Since I own a Raspberry Pi, I experimented a lot with that incredible device. It has so many capabilities and for a price of 45 € to about 60 € (depends on your needs and if you want accessories) you get a device you can pretty much do everything with. I used it as Samba4 PDC, a DAAP media server and so on. It is pretty neat for experimenting and developing your skills but when it comes down to get a greater insight in providing productive Active Directory services, you feel way more confident with an actual Windows Server PDC. All in all I am fascinated what a great job the guys from the Samba project have done over the years. I started with configuring Samba2. With version 4 it is even possible to deploy and administer GPOs for XP and Win7 in a very effective way. Sorry to wander from the subject but certain things need to be said.
Nevertheless let us talk about Raspbmc, which i know installed on my Raspberry Pi for primary use. I tested all the 3 major XBMC editions and got stuck with Raspbmc because it supported most of my needs, e.g. install separate software, tools and with the most recent version it got a lot quicker in responding and speed. Furthermore Raspbmc is the only of the major distributions that supports fast forward and rewind when using SMB shares as a source. With OpenELEC for example, you would not be able to use apt and therefore not be able to use 802.1x as an authentication method for WiFi access.
Finally we got 802.1x and Raspbmc. 802.1x is a standard for authentication in networks and got pretty common for WiFi networks in organizations and universities. It has great potential because you use a RADIUS server for authentication and you can secure the connection with e.g. EAP-TLS and PEAP. We could talk more about that but I think people reading this article may just want to know how to get Raspbmc to work with that so-called WPA Enterprise. We are almost there, seriously. In this article I am providing a method which describes connect to a 802.1x secured network with PEAP-MSCHAPv2 since this is the most common used methods in university and organizational WiFi networks. The method would be the same for EAP-TLS and certificates. Please refer to the link on the end of this article for the necessary commands. This solution might not look very elegant at first but there actually is no way to get this working through the UI, because none of the distributions included it until now, although it would not be a lot of work to actually do this. So let us get started!
At first we need to make sure that WiFi on the Pi is completely unconfigured. For this delete the SSID and the WPA/WPA2-PSK settings in the Pi UI, and just to make sure, reboot the device. We need to do this because Raspbmc always is trying to reset settings according to the defined ones in the UI. I think the best way to get this whole thing up and running is to use the ethernet interface of the Pi. Configure your computer to share an internet connection (Note: 802.1x connections can not be shared on most systems) or use a the wired network if available. Sharing your WiFi connection on your computer will setup a DHCP server too, so you do not have to worry about IPs. The best way would be to use an existing wired network. We need an internet connection because we need apt to install some software.
UPDATE
It seems that either raspmc or Raspbian itself changed the way network-manager is used by the it. Although I think it all has to do something with providing the certificate of the RADIUS server, which is now necessary. Nevertheless I figured out an easier way to connect to a WPA Enterprise network. Especially changing from WPA Enterprise to WPA/WPA2 PSK networks and back is now easier.
SSH into your Pi:
ssh pi@10.0.0.2
sudo -s
Now wpasupplicant is installed by default. If an interface is not configured via /etc/network/interfaces, then it will be configured via NetworkManager which the new version of raspbmc apparently now uses to configure wireless and wired networks. So if we configure it via the interfaces file for WPA Enterprise it should be using this configuration first. To switch back to the configured settings via gui, one simply comments out the entries in the interfaces file.
What is necessary is to copy the RADIUS certificate to some location on the pi. There are many ways on how to obtain it, google or your network administrator may be your friend here. I copied mine to /certs/radius.pem
Here are the two example files. (wpa_supplicant.conf has to be generated from scratch).
/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="SobieskiNET"
key_mgmt=WPA-EAP
eap=PEAP
ca_cert="/certs/radius.pem"
identity=“username”
password=“password”
phase2="MSCHAPV2"
}
/etc/network/interfaces
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
Now simply reboot the pi and it should connect. I’m going to try the switching by commenting out the lines in interfaces and setting some other WiFi via gui to check whether it primarily uses the configuration in the interfaces file, or if it interferes with NetworkManager. I’m currently using the method above and have not changed anything in the gui on the basis of an installation from scratch.
LINKS
http://w1.fi/wpa_supplicant/
https://achtnullzwei.wordpress.com/2013/10/30/raspbmc-with-wpa-enterprise-802-1x/
扫一扫
1659
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
