This site is best viewed in a standards compliant browser.
This guide covers items researched and discovered while installing and configuring the wpa-supplicant package on a Thinkpad T43 running Gentoo Linux. Installing wpa-supplicant on Linux enables connection to unsecured and secured wireless networks, including WPA Enterprise networks. Anyone using Linux, especially those comfortable modifying config files and working from the command line, may find this guide useful when trying to connect to secured wireless networks.
I began looking into setting up wireless networking on Gentoo so that I had the option of going wireless at work and school. Thru the Gentoo Handbook Wireless Networking Guide, I found that wpa-supplicant was what I needed to work with and got all the basic requirements. This article expands upon the information in the handbook, detailing other resources which I found useful in getting things up and running.
These steps presume you have a properly configured kernel to support your wireless subsystem - kernel configuration is outside the scope of this guide. In light of that, the process of setting up your wireless software configuration thru wpa-supplicant can logically be broken into 3 sections. The headings below detail installing wpa-supplicant, configuring /etc/conf.d/net, and customizing wpa-supplicant.conf."
Starting with the handbook, I installed wpa-supplicant thru portage. Nothing gets more straightforward than this, simply issue "sudo emerge wpa_supplicant -av" from a terminal and portage will do the heavy lifting of compiling and installing the package on your system.
Once again referring to the handbook, I configured /etc/conf.d/net for the ipw2200 which is the wireless chipset featured on the T43. The net configuration is specific to the wireless hardware on your system - you need to specify the driver for your hardware in this file. A listing of the drivers supported by wpa-supplicant can be had by issuing "man wpa_supplicant" in a terminal to view the man page. With recent kernel versions and the ipw2200 wireless chipset, you need to use the generic Linux wireless driver, wext. The net configuration for this looks like the following:
In this step, the Gentoo Handbook wasn't much help as it only provided a few basic examples. These would get you going for an unsecured access point, or maybe WEP, but for more secure access points you will need to do more work.
A good place to start is with /usr/share/doc/wpa_supplicant-version/wpa_supplicant.conf.gz. Not only does that file provide more example configs, but it also defines each available option. Identify an example which most closely represents the network you'll be connecting to, and then take a look at the meaning of the options and their potential variables.
For the network I was connecting to, which is an Enterprise WPA wifi network on Cisco APs with authentication thru a Radius server, the config looked like the following. This configuration is stored in /etc/wpa_supplicant/wpa_supplicant.conf:
network{
ssid="networkname"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=LEAP
identitiy=myusername
password=mypassword
ca_cert="/usr/share/ca-certificates/mozilla/UTN_USERFirst_Hardware_Root_CA.crt"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
Now for me, I figured out most of the options needed using the windows instructions for the network I was connecting to, and thru a hefty amount of trial and error. It could also be helpful to speak with the admin of the wireless network when possible, to determine if the configuration options your using are correct.
After doing this, I was able to connect to a test Enterprise WPA network. Getting there was a lot of work. Some tools that helped me along were wpa_cli, which gives you a command line interface for checking on the status of your wireless connection. Issuing scan_results and status at the wpa_cli prompt gave me a lot of insight into what was going on - most importantly it reports if the wireless is scanning, if its connected, and if its authenticated. In addition to that, dmesg was very helpful - issuing dmesg in a terminal told me when my wifi firmware was bugging out, and upon seeing that I could stop and start the wireless interface and things would begin working normally again.
All said and done, its working very reliably with the only snafu being startup - it will not reliably connect to the network at startup. I usually have to stop and start the wireless interface before it will authenticate successfully, and dmesg points to the wireless firmware as the problem.
This site is best viewed in a standards compliant browser.