Setting up wicd for WPA2 PEAP without a domain field - demu.red

Legacy Setup

Until recently, I had relied on wifi settings cached by nm-applet. I had already started using wicd-curses months ago, after killing almost everything gnome related from my install. When my laptop stopped auto connecting to known access points, I got around to becoming familiar with wicd's interface.

Networks

At my college, I had a bit of an issue. There are two wifi connections at school. One is a crappy captive portal based login, that seems to force you to login every five minutes. It also tends to be broken at the start of every semester, due to all the new people trying to get on it.

The second connection is the NAME-secure wifi, that you must connect to using your school credentials. This one works well, once you find the magic℠ (undocumented) settings. I assume the IT department doesn't realize the need for this documentation, as windblows/android/mac/ios can guess the magic℠ settings on their own. Even when I was using nm-applet, I had to annoy the IT people into telling me the right combination of settings...

wicd

Anyway, having those settings in the nm-applet conf files gave me a head start this time. I needed to use WPA2 PEAP, with MSCHAPv2. So I bring up wicd-curses, go to the connection settings, toggle on 'autoconnect' and 'use encryption' and 'Use these settings for all networks sharing this essid' (as there are many of these throughout different buildings). At this point, I check my encryption options, and there is 'WPA2-PEAP with CCMP/MSCHAPV2'! Great, this will be easy! Err... nevermind.

It asks for a 'domain' field, something the magic℠ settings don't use...

wicd Templets

At this point, I learn how wicd works, and find that it has templates. In /etc/wicd/encryption/templates I find that is /etc/wicd/encryption/templates/wpa2-peapis 'WPA2-PEAP with CCMP/MSCHAPV2' and read through it.

name = WPA2-PEAP with CCMP/MSCHAPV2
author = atiketemola
version = 1
require identity *Username domain *Domain password *Password
protected password *Password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
    ssid="$_ESSID"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    eap=PEAP
    identity="$_DOMAIN\$_IDENTITY"
    password="$_PASSWORD"
    phase2="auth=MSCHAPv2"
}

Simple enough fix, I copy it to /etc/wicd/encryption/templetes/wpa2-peap-nodomain and edit:

name = WPA2 PEAP No-Domain
author = demure
version = 1
require identity *Username password *Password
protected password *Password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
    ssid="$_ESSID"
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP
    eap=PEAP
    identity="$_IDENTITY"
    password="$_PASSWORD"
    phase2="auth=MSCHAPv2"
}

Perfect, now it should work!

Err, maybe not...

The template part of the man page doesn't mention it, but you need to edit /etc/wicd/encryption/templates/active for new templates to show up.

While I'm at it, why don't I just put WPA2 options at the top.

wpa2-leap
wpa2-peap
wpa2-peap-nodomain
wpa
wpa-peap
wpa-psk
wpa-psk-hex
wep-hex
wep-passphrase
wep-shared
leap
ttls
eap
peap
peap-tkip
eap-tls
psu

And now there is wifi.

wicd

- demure