Connecting to eduroam on Linux (at Carnegie Mellon)

2021-10-25

Somehow the posted instructions on connecting to eduroam or other WPA-EAP networks never work. But some small tweak works 🙄. Here’s what it took to get eduroam and CMU-SECURE working for me at CMU using iwd:

Connecting to eduroam using iwd

Create /var/lib/iwd/eduroam.8021x:

[Security]
EAP-Method=PEAP
EAP-Identity=anonymous@andrew.cmu.edu
EAP-PEAP-Phase2-Method=MSCHAPV2
EAP-PEAP-Phase2-Identity=USERNAME@andrew.cmu.edu

[Settings]
AutoConnect=true

Now iwd will connect to eduroam.

Connecting to CMU-SECURE

The only difference is to use

EAP-PEAP-Phase2-Identity=USERNAME

instead of USERNAME@andrew.cmu.edu.

Using NetworkManager

If you want to use NetworkManager, then set it to use iwd as a back-end. Edit /etc/NetworkManager/NetworkManager.conf to include:

[device]
wifi.backend=iwd

The Arch Linux Wiki has a lot more info.

Not prompting for a password

The above will prompt you for a password every time you need to connect. If you want to avoid that you can add the line

EAP-PEAP-Phase2-Password=your-password

to the [Security] section in eduroam.8021x. This stores your password in clear text, which is obviously not ideal. You can alternately store an md4 hash of your password as follows:

  1. Temporarily disable the history feature of your shell. On zsh you can do this by

    $ HIST_NO_STORE=1

  2. Get the md4 hash:

    $ echo -n "your-password" | iconv -t utf16le | openssl md4 -provider legacy
(stdin)= ba15efd8f2cb03eb12b34998a35133cc

    Copy the password hash (everything after the equals sign) for use in the next step.

  3. Add the following line to the [Security] section in eduroam.8021x:

    EAP-PEAP-Phase2-Password-Hash=(paste password hash from above)

🗫 Comments

  • Anonymous
    Wow

    Anonymous (2023-02-04 02:50:20 EST)

    I was beating my head against a virtual wall for 8+ hours trying to figure out for the life of me how to connect to eduroam while installing archlinux. You are the ONLY person who has provided an actual solution, not even arch linux’s docs had the right answer. THANK YOU from the bottom of my soul.

  • Gautam Iyer
    Re: Wow

    Gautam Iyer (2023-02-04 10:40:13 EST)

    😄 Happy it helped.

📮 Leave a comment (Spammers beware: All comments are moderated)

Sorry. There was an error submitting your comment. Please try again, or contact me if the problem persists.
Sending comment; please wait.
Thanks. Your comment was successfully submitted. It will appear here shortly if it isn't spam.