ARCHIVED: IU Secure wireless connections: Linux using Wicd
Wicd (Wireless Interface Connection Daemon) is an open source software utility for managing both wireless and wired networks for Linux. It is commonly used as an alternative to the GDE/KDE network manager.
On this page:
Preparation
Replacing the KDE network manager
Installing Wicd in place of the KDE network manger will typically leave behind remnants that will cause issues with connecting to a network with Wicd. To solve this, verify the following packages are removed:
modemmanager
network-manager
network-manager-openconnect
network-manager-openvpn
network-manager-pptp
network-manager-vpnc
knm-runtime
network-manager-kde
plasma-widget-networkmanagement
Restart your computer if any of these were removed.
Note: Under an Ubuntu-based distribution (such as
Kubuntu), these can typically be removed using your graphical package
manager or by initiating the command sudo apt-get purge
[package]
(where [package]
is replaced with each
item in the list above).
Obtaining a Thawte certificate
The IU Secure authentication server uses Thawte as its root certificate authority. You need a valid Thawte root certificate in Privacy-Enhanced Mail (PEM) format to connect to IU Secure. UITS recommends that you use the certificate installed with your operating system. If you do not have the root certificate installed, you can download it from Thawte Root Certificates.
After you download the thawte-roots.zip
file, extract the
Thawte Root Certificates/thawte Premium Server CA/Thawte Premium
Server CA.pem
file to your home directory. In many default
distribution installations, you can find the certificate in
/etc/ssl/certs/Thawte_Premium_Server_CA.pem
.
Connecting to IU Secure
Wicd comes with a default list of encryption templates; unfortunately, the most secure and suggested method for connecting to IU Secure is not provided by default. You will need to manually add an encryption template:
- Navigate to the
/etc/wicd/encryption/templates/
directory. - Use your favorite text editor (e.g.,
nano
orvim
) and create a file with the name ofIU
(this name can be changed, but be aware of case sensitivity). Add the following text to this file:name = IU version = 1 require identity *Identity password *Password optional ca_cert *Path_to_CA_Cert ----- ctrl_interface=/var/run/wpa_supplicant network={ ssid="$_ESSID" scan_ssid=$_SCAN proto=RSN WPA key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP eap=PEAP identity="$_IDENTITY" password="$_PASSWORD" ca_cert="$_CA_CERT" phase1="peaplabel=0" phase2="auth=MSCHAPV2" }
- Append the
IU
file that you just created to the file calledactive
in the same directory (/etc/wicd/encryption/templates/active
). You will need to restart Wicd or your computer itself for this template to be available. - Go through the list and find an "IU Secure" connection with
acceptable signal strength. Choose
- Use Encryption: Check
- Identity: Your Network ID username
- Password: Your Network ID passphrase
- Path to CA Cert: Provide a path to your proper certificate (see above).
and provide the
following information:
- Click
Note: You should be able to establish a connection with PEAP with GTC, but this is not recommended as it could place your passphrase at a security risk.
and attempt the connection on the same IU Secure
on which you changed the properties.
This is document bbtc in the Knowledge Base.
Last modified on 2018-01-18 17:19:08.