My university uses WPA2 Enterprise encryption for students to login their wireless. In NetworkManager I have keyed in everything that they needed
Everytime I try to connect, I get a window asking me to input my password over and over again
There is a bug report here: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1104476
A workaround is to remove the line
system-ca-cert=true
from the configuration file found in /etc/NetworkManager/system-connections/
Here's a work around.
Open a terminal (Alt + F2) and run the following commands:
cd /etc/NetworkManager/system-connections
sudo touch SSID #SSID is the name of the profile, e.g. eduroam
sudo nano SSID
Then edit the "SSID" profile as following:
[ipv6]
method=auto
[connection]
id=SSID #(e.g.EDUroam)
uuid=9e123fbc-0123-46e3-97b5-f3214e123456 #unique uuid will be created upon creation of this profile
type=802-11-wireless
[802-11-wireless-security]
key-mgmt=wpa-eap
auth-alg=open
[802-11-wireless]
ssid=SSID
mode=infrastructure
mac-address=0A:12:3C:DA:C1:A5
security=802-11-wireless-security
[802-1x]
eap=peap;
identity=studentid123123
phase2-auth=mschapv2
password=mypass123123
[ipv4]
method=auto
Modify the above file and it should work.
I had the same problem at work I followed the instructions and changed the system-ca-cert=false but I also had to go in and change the wireless driver settings once I made the changes it connected right up. check out the link where I got the info below
http://wireless.kernel.org/en/users/Documentation/wpa_supplicant
-o<driver> and -O<ctrl>
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service
[D-BUS Service]
Name=fi.epitest.hostap.WPASupplicant
Exec=/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log
User=root
[D-BUS Service]
Name=fi.epitest.hostap.WPASupplicant
Exec=/sbin/wpa_supplicant -u -onl80211 -O/var/run/wpa_supplicant
User=root
More recently, many eduroam deployments have broken on Ubuntu 22.04 LTS because they still use insecure renegotiation, which was deprecated by RFC 5746 in 2010 and for which OpenSSL dropped support for around March 2010 (along with TLS 1.0 and 1.1). Until your university fixes its network, you can re-enable insecure renegotiation by editing some config files.
The following steps were contributed to Launchpad Bug #1958267 by users "nfalse" (#22) and Simon Chopin (#36)
$ sudo cp /etc/ssl/openssl.cnf /etc/wpa_supplicant/
This will ensure that enabling TLS 1.0 applies only to WPA negotiations, which will mitigate the security impact of this change somewhat.
As root, edit the new config file:
$ sudo gedit /etc/wpa_supplicant/openssl.cnf
Then, find the following lines:
[openssl_init]
providers = provider_sect
Immediately thereafter, insert the following lines:
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
CipherString = DEFAULT@SECLEVEL=1
As root, edit /usr/lib/systemd/system/wpa_supplicant.service.
$ sudo gedit /usr/lib/systemd/system/wpa_supplicant.service
Find the following lines:
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecReload=/bin/kill -HUP $MAINPID
After BusName, insert Environment="OPENSSL_CONF=/etc/wpa_supplicant/openssl.cnf". The whole section should read as follows:
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
Environment="OPENSSL_CONF=/etc/wpa_supplicant/openssl.cnf"
ExecStart=/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
ExecReload=/bin/kill -HUP $MAINPID
You can either reboot your whole computer at this point or just run the following commands:
$ sudo systemctl daemon-reload
$ sudo systemctl restart wpa_supplicant.service
You might also need to specify the Domain of your enterprise by adding it before the username like so: Domain Name\Username beside commenting/deleting the above mentioned line..
I assume that you're using self-signed certificate (you said: "CA certificate is not needed"). If so, make sure that the certificate is trusted by you when establishing the connection.
