# Connman fails due to case-sensitive settings

Hi,

I am not an expert at this topic, so I'll try to describe as detailed as possible, how I am able to connect to the WLAN at my university (using my laptop running Arch Linux as well as using my Jolla with a manual configuration/connman disabled) and what seems to be the problem using Jolla with connman.

This is my working wpa_supplicant config file for the laptop:

network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=TTLS
proto=WPA RSN
anonymous_identity="anonymous@uni-xyz.de"
ca_cert="/path/to/certificate/Deutsche_Telekom_Root_CA_2.crt"
phase2="auth=PAP"
}


which as well works with wpa_supplicant on my Jolla if I configure the WLAN adapter manually, i.e. step by step:

# first I have to kill connman
devel-su
systemctl stop connman
# setting up wpa_supplicant
wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant/eduroam.conf
# I get an IP-address with udhcpc that has to be added manually
udhcpc -iwlan0
# The default gateway and DNS information stay constant
ip route add default via 'address of default gateway at my uni'
# then I add some lines to /etc/resolv.conf:
domain nac.uni-xyz.de
nameserver <nameserver ip>


This leads to a working internet connection but obviously is not very comfortable, because connman has to be stopped...

I have tried to create a connman config file /var/lib/connman/wifi_eduroam.config with the following content but there is a problem while trying to set up the connection.

/var/lib/connman/wifi_eduroam.config

[service_eduroam]
Type=wifi
Name=eduroam
EAP=TTLS
CACertFile=/path/to/certificate/Deutsche_Telekom_Root_CA_2.crt
Phase2=PAP
Identity=myidentity@uni-xyz.de
Passphrase=mypassphrase


I guess, that the connection fail is linked to the lack of a config parameter for anonymous_identity in connman according to connman/connman.git.

Well, as I already said, I am not an expert, so please forgive me, if this problem has been solved already or if there is some stupid mistake ;)

For me personally it would suffice if there was a possibility to avoid having to stop connman while using the eduroam network. Maybe there is some way to tell connman to use my wpa_supplicant config file?

Thank you

edit retag close delete

( 2014-09-13 01:42:27 +0300 )edit
1

well, I read this thread, but could not get the workaround using the connman config file working, so I should rather ask, if it is currently possible to get connected to my uni's eduroam using connman. Thanks for your help ;)

( 2014-09-13 02:38:17 +0300 )edit

Something similar has already been discussed here: https://together.jolla.com/question/15645/connman-does-not-support-setting-up-anonymous-or-outer-eap-identity-for-wifi-wpa-enterprise/ There seems to be no fix currently. My university's eduroam also supports connecting without an outer/anonymous identity but the real solution would of course be to include this in connman.

( 2014-09-13 10:33:30 +0300 )edit

IMO this is a missing features and shouldn't require any workarounds in a proper implication of WLAN connectivity

( 2014-09-13 17:09:09 +0300 )edit

Sort by » oldest newest most voted

UPDATE: stitran found out that it is connman's case-sensitive interpretation of the config file so a change in EAP=TTLS to EAP=ttls solved his problem.

@stitran don't change the cacert line - I am at uni-kl.de and had exactly the same problem

 [service_eduroam]
Type=wifi
Name=eduroam
EAP=ttls
CACertFile=/etc/ssl/certs/ca-bundle.crt
Phase2=PAP
Identity=myidentity@uni-xyz.de
Passphrase=mypassphrase

more

Thanks for your suggestion, but this seems not to solve the problem. (Connman tries to connect but fails after a while.) At my uni's eduroam some kind of config parameter like anonymous_identity=anonymous@uni-xyz.de is required.

( 2014-09-13 15:57:06 +0300 )edit

that parameter is said to be needed at uni-kl.de too but it works without it, what does wpa_supplicant tell when connecting (wpa_cli)?

( 2014-09-13 17:46:21 +0300 )edit

I'm sorry, I am not used to wpa_cli ;) So which output of wpa_cli are you interested in exactly? While connecting successfully or should there be some feedback of wpa_cli while Connman tries to connect, but fails? The config file of uni-kl.de uses three differing parameters (pairwise,group,proto) in comparison to my working wpa_supplicant config file (maybe this is important)

( 2014-09-14 00:27:27 +0300 )edit

the failing output, it will show what part is failing, the reason why you are unable to connect. For uni-kl.de, my eduroam connman config file is exactly what is shown above. No pairwise or group setting. Well I wrote "ttls" instead of "TTLS" and my file is called wifi_eduroam.config... I tried just as you did, find a way to enter outer identity and use the telekom root cert but that is what I ended up with.

( 2014-09-14 11:52:08 +0300 )edit
1

It works!! Writing TTLS lowercase solved the problem ;) Thank you very much! I will 'mark your answer as correct' as soon as you edit the eap=ttls line.

( 2014-09-14 12:16:23 +0300 )edit

## Stats

Seen: 1,838 times

Last updated: Sep 15 '14