How-To

Working Raspberry Pi & WPA2e (enterprise) Configuration.

Jon Eaton

2 min read

I’ve seen numerous posts with many different approaches to getting the working. I’ve had to do this recently so did some testing along what way and made some notes. I had the opportunity to test on a number of Pi’s so should it should work with any WPA2e network regardless of the commercial entity or University. One final point here, just because I’ve detailed how to connect, you may still need permission from the appropriate Network Security body before connecting your device to WPA2e protected networks.

The instructions were tested on both the Raspberry Pi 3b and Raspberry Pi 4, running any of the images below:

  • Raspbian Buster with desktop and recommended software(September 2019)
  • Raspbian Buster with desktop (September 2019)
  • Raspbian Buster Lite (September 2019)

I didn’t do any updates to the base image, just so I knew I had a common starting point. I don’t expect any issues if I had done the updates, and did try at the time with no issues. However over time there will obviously be many updates that were not included in my testing.

So from a fresh boot using a new image, after the normal re-sizing of the root partition etc, the first thing we need to determine is a hashed version of the password for the WPA2 enterprise network. We could use clear text instead, but given we are going to be storing it in a config file in /etc a hashed password is obviously best practice. The following command (using the correct password) will give us the cached password.

Through the snippets below, always be aware the it may appear word wrapped on you screen.

pi@raspberry:~ $ echo -n 'WiFi-Password' | iconv -t utf16le | openssl md4 | cut -d " " -f2
01c5a3f0c2cad4e614d5e3c3d92906f6

It’s the string 01c5a3f0c2cad4e614d5e3c3d92906f6 we need later so keep it safe.

Next we create a new file:

pi@raspberry:~ $ vi /etc/network/interfaces.d/wpa2enterprise

With the following text:

auto wlan0

iface wlan0 inet dhcp
  pre-up wpa_supplicant -B -Dwext -i wlan0  -c/etc/wpa_supplicant/wpa_supplicant.conf
  post-down killall -q wpa_supplicant

Next we create the new referenced `/etc/wpa_supplicant/wpa_supplicant.conf` with the following details:

  • Wi-Fi Network name (The SSID to connect to)
  • Your Username to connect to the network with.
  • The Hashed Password (generated earlier)
pi@raspberry:~ $ vi /etc/wpa_supplicant/wpa_supplicant.conf

With the following content, updating the details as appropriate (marked with —).

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=GB

network={
 ssid="---WIFI-NAME---"
 proto=RSN
 key_mgmt=WPA-EAP
 auth_alg=OPEN
 eap=PEAP
 identity="---USERNAME---"
 password=hash:---PASSWORD-HASHED-VALUE---
 phase1="peaplabel=0"
 phase2="auth=MSCHAPV2"
 priority=1
}

Once you have created the files as specified above, with the appropriate details updated. Reboot the Raspberry Pi and it should auto connect to the WPA 2 enterprise (WPA2e) network.

Finally, when you password is changed, you just need to generate a new hash and update the /etc/wpa_supplicant/wpa_supplicant.conf file as appropriate.