[Cialug] Corp. WiFi

Jonathan C. Bailey jbailey at co.marshall.ia.us
Fri May 22 10:31:26 CDT 2009 

Just a guess, but could your company also require certificates for the machine side of the authentication? The PIN/fob may just be the user side of 2 factor..

-Jon

----- Original Message -----
From: jrnosee at gmail.com
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Friday, May 22, 2009 9:55:14 AM GMT -06:00 US/Canada Central
Subject: [Cialug] Corp. WiFi


Ok, my office is set up with a...dificult...wireless configuration. I'm convinced I'm almost online, but need a hand. Here's what I've got going on. 

Running Ubuntu 9.04 

Corp wifi config: 
Windows users use the Funk Software Odyssey Access Client (OAC) 
Hidden SSID - I do know what it is though. 
Looks like we use 8021x key handling (OAC shows WEP encryption generated automatically) 
Association Mode: open (?) 
Auth Protocol: EAP/TTLS 
TTLS inner Protocol: PAP/Token Card (we use RSA key fobs w/ generated numbers) 
Anonomous identity: anonomous 
identity: RAS keyfob userid 
password: pin+RAS keyfob 
company secured CA file... XXXXXX.cer 
- I converted this using openssl from der to pem and placed in /etc/ssl/certs/XXXXXX.pem (linked to .crt file..used the proper method to do this..can't remember it right now) 

I've tried to set this up using network manager. It's the closest I've gotten. 
It associates with the access point and attempts authorization. I don't have the whole error with me (laptop's at home right now) but I think this is the cause of my problem: 
"TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) wap_supplicant" 

tried wircd with mostly the same results 

tried using command line wpa_supplicant with .conf file and -dd for extra debugging since most things I saw on google reccomended this for testing. I can't get this method to associate with the hidden ssid access point. 

Anyone have any thoughts? I can post the full error if needed after work hours when I'm home. 

Thanks!! 

--Justin 

_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list