Puppy Linux Discussion Forum

Just got a recent note from my daughter's school IT manager. My daughter is allowed to use Puppy Bionic on her converted Chromebook, while everyone else is using ChromeOS. He's not really familiar with Puppy, so has asked if we can get her off of the guest network with static keys to:

"The network I want people who are in the building regularly using is XYZ which uses enterprise authentication. Everyone has their own username and password in an Active Directory server here on campus. The Frisbee wifi setup utility in Puppy, though, doesn't seem to be able to configure an enterprise SSID. I googled it, a couple of posts said to get a different utility, PeasyWifi, but those posts were 7 years old, I couldn't find PeasyWifi anywhere, nor do I have any experience using Puppy's package manager."

"Do you have any experience with configuring an enterprise wifi network for Puppy? Or can you find a different utility that will do the job?"

I'm not really familiar myself with Active Directory/Enterprise Authentication, so would appreciate any suggestions. Thanks in advance!

What is 'enterprise wifi authentication'? How does it differ from standard wifi authentication?

I have no personal experience with wpa2-enterprise, but you will find peasywifi here: https://oldforum.puppylinux.com/viewtopic.php?t=94501. Just download the .pet file and click it to install. Forum member @rcrsn51 is one of the resident network experts and could address your question better.

wizard

This person sure is not providing you with much information.
He/she is providing nothing on how the connection has to be done?

What are the procedures to do it in ChromeOS?
Should not be that different to how to do it in Bionicpup64.
Just a different program used in Bionicpup64.

If they are talking about WPA 2 type connection.

The network Wizard can do that.

It is a lot of individual steps, but it gives you complete control of exactly how it connects.

menu->Setup->Internet Connection Wizard->Wired or wireless LAN->Network Wizard

Network Wizard wireless connection steps.

1. Select Network Wizard
2. Select wlan0 (your network card may have a different description)
3. Select Wireless in the Configure wireless network box.
4. Select Scan and your ESSID (WIFI router) should come up.
5. Select your ESSID and OK
6. Give a name to your profile. It should already be what you selected in step 5.
7. Encryption. Most people use WPA/TKIP - select it or WPA2.
8. A box will open for you to write the WPA password. It is called a Shared Key. Enter the password.
9. Leave the other boxes as they are. Rarely do these need adjustment.
9. Select Save
10. Select Use This Profile
11. A box will appear showing Puppy trying to connect
12. A box will come up “REPORT ON TEST 0f wlan0CONNECTION”
13. Select Auto DHCP in the Configure interface box and it will go through a handshake routine. and declare itself successful
14. Select done

Select to use this setup on reboot.
Select to use this as default.

while everyone else is using ChromeOS.

Puppy Linux is much better than ChromeOS.

However, if everyone is using ChromeOS and the programs in it.
I wonder if more issues will pop up for your daughter
It may just be better to use Puppy Linux at home and ChromeOS at school!

Thanks Flash, Bigpup, Wizard.
Flash, I'm not sure, but I have found a thread about this same kind of request in the old forum -- and it does discuss some of the more arcane details of Enterprise Authentication. PeasyWIFI seemed to be the solution:
https://oldforum.puppylinux.com/viewtopic.php?t=97322

Wizard, thanks for locating the main PeasyWifi thread

Bigpup thanks, but I've been using Puppy for 15 years and do know how to configure Network Manager, Frisbee, and Dougals. They don't address this particular set of requirements.

I'm fairly confident that the IT department can actually do the setup on her computer, IF I've installed a network manager that handles these protocols, and that looks like PeasyWIFI.

As to why she is using a different OS than others, and the problems that might create for her, she's actually been working at school in Puppy for 4 years already with remarkably few problems. The reasons for doing this are many, but among them are a family decision not to accept school age student Google tracking and profiling as an inevitability, also as a demo to the school administration of what alternatives are available beyond ChromeOS that can actually run on inexpensive chromebox equipment. Also the full fledged programs available for her in Linux are far more sophisticated than the ChromeOS offerings, and she has learned a lot more than the average student about word processing, spreadsheets, CAD, animation, video editing, graphics, printing, etc. ... and of course about Linux itself.

