[wifi]

Connection of laptops and similar devices to the local computer network by cable is allowed only in designated places - currently in labs M105 and M104 and in the library C126. In any case, it is not allowed to disconnect PCs from the network and use these connections for your own notebooks (the connection will not work).

WiFi connection can be made wherever the signal reaches, no access point has restricted access.

Access to network is authenticated by the IEEE 802.1X protocol (often also known as 802.1x Enterprise) and the Radius server. The same type of authentication is also used to access the WiFi network SSID eduroam (for VUTBRNO only Web authentication is used). For authentication, PEAP (Protected EAP) with password authentication by MSCHAPv2 (preferred) or EAP-TTLS with password authentication by PAP can be used. Since the password is stored in the open form on the Radius server side, it is by no means possible to use standard Unix, IS FIT or VUTlogin passwords for this authentication. You must generate a special password for Radius server authentication in IS FIT (Password for Radius server). On Windows or Mac OS X, you only need to enter it once, then it is automatically remembered and used for the next authentication. On Linux systems, you can either use the utilities supplied with the distribution as part of the desktop, or use the manual wpa_supplicant tool.

Windows 7/10 Configuration

1. Click on search (start) button, type in services and launch the application.

2. Find Wired Autoconfig in the list and double click.

3. Set startup type to Automatic and click Start if the service is not running.

4. In systray right-click network icon and click Network & Internet Setting.

5. Click on Ethernet and then Change adapter options.

6. Right-click on Ethernet or Local Connection or whatever your ethernet adapter is named, then choose Properties

7. Now choose Authentication tab, select PEAP method and click Settings

8. In Additional setttings choose User authentication and click Save credentials - fill in your Radius username (i.e. login@fit.vutbr.cz) and Radius password.

Now your ethernet connection should authenticate. If you see following alert just click connect.

Note: your radius password must be generated in information system.

Linux/*BSD

Network Manager

As of Ubuntu 18.04 you can quite easily set the 802.1X connection using Network Manager, see screenshot below. There are two minor drawbacks however. The first, once 802.1X is set you cannot connect to unprotected wired network unless you switch 802.1X off again. And the second, once you switch 802.1X off and on, you have to set it up again.

Note: keep in mind your username consists of your faculty login plus domain of the radius server (i.e. fit.vutbr.cz, for both staff and students); the password is special Radius password which may be obtained in faculty information system.

Xsupplicant

If the above does not work you may try to use opensource Xsupplicant. Default configuration directory is /usr/local/etc/1x. First we need certificate of BUT certification authority here:
wget http://ca.vutbr.cz/pki/pub/cacert/cacert.pem 
Then create configuration file /etc/xsupplicant.conf:
logfile = /var/log/xsupplicant.log
startup_command = "dhclient %i"

default {
    allow_types = eap_peap

    # login = FIT_LOGIN@fit.vutbr.cz for staff and students
    # @fit.vutbr.cz is Radius server domain (may be used
    # with Radius servers interconnected in EduRoam network)
    # password is Radius server password you can obtain in faculty information system
    identity = "login@fit.vutbr.cz"

    eap-peap {
    	inner_id = "login@fit.vutbr.cz"
	root_cert = /etc/certs/cacert.pem
	chunk_size = 1398
	random_file = /dev/urandom
	cncheck = radius.fit.vutbr.cz
	session_resume = yes
	allow_types = eap_mschapv2
	eap-mschapv2 {
            password = "password"
        }
    }
}

Back to guides

Send comments to michal@fit.vutbr.cz

Back to top