skip to content

eduroam Wi-Fi access in Linux

To connect to WPA secured networks in Linux, you will need the wpa_supplicant package, which should be pre-installed with most distributions. If this is not the case, you will need to install this package using the package manager for your distribution (for example apt-get install wpasupplicant in Debian).

TFurthermore, an SSL root certificate must be installed on your system which is needed to verify the RADIUS server certificate. In most cases, it is sufficient to download the Deutsche Telekom Root CA2 and save this locally, for example with the file name drrootca2.pem. The distributions store certificates in different locations: examples include /etc/cert or /etc/ca-certificates/.

Known problems

  1. It may be necessary to store the entire certificate chain up to the University of Cologne locally. For this purpose, download the certificate chain and save it as cachain.pem.
    Caution: Not all programs accept such a file with multiple certificates. Use this only if the individual certificate does not work for you.
  2. If you still cannot connect by using the two files suggesting above and you receive an error message similar to "OpenSSL: tls_connection_ca_cert - Failed to parse ca_cert_blob”, then please use this file Deutsche Telekom Root CA2 (binary)(CRT, 1kB). You can save this file as dtrootca2.pem.
  3. The encryption and authentication methods used by the DFN are now supported by many current wireless configuration tools. Should this not be the case for you, you could try using Wicd which is distribution independent.

Configuration using NetworkManager

We welcome your input on distribution-specific configurations, please send these via e-mail to the RRZK Helpdesk

In most distributions, you can configure access to the network using NetworkManager. Choose “eduroam” from the list of available networks (it may be hidden under “other networks”) and enter the following details:

Security: WPA/WPA2 Enterprise
Authentication:Protected EAP (PEAP)
CA certificate:the path to the previously downloaded certificate file
Internal authentication:MSCHAPv2
Username:The account name of your student or employee account with the suffix "" (including student accounts)
Password:The account password

If you have any questions or problems, please contact the RRZK-Helpdesk