If you’ve set-up an Arch Linux installation, and you’ve used
you’ve used netctl before and didn’t even know it.
… a CLI-based tool used to configure and manage network connections via profiles. It is a native Arch Linux project for network configuration.
I used to think that the
wifi-menu dialouge was a cute little installer helper
program, but I learned later, that it can be used to automatically generate
/etc/netctl that you can subsequently use to reconnect to network
# netctl start INTERFACE-SSID
… where INTERFACE is the name of your wireless interface device (see below) and SSID is the “name” of the network.
I was a little disappointed (but not too shocked) when
wifi-menu failed to
connect to the University of Cincinnati’s
Securewireless network. This short
guide will discuss the steps needed to connect to
netctl, and discuss why these extra steps are needed.
Connect to Securewireless — tl;dr
Create and edit the file
/etc/netctl/INTERFACE-Securewireless as root (using
sudo). Note that INTERFACE should be the name of your wireless interface.
ip link to find out what it is. While the interface prefix is not
mandatory, it does help you stay organized,
wifi-menu adds it by default, and
you’ll need it below.
Connection='wireless' Interface=INTERFACE Security='wpa-configsection' Description="UC eduroam-like network" IP='dhcp' TimeoutWPA=30 WPAConfigSection=( 'ssid="Securewireless"' 'key_mgmt=WPA-EAP' 'identity="UC_USER_NAME"' 'password="UC_CENTRAL_LOGIN_PASSWORD"' )
INTERFACE is your wireless interface as described above,
UC_USER_NAME is your 6+2 user name without the domain suffix (e.g. smithbb1
not firstname.lastname@example.org), and
UC_CENTRAL_LOGIN_PASSWORD is the central
login password that you use for all of your UC services. (Leave in the quotes
around the actual username and password.)
The magic is in the
WPAConfigSection. This allows you to
step outside of simple WEP/WPA/WPA2 shared passphrase paradigm and set the
security stack exactly how you need as if you were setting up
by hand. There’s a lot you can do here, like connect to an eduroam
network or use another pre-agreed upon security certificate, but UC’s setup is
pretty simple. If you need to see all of the settings you can put in the
WPAConfigSection, see the manual page for
wpa_supplicant or look at a sample
University of Cincinnati uses WPA Enterprise much like other universities.
According to UC’s IT Handbook (last page)(pdf),
- WPA2 Enterprise Security
- Protected Extensible Authentication Protocol (PEAP)
- No enterprise security certificate
Through trial and error, I found the simplest
WPAConfigSection needed to
ssid is set to
Securewireless, the name of UC’s
key_mgmt=WPA-EAP tells the WPA supplicant to use and
password through (Protected) Extensible Authentication Protocol to connect to
I hope that this either helps you connect to
Securewireless at UC or points
you in the right direction for creating a profile to connect to your WPA
Enterprise network at your school/work.