ARCHIVED: IU Secure wireless connections: Linux using Wicd

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Wicd (Wireless Interface Connection Daemon) is an open source software utility for managing both wireless and wired networks for Linux. It is commonly used as an alternative to the GDE/KDE network manager.

On this page:

Preparation

Replacing the KDE network manager

Installing Wicd in place of the KDE network manger will typically leave behind remnants that will cause issues with connecting to a network with Wicd. To solve this, verify the following packages are removed:

  • modemmanager
  • network-manager
  • network-manager-openconnect
  • network-manager-openvpn
  • network-manager-pptp
  • network-manager-vpnc
  • knm-runtime
  • network-manager-kde
  • plasma-widget-networkmanagement

Restart your computer if any of these were removed.

Note: Under an Ubuntu-based distribution (such as Kubuntu), these can typically be removed using your graphical package manager or by initiating the command sudo apt-get purge [package] (where [package] is replaced with each item in the list above).

Back to top

Obtaining a Thawte certificate

The IU Secure authentication server uses Thawte as its root certificate authority. You need a valid Thawte root certificate in Privacy-Enhanced Mail (PEM) format to connect to IU Secure. UITS recommends that you use the certificate installed with your operating system. If you do not have the root certificate installed, you can download it from Thawte Root Certificates.

After you download the thawte-roots.zip file, extract the Thawte Root Certificates/thawte Premium Server CA/Thawte Premium Server CA.pem file to your home directory. In many default distribution installations, you can find the certificate in /etc/ssl/certs/Thawte_Premium_Server_CA.pem.

Back to top

Connecting to IU Secure

Wicd comes with a default list of encryption templates; unfortunately, the most secure and suggested method for connecting to IU Secure is not provided by default. You will need to manually add an encryption template:

  1. Navigate to the /etc/wicd/encryption/templates/ directory.
  2. Use your favorite text editor (e.g., nano or vim) and create a file with the name of IU (this name can be changed, but be aware of case sensitivity). Add the following text to this file: 
      name = IU
  version = 1
  require identity *Identity password *Password
  optional ca_cert *Path_to_CA_Cert
  -----
  ctrl_interface=/var/run/wpa_supplicant
  network={
  ssid="$_ESSID"
  scan_ssid=$_SCAN
  proto=RSN WPA
  key_mgmt=WPA-EAP
  pairwise=CCMP TKIP
  group=CCMP TKIP
  eap=PEAP
  identity="$_IDENTITY"
  password="$_PASSWORD"
  ca_cert="$_CA_CERT"
  phase1="peaplabel=0"
  phase2="auth=MSCHAPV2"
  }
  3. Append the IU file that you just created to the file called active in the same directory (/etc/wicd/encryption/templates/active). You will need to restart Wicd or your computer itself for this template to be available.
  4. Go through the list and find an "IU Secure" connection with acceptable signal strength. Choose Properties and provide the following information:
    • Use Encryption: Check
    • Identity: Your Network ID username
    • Password: Your Network ID passphrase
    • Path to CA Cert: Provide a path to your proper certificate (see above).

  5. Click OK and attempt the connection on the same IU Secure on which you changed the properties.

    Note: You should be able to establish a connection with PEAP with GTC, but this is not recommended as it could place your passphrase at a security risk.

Back to top

This is document bbtc in the Knowledge Base.
Last modified on 2018-01-18 17:19:08.