Miskatonic University Press

Getting my Raspberry Pi on a PEAP-MSCHAPv2 wifi network

unix york

I have a Raspberry Pi at work that I use for listening to STAPLR. A while ago it fell off the university’s wifi network. Today I got around to fixing that. For some unknown reason I had to do more today than I did back when I first got it on the wifi, but such is the way of computers. For my own sake I’m documenting what I did here, and maybe it will be useful to others.

This is based on: Raspberry Pi 3 and PEAP-MSCHAPv2 WiFi Networks by Nontas Rontogiannis and an answer in a Raspberry Pi forum by broo0oose. Thank you, fellow Pi users who are on not on a simple wifi network!

Columns
Columns

First edit /etc/wpa_supplicant/wpa_supplicant.conf and add:

network={
      ssid=""
      priority=1
      proto=RSN
      key_mgmt=WPA-EAP
      pairwise=CCMP
      auth_alg=OPEN
      eap=PEAP
      identity=
      password=hash:
      phase1="peaplabel=0"
      phase2="auth=MSCHAPV2"
      }

Fill in these fields:

  • ssid (wifi network name)
  • identity (username)
  • password

You can enter your password in plain text, but that’s a terrible thing to do. Instead, use a hashed version.

echo -n 'password_in_plaintext' | iconv -t utf16le | openssl md4 > hash.txt

Then take the text in hash.txt and add it after “hash:” in the password field.

Columns
Columns

Restart network services (sudo service networking restart) and all should work … unless you don’t have a /etc/network/interfaces file, which I didn’t! Somehow it had disappeared. So I created one, with this incantation:

auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0

iface wlan0 inet dhcp
        pre-up wpa_supplicant -B -Dwext -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf
        post-down killall -q wpa_supplicant

(That’s a tab for indentation there, in case it matters. The pre-up line should be all on the same line, it’s -c/etc/wpa..., but some formatting thing is messing up the display here.)

After rebooting it all worked, even though the network icon in the icon bar showed no connection.

Columns
Columns

Typing in your password means it’s in your history, which means it’s in a file on the system. That’s insecure. The easiest way to clear that out is to wipe your history:

history -c

But you can also just wipe out the one line by finding just which one it is, for example:

$ history | grep openssl
  118  echo -n 'password_in_plaintext' | iconv -t utf16le | openssl md4 > hash.txt
$ history -d 118

But when you’re on the network you should install xsel:

sudo apt-get install xsel

Now next time you can run

echo -n 'password_in_plaintext' | iconv -t utf16le | openssl md4 | xsel -b

This puts the hashed password into the X clipboard, where it’s easier to paste. You’ll still want to wipe it from your history.

Columns
Columns

Why the Pi doesn’t support this kind of network out of the box, I don’t know, but I hope they add it. Nevertheless, the Pi is marvellous little thing.