Difference between revisions of "Features/WPA-WPA2-Enterprise-Network-Connections"

From Sugar Labs
Jump to navigation Jump to search
Line 19: Line 19:
  
 
== Current status ==
 
== Current status ==
* Targeted release: (SUGAR_VERSION)
+
* Targeted release: Not Specified
* Last updated: (DATE)
+
* Last updated: December 14, 2011
* Percentage of completion: XX%
+
* Percentage of completion: 100% (tentative, subject to LEAP-authentication testing. Codewise, it seems to be complete. Obviously, any bugs/enhancements are not being considered here).
  
 
== Detailed Description ==
 
== Detailed Description ==

Revision as of 10:48, 14 December 2011



Summary

This feature helps connect to WPA/WPA2-Enterprise Networks, in a sugar-environment.

Owner

Current status

  • Targeted release: Not Specified
  • Last updated: December 14, 2011
  • Percentage of completion: 100% (tentative, subject to LEAP-authentication testing. Codewise, it seems to be complete. Obviously, any bugs/enhancements are not being considered here).

Detailed Description

Expand on the summary, if appropriate. A couple of sentences suffices to explain the goal, but the more details you can provide the better.

Benefit to Sugar

What is the benefit to the platform? If this is a major capability update, what has changed? If this is a new feature, what capabilities does it bring? Why will Sugar become a better platform or project because of this feature?

Make sure to note here as well if this feature has been requested by a specific deployment, or if it has emerged from a bug report.

Scope

What work do the developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?

UI Design

There is no impact on the workflow; it's just that the user will have to enter way more parameters for conencting to a WPA/WPA2-Enterprise networks. Please see "User Experience" section for details.

How To Test

Setting up a RADIUS server (on a dedicated machine)

Setting up the access-point / router

  • Connect the access-point/router, with the RADIUS server machine, through a ethernet cable.
  • Through the RADIUS server machine, open the browser, type in the access-point/router IP address, and configure it for WPA/WPA2-Enterprise authentication. A sample screenshot is presented below


    • Router configuration.png


  • Note that, you may only need to enter the "Radius Server IP Address" ("192.168.1.3" in the screenshot). The "Radius Server Port", and "Share Secret" are the default ones (at least for a default setup of freeradius).




Connecting a client - TLS-based authentication

  • Make sure you have three certificates - user-certificate, ca-certificate, private-key - before you proceed. One way to get these certificates is as follows:
    • Go to the RADIUS server machine, and navigate to "/etc/raddb/certs"
    • Run the following commands
      • sudo make client.pem
      • sudo chmod 0644 client.p12
      • sudo chmod 0644 ca.pem
      • Transfer "client.p12" and "ca.pem" to a USB drive.
      • Use this USB drive, in the subsequent steps.
  • Navigate to the "Neighbourhood view" on the XO.
  • Click on the network-icon, and enter the parameters, as seen in the following screenshot


    • TLS authentication.png


  • NOTES
    • If either of "User Certificate", or "Private Key" is in ".p12" format, both these entries should be EXACTLY equal, since the ".p12" certificate contains both.
    • For entering the "User certificate", "CA certificate" and "Private Key", you will be taken to the "Journal-Chooser". You may use the certificates that were retrieved earlier.




Connecting a client - LEAP-based authentication

  • Help required !!!!
  • We have not been able to set-up a LEAP-authentication-supported access-point / router.
  • Any CISCO guys !!??




Connecting a client - TTLS-based authentication

  • Navigate to the "Neighbourhood view" on the XO.
  • Click on the network-icon, and enter the parameters, as seen in the following screenshot (thanks to Anish, for showing me this minimal configuration).


    • TTLS authentication.png


  • NOTES
    • The above configuration is a minimalistic configuration. However, the parameters-cum-secrets modal-dialog, has been modelled on nm-applet.




Connecting a client - PEAP-based authentication

  • Navigate to the "Neighbourhood view" on the XO.
  • Click on the network-icon, and enter the parameters, as seen in the following screenshot.


    • PEAP authentication.png


  • NOTES
    • The above configuration is a minimalistic configuration. However, the parameters-cum-secrets modal-dialog, has been modelled on nm-applet.

User Experience

  • The network-icon for a WPA/WPA2-Enterprise Network, will appear just like any other network-icon, in the Neighbourhood-view.
  • When a user clicks on the icon, she will be asked for parameters-cum-secrets (much more in number, but just like any other network-type).
  • Upon clicking the 'ok' button (and provided all sufficient-and-correct parameters are provided), the connection will be made. This can be confirmed by the tray-icon.
  • Once a connection is made, user need not re-enter parameters-cum-secrets next time (reboot) onwards. The parameters-cum-secrets will automatically be read from sugar-settings-file (connections.cfg) (just like any other network-type).

Dependencies

There are no external dependencies. This feature is just an addon, with just another network-type being added to the list of "connectable" networks.

Contingency Plan

None necessary, revert to previous release behaviour.

Documentation

Discussions are on, on the "sugar-devel-" and "dextrose-" mailing lists.

Release Notes

There are no changes in ABIs/APIs, configuration or data file formats. Also, there are no upgrade concerns.

Comments and Discussion