I'm looking into PeasyWIFI now, and am installing and testing it on my own laptop before installing it on hers. Presently she is using the guest server account at school with no substantive problems there. It's just a requested preference by IT that I look into switching her over to their enterprise server, and its special requirements.

FYI folks, here's a pic of PeasyWIFI running, and the choice of protocol not available on our other network managers (PEAP). This seems to be the need.

@vtpup

Thanks for the update, I think peasywifi has the settings for PEAP, etc that they will need to setup wpa2-enterprise. No way to test it here, enterprise is much more involved to configure than wpa2-psk that most of us use. Interesting to see you using the Acer C720, it is one I considered before settling on a Acer CB3-431 off Ebay. Use mine daily, triple boots ChromeOS, Gallium LInux and Puppy fossapup64. It's a shame the schools retire the Chromebooks just because Google declares them "end of life".

Also, if you have not seen it, here is a locked down Puppy that would work for school type use viewtopic.php?t=4816

Let us know if and how you finally solve the problem.

Thanks
wizard

If you can buy, borrow or steal an enterprise router,
and configure it to connect to the enterprise network using your id and password, it should just work. Then connect Puppy to the router.

The Linux equivalent to an active directory is a container. All the networking software would be set up to work in a container (LDAP)

I'm just waiting to test so far..... maybe Sunday. I'll update.

vtpup wrote: ↑Sat Mar 19, 2022 4:16 pm

I'm just waiting to test so far..... maybe Sunday. I'll update.

This would have been useful information for other community members.

@vtpup
I was the person who in 2013 implemented Frisbee's support for EAP/PEAP and have assumed that it works. That is based on not hearing back from the user or anyone else who needed it. Either it worked for them or they gave up on it.

I am willing to work with you to try to make Frisbee function appropriately for enterprise connections. But it will take some debugging and experimentation. I would need to see what you encounter when you use Frisbee to connect to the school system. I may then need to give you a debug version (with tracing) to test with.

I am eager to update Frisbee for connecting with PEAP -- if you can help me.

Richard

Sorry I did not update at the time, but I couldn't. They decided to wait because exam time had started and it would have been problematic if the school IT dept tried changing her connection method and could not get her back online rapidly for a test. They are NOT familiar with Puppy at all, and just getting her periodically on the guest wifi has taken them a half hour sometimes. I'm sure I could do it myself, but I'd have to get clearance to be there and working with them or be given the needed setting info while present.

From non-connected tests at home without the needed credentials, however, I can report that there was no problem with what I could do procedurally with Peasywifi on her modified (dedicated) Puppy Chromebook.

When we get to the end of the class year and some more relaxed filler days, maybe I can work with their IT department to do a test.

I also want to connect it to WPA2 enterprise but it seems peasywifi doesn't have the following I want to fill out other than PEAP. I am missing something?

Certificate status online = Don't verify
CA-certificate = Use system
Authentication = MSCHAPV2
Identity = Username

emanresu wrote: ↑Mon May 23, 2022 7:29 am

I also want to connect it to WPA2 enterprise but it seems peasywifi doesn't have the following I want to fill out other than PEAP.

1. Enter a profile name.
2. Click the Make button.
3. Click the Check button.
4. Open the new .conf file in a text editor.
5. Add the extra settings you need.

No reply. Another missed opportunity.

rcrsn51 wrote: ↑Mon May 23, 2022 11:29 am

emanresu wrote: ↑Mon May 23, 2022 7:29 am

I also want to connect it to WPA2 enterprise but it seems peasywifi doesn't have the following I want to fill out other than PEAP.

1. Enter a profile name.
2. Click the Make button.
3. Click the Check button.
4. Open the new .conf file in a text editor.
5. Add the extra settings you need.

Thanks. Successfully connected

