Configuring WPA supplicant
You can use the example files on the devices to configure the WPA supplicant: /setup/scep/wpa.conf.*
-
Create an individual wpa.conf configuration file.
By default, the file contains the following information:
Copyctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=0
network={
key_mgmt=IEEE8021X
eapol_flags=0
eap=TLS
identity="<Common Name as specified in certificate>"
priority=6
ca_cert="/setup/cacerts/scep/serverca.pem"
client_cert="/setup/cacerts/scep/client.pem"
private_key="/setup/cacerts/scep/client.key"
}Add further entries according to your CA implementation.
You can specify the certificate file and path in one of the following ways, for example if you access an external root certification authority. Note that only one file may be referenced via ca_cert. However, this file may contain several certificate entries.
Copyca_cert="/setup/cacerts/<root_extern>.pem"
ca_cert="/setup/cacerts/<subordinate_int>.pem"
ca_cert="/setup/cacerts/<radius>.ssl"If the RADIUS certificate contains the NetBIOS name instead of the FQDN, you may use the following entry:
The spelling and case-sensitivity of the certificate file names must be identical to the names of the transferred certificate files.
-
If you want to use TPM 2.0 via WLAN, add the following engine parameters for the network:1
Copy...
network={
ssid="WLAN-ABC"
scan_ssid=1
key_mgmt=WPA-EAP
proto=WPA2
eap=TLS
engine=1 # Value must always be 1
engine_id="tpm2tss" # Private Key is taken from TPM 2.0 module
dentity="__IDENTITY__"
priority=6
ca_cert="/setup/cacerts/scep/serverca.pem"
client_cert="/setup/cacerts/scep/client.pem"
private_key="/setup/cacerts/scep/client.key" # Public part
} -
To transfer the wpa.conf file to the devices, use the Scout feature Files configured for transfer. Use the following destination:
LAN setup/scep/ WLAN setup/wlan/ For further information, see Advanced device configuration > Files in the Scout guide.
Use of multiple WiFi networks
-
To use multiple SSIDs, set the network entry multiple times.
Example:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1
network=
{ ssid="" scan_ssid=1 key_mgmt=WPA-EAP eap=TLS identity="" priority=5 ca_cert="" ca_cert="" client_cert="" private_key="" }
network=
{ ssid="" scan_ssid=1 key_mgmt=WPA-EAP eap=TLS identity="" priority=6 ca_cert="" ca_cert="" client_cert="" private_key="" }
Use of variables
For identity and host name, you can alternatively set variables:
Spelling | Description | Other |
---|---|---|
%IDENTITY% | Common name from certificate | For compatibility reasons, the legacy spelling before eLux RP 6.9.100 (variable name in uppercase letters and 2 x 2 underscores is still supported. Example: __IDENTITY__ |
%HOSTNAME% | Hostname from terminal.ini |
Variables may also be used for a part of a value. Prefixes and suffixes of a variable are pure strings that are passed through.
Example: identity="host/%HOSTNAME%"
For further information on configuring 802.1X for WLANs, see WPA support in the Scout guide.