Unable to connect to college's eduroam wpa2 wifi

spacebanana · October 2, 2023, 11:20am

Hello
I am unable to connect to my college’s eduroam network on NixOS. It uses peap wpa2 wifi.

On Debian and Arch, the solution was to simply install the iwd package, but I cannot get this to work on NixOS.

I tried adding the following lines to my configuration.nix:

networking.wireless.iwd.enable = true;
networking.networkmanager.wifi.backend = "iwd";

This did not work at all, and the second line makes all my wireless networks unavailable.
I also tried setting a custom configuration:

  networking.wireless.iwd.settings = {
  	Security = {
  		EAP-Method="PEAP";
 	 	EAP-PEAP-Phase2-Identity=******;
  		EAP-PEAP-Phase2-Password=******;
		EAP-PEAP-Phase2-Method="MSCHAPV2";
  	};
	Settings = {
		AutoConnect = true;
	};
  };

I censored the identity and password here.

I also tried this solution, but building my new configuration resulted in the following error:

building Nix...
building the system configuration...
error:
       … while calling the 'head' builtin

         at /nix/store/bfg7xzgvbhxhs7vnl7lynaxmjhmvc4j0-nixos/nixos/lib/attrsets.nix:820:11:

          819|         || pred here (elemAt values 1) (head values) then
          820|           head values
             |           ^
          821|         else

       … while evaluating the attribute 'value'

         at /nix/store/bfg7xzgvbhxhs7vnl7lynaxmjhmvc4j0-nixos/nixos/lib/modules.nix:807:9:

          806|     in warnDeprecation opt //
          807|       { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          808|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: getting status of '/etc/nixos/eduroam.patch': No such file or directory

Neither of these attempts worked, does somebody know how a possible solution to make eduroam wpa2 to work or tell me if I did something wrong?

Silica · October 3, 2023, 12:11am

I used the official eduroam installation script to set it up on my NixOS laptop, you can download it here. I think to run it, I also needed the dconf python package, but that might also depend on the desktop environment (I use KDE). In my NixOS config, I’m pretty sure that I’ve only set the option:

networking.networkmanager.enable = true;

eadwu · October 4, 2023, 12:04am

Try

[Security]
EAP-Method=PEAP
EAP-Identity=anonymous@XXXX.edu
EAP-PEAP-Phase2-Method=MSCHAPV2

[Settings]
AutoConnect=true
AlwaysRandomizeAddress=true

Then you should be able to enter your credentials (through iwctl).

Filename was eduroam.8021x - don’t recall if this was extremely important.

spacebanana · October 4, 2023, 11:20am

Thanks everyone, I’ll try these methods in college when I get the chance and then I’ll tell if it worked

TLATER · October 4, 2023, 11:35am

Fyi, if this doesn’t work, despite eduroam’s claim to allowing you just to log in from any educational facility, often the details of the specific institution’s implementation differs in subtle ways usually ignored by GUI connection managers, but can trip up at least wpa_supplicant.

Specifically, I recall the phase2 differing between at least three institutions.

It’s been a while since I last fought it, but if that doesn’t work, try setting it up with something like networkmanager, and then inspecting the actual network settings. Or maybe iwd or wpa_cli supports scanning for that nowadays.

Or maybe I reverse engineered their “installer”, it’s a bash script that expects you to use networkmanager if I’m not mistaken.

I should also advise you to get your hands on a copy of your institution’s public key. Normally it’s downloaded and kept on first authentication, but this does not happen automatically with the cli connection managers.

This error smells like you’re not telling us something, by the way. Where is nix getting that file path from?

nessdoor · October 13, 2023, 10:54pm

It’s far worse now, it’s an auto-generated Python script with dead code everywhere.

Anyway, in my case I got the connection barely working by looking at the manual settings my university published on the Internet, but I get very frequent disconnections that taste like authentication misconfiguration.

eadwu · October 14, 2023, 4:54am

Part of the rationale for my “minimal” eduroam configuration was partly due to the disconnections. Trying to copy the network configuration did not fare well.

Configure only the essentials, and then let the network subsystem do the rest. In my case I ended up always having to explicitly type in the username and password but it always worked fine.