Sunday, August 24, 2014

UGA PAWS-Secure connection (Fall 2014)

UGA PAWS-Secure connection (Fall 2014)

 What you need to get online:
A UGA account is required. If you have a UGA email address and Student login, then your one step closer to completing this.

 These directions assume you are running Arch Linux and have the AUR repository configured.

 I have not tried this using the network management tool for Gnome or the standard one for KDE, however instructions should be similar.

Arch Linux

Connect to the UGA guest network or Ethernet

Verify connection with the Internet ... 
i.e. ping www.google.com from a terminal window (konsole or tty0)

Install Yaourt
In my opinion, yaourt makes this easier.
Refer to the instructions on Arch Linux wiki for yaourt installation.

  • yaourt plasma-applets-networkmanagement
  • Logout of KDE and back in

Add the new Network Management widget:

  1. Click the Cashew (desktop widgets tool).
  2. Add Widget.
  3. Search for network.
  4. Add Network Management widget to the panel and left-click it.
  5. Choose "Manage Connections"
  6. If PAWS-Secure was previously configured, choose from the list of connections and delete as it could interfere with this process.

Add your connection:

  1. Click the Add dropdown menu
  2. Choose Wireless connection
  3. Choose Scan
  4. Select the closest PAWS-Secure from the map (there may be many to choose from)
  5. Name the connection using the Connection Name option box at the top (i.e. PAWS Secure)
    (Reference images below)
  6. Click the Wireless Security Tab
  7. Chen Click the Security option dropdown
  8. Choose WPA/WPA2 Enterprise
  9. Click the Authentication dropdown
  10. Choose Protected EAP (PEAP)
  11. Leave the Anonymous Identity field blank
  12. Leave the CA Certificate blank
  13. Check the box beside the "Use System CA Certs" option
  14. Leave Subject Match option blank
  15. Leave Alternative Subject Match blank
  16. Set PEAP Version to Automatic (default)
  17. Set Inner Authentication as MSCHAPv2 (default)
  18. Enter Username (without @uga.edu)
  19. Enter password
  20. Choose Store (default)
  21. Click ok

PAWS Secure - most options
KDE Network Management
with Most configurations set


Previous version from 2013 (AUR repos)
KDE Network Management
applet version 0.9.0.9 (2013 from AUR)


This should connect without issue as I've tested and confirmed this to work without issue on 2 separate laptops with both versions 0.9.0.9 from 2013 and Version 0.9.0.11 (nm09 20140423).
Posted by at No comments:

Sunday, August 11, 2013

UGA Network Login on Linux the Manual method

This blog post is a simple howto on getting your UGA - University of Georgia in Athens, GA - wireless connection working on Linux. 
If you have Ubuntu, then you can use the installer package they provide if you so desire... My guide below works well for Arch Linux and Fedora with the KDE desktop. YMMV for other desktops such as Gnome, but should work similarly if you are using NetworkManager GUI interfaces.

What you need to get online:
First and foremost is a UGA account. If you have a UGA email address and Student login, then your one step closer to completing this.
Before you proceed with the steps below, call the UGA Network help desk and verify your account. Please note that all accounts were reset for the 2013 Fall Semester. 
Tell them you are running Linux as they seem to be a bit more receptive since I've created and provided these directions to their IT department.

First - Get Connected via Ethernet:
  1. Run ifconfg via the terminal and get your Ethernet MAC address.
    Provide the MAC address to the admins
  2. Since this is Linux there is no need to restart the system, but they will tell you to do so.
  3. Stop and start the interface after the time they have said to wait... Normally 10 minutes.
  4. Once you have connected, you will be "authenticated" via their DHCP and a so-called static IP assignment that is tied to your system via the MAC address and your UGA account.
Note that the network may require authentication with your UGA username and password

Wireless Setup: 
  1. Connect to the UGA Welcome network (open wireless unsecured, non-routable network) or just use your just setup Ethernet connection.
  2. Locate and download the Manual configuration tar.gz and extract the contents. 
  3. If you can't find the file, contact the IT department for the direct link as they tend to move things around from time to time. 
  4. Extract the contents of the tar.gz file. 
  5. Open the network_config.xml and search for the Certificate text block. 
  6. This will have "----BEGIN CERTIFICATE-----" and will end with  "-----END CERTIFICATE----- ". 
  7. Note: This xml file contains identical multiple copies. 
  8. Copy and save the CA Certificate by selecting everything between the "----BEGIN CERTIFICATE-----  and -----END CERTIFICATE----" for just one instance of the certificate.

Example Certificate: 
-----BEGIN CERTIFICATE----- 00:dd:3c:f6:9a:be:d2:66:20:0c:7d:0c:ae:bc:18: cc:f4:e8:89:8d:16:b3:5c:16:75:06:33:f9:08:4f: d6:9b:f4:6b:e7:4d:0f:44:af:8b:87:dc:79:78:93:e8:e4:20:19:df:f0:0d:04:4d:2c:4c:ad:19:b0:31:8c:6a:4d:a6:d6:0e:e8:ae:e2:37:75:8d:d5:1e:a2: 31:15:3c:f4:4d:ad:5d:f8:d0:23:c2:72:de:e2:73:9b:ef:f7:84:25:b0:cf:92:4d:39:4a:18:41:ac:91:81:28:ac:5b:f2:7d:74:e2:8f:f9:a7:c1:c0:b1:93: dd:cd:b1:4c:23:23:63:27:30:4c:da:8e:72:e4:0d:77:c2:22:e2:b4:43:bb:9d:ca:36:59:fc:98:91:0c:da:c4:2c:34:03:0c:e5:91:51:e2:23:20:ae:68:5e: 30:8f:9e:f5:a5:2c:e4:bf:ab:2f:fb:82:03:31:b4:ff:5e:90:a8:f0:be:b0:4d:aa:f3:af:2c:27:42:c8:7e:7a:d2:c3:e8:5b:53:8d:86:db:ae:f6:7c:45:03: 35:b6:52:9d:a0:c1:e0:da:ac:6b:68:05:7e:f8:73:41:62:63:56:b3:47:6e:11:d8:d4:6c:92:be:65:aa:f2:a5:72:3d:4e:d9:d2:e2:8d:42:92:3e:cf:39:f9: 63:89==-----END CERTIFICATE-----
Save what you copied as a a file in your home directory - my example above is fake and will not work. I made a separate hidden directory called ".UGA" in my /home/username directory named “UGA-PAWS-Secure.cert”. Having the directory as hidden prevents you or a friend from deleting by mistake. 
Find the "mydc00.msmyid.uga.edu, mydc06.msmyid.uga.edu" URLs also in the same xml file and save them to a temporary file for the Create a New Connection step below.

Summary steps if you already know what you are doing:
  1. Create a new connection using the Network Manager tools in KDE
  2. Click the Add... drop down 
  3. Choose Wireless
  4. Click Scan to find the networks
  5. Click PAWS-Secure or type “PAWS-Secure” into the SSID: field 
  6. Select the Wireless Security tab
  7. Click the Security dropdown
  8. Choose “WPA/WPA2 Enterprise”
  9. Click the Authentication dropdown 
  10. Choose “PEAP”
  11. Enter your UGA username in the Identity: field 
  12. Check System connection
  13. Firewall zone: Default (or more secure if you want).

Lets Do This!! 

Create a New Connection
  1. Attempt to connect to the UGA PAWS Secure wireless network... 
    You may need to choose the Scan option to locate the closest wireless node.
  2. Open the Network-Manager (kde or gnome)
  3. Enter the "PAWS-Secure" SSID. 
  4. Mode: Infrastructure 
  5. Switch to the next tab "Wireless Security"
  6. Select Security: "WPA/WPA2 Enterprise"
  7. Enter your 'Anonymous Identity' as your "UGA Username" without the uga.edu extension.
  8. Select Authentication: "Protected EAP (PEAP)".
  9. Select the CA Certificate you saved in Step 3 above.
  10. Open the network_config.xml from UGA tar.bz2 file.
  11. Search for the word "mydc" from the top of the xml file - unless you copied them earlier.
  12. Copy both server addresses (like listed in the examples) to a temporary file.
  13. Edit and replace the ";" with ", " as in the example below
    and be sure to include the space after the comma.
  14. The URLS I last used were: "mydc00.msmyid.uga.edu, mydc06.msmyid.uga.edu"
  15. Enter the above values into the box or click the drop down button
  16. You will need to add the values individually.
  17. Keep 'PEAP Version' as "Automatic"
  18. Select 'Inner Authentication:' as "MSCHAPv2"
  19. Enter your UGA 'Username': "username@uga.edu"
  20. Enter your 'Password:' "UGA user password"
  21. Choose "Store" if you don't want to keep typing it everytime you want to connect wirelessly.
  22. Click "OK" to save.
  23. Enjoy Secure UGA Wireless!!
P.S.
If you know sed, awk and grep, and use those to extract each of the items needed to accomplish this task, please post it in the comments to this blog or send me an email. It will be posted on this site to help other UGA students.

I'm not on campus - I set this up for my daughter when we helped her move in, but I have some screenshots that I need to get posted. If you have screenshots, please send them my way and I'll post them.
Posted by at 3 comments:
Subscribe to: Comments (Atom)