Raspberry Pi wired dot1x

One of the challenges I had while deploying PacketFence, was getting a Raspberry Pi to authenticate using MSCHAPv2 on the wired network.
Wireless seems to be easy, but I had quite a struggle to make it work on the eth0 interface. In fact, it works perfectly, until your Raspberry Pi reboots.

The reason is that dhcpd has some built-in hooks to call wpa_supplicant for wireless interfaces. In order to get dot1x to work on wireless networks, you just need to correctly configure /etc/wpa_supplicant/wpa_supplicant.conf.

For wired interfaces, you should create a seperate wpa_supplicant file, for example /etc/wpa_supplicant/wpa_supplicant-wired-eth0.conf.
Edit this file and configure it as such:

ctrl_interface=/run/wpa_supplicant
ap_scan=0
network={
  key_mgmt=IEEE8021X
  eap=PEAP
  identity="user_name"
  password="user_password"
  phase2="autheap=MSCHAPV2"
}

Now, create a new wpa_supplicant service:

systemctl enable wpa_supplicant-wired@eth0.service

Finally, reboot the Pi. The service should start automatically and you should be good to go!

Leave a Reply

Your email address will not be published. Required fields are marked *