基地_android 与或非

https://github.com/NieJianJian/AndroidNotes,内容将持续更新,欢迎star。Android常用与或非来添加和判断变量,比如,Window.java类中的一些变量:public static final int FEATURE_NO_TITLE = 1;public static final int FEATURE_PROGRESS = 2;public static final int FEATURE_LEFT_ICON = 3;public stati

独家 | 准备数据时如何避免数据泄漏_数据派THU的博客-程序员宅基地

作者:Jason Brownlee翻译:张一然校对:李洁本文约5000字,建议阅读10分钟。本篇文章主要介绍了几种常用的数据准备方法,以及在数据准备的过程中如何避免数据泄露。数据准备是...

重新想象 Windows 8.1 Store Apps (76) - 新增控件: SearchBox_weixin_30446613的博客-程序员宅基地

重新想象 Windows 8.1 Store Apps (76) - 新增控件: SearchBox 原文:重新想象 Windows 8.1 Store Apps (76) - 新增控件: SearchBox[源码下载]重新想象 Windows 8.1 Store Apps (76) - 新增控件: SearchBox作者:webabc...

[转载]在SQL Server 中,如何实现DBF文件和SQL Server表之间的导入或者导出?_weixin_34268753的博客-程序员宅基地

[转载]在SQL Server 中,如何实现DBF文件和SQL Server表之间的导入或者导出?原来使用SQL Server 2000数据库,通过DTS工具很方便地在SQL Server和DBF文件之间进行数据的导入和导出,现在安装了SQL Server2005之后,发现其提供的“SQL Server导入导出向导”中的数据源没有原来的丰富,缺少...

思迅餐饮会员延期_tengqingzhu的博客-程序员宅基地

use  isseatv4  --对应的换数据库名update t_m_member set dt_limit='2015-10-01 00:00:00.000'

Vmware vSphere 5.0系列教程之二 Vmware vSphere 5.0安装_yongchaocsdn的博客-程序员宅基地

前面我们简单介绍了vmware vSphere 5.0,接下来,我们开始下载安装ESXi 5,下载地址为http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0,您可能需要注册才能正常下载。ESXi 5的可以免费试用60天。ESXi 5可以直接安装在服务器上,这里我们用测试环境来安装,我

随便推点

android音乐播放器!关于Android性能优化的几点建议,终获offer_NathanEmily的博客-程序员宅基地

开头通常作为一个Android APP开发者,我们并不关心Android的源代码实现,不过随着Android开发者越来越多,企业在筛选Android程序员时越来越看中一个程序员对于Android底层的理解和思考,这里的底层主要就是Android Framewok中各个组件的运行原理,例如Binder的运行机制、ServiceManager的作用等等。在Android面试中,关于 Framework 的问题是必备的,但是这些关于字节跳动 Framework 的高频面试题你都掌握了吗?所以,今天,我将献上

Android 中使用MediaRecorder进行录像详解(视频录制)_weixin_30319153的博客-程序员宅基地

在这里给出自己的一个测试DEMO,里面注释很详细。简单的视频录制功能.package com.video;import java.io.IOException;import android.app.Activity;import android.content.pm.ActivityInfo;import android.graphics.PixelFormat;...

java script 遍历数组_Java Script 数组_汉周读书的博客-程序员宅基地

谈及数组,很多语言当中都有数组这个概念。今天我讲讲JS(Java Script)当中数组的一些用法。数组对象的作用是:使用单独的变量名来存储一系列的值。什么是数组?数组对象是使用单独的变量名来存储一系列的值。假如我们要存储一个值,可以用 var num = a,假如我们要存储几个,十几个,甚至几百个呢?最好就使用到数组。数组可以用一个变量名来存储所有的值,并且可以用变量名访问数组中任何一个值,数...

Linux中的ipcs命令与ipcrm命令_kmcfly的博客-程序员宅基地

是linux/uinx上提供关于一些进程间通信方式的信息,包括共享内存,消息队列,信号ipcs用法 ipcs -a  是默认的输出信息 打印出当前系统中所有的进程间通信方式的信息ipcs -m  打印出使用共享内存进行进程间通信的信息ipcs -q   打印出使用消息队列进行进程间通信的信息ipcs -s  打印出使用信号进行进程间通信的信息输出格式的控制ipcs

acp cp linux命令,系统运维_段会腾段会腾哥哥的博客-程序员宅基地

命令行听起来有时候会很吓人,特别是在刚刚接触的时候,你甚至可能做过有关命令行的噩梦。然而渐渐地,我们都会意识到命令行实际上并不是那么吓人,反而是非常有用。实际上,没有命令行正是每次我使用 Windows 时让我感到崩溃的地方。这种感觉上的变化是因为命令行工具实际上是很智能的。 你在任何一个 Linux 终端上所使用的基本工具功能都是很强大的, 但还远说不上是足够强大。 如果你想使你的命令行生涯更加...

推荐文章

热门文章

相关标签