问题:
最近新电脑装的ubuntu22.04连接校园网发现连不上了,查阅文档发现问题出在ubuntu22上,ubuntu用的是非安全认证,所以很多校园网包括eduroam都崩了,所以要手动enable
这里不论需不需要ca证书应该都能解决这部分问题,解决不了的小伙伴记得看看自己的CA证书名字是不是带空格,带空格记得删掉
解决方法参考这篇文章
https://askubuntu.com/questions/279762/how-to-connect-to-wpa2-peap-mschapv2-enterprise-wifi-networks-that-dont-use-a-c
第一步:
Create specific openssl.cnf for wpa_supplicant
$ sudo cp /etc/ssl/openssl.cnf /etc/wpa_supplicant/
This will ensure that enabling TLS 1.0 applies only to WPA negotiations, which will mitigate the security impact of this change somewhat.
第二步:
Enable legacy TLS in the copied config file
$ sudo gedit /etc/wpa_supplicant/openssl.cnf
找到下面几行
[openssl_init]
providers = provider_sect
在后面插入
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
CipherString = DEFAULT@SECLEVEL=1
第三步:
Make wpa_supplicant use the new configuration
As root, edit /usr/lib/systemd/system/wpa_supplicant.service.
$ sudo gedit /usr/lib/systemd/system/wpa_supplicant.service
找到下面几行
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecReload=/bin/kill -HUP $MAINPID
改成
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
Environment="OPENSSL_CONF=/etc/wpa_supplicant/openssl.cnf"
ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecReload=/bin/kill -HUP $MAINPID
第四步:
Restart the wpa_supplicant
$ sudo systemctl daemon-reload
$ sudo systemctl restart wpa_supplicant.service
然后就能解决问题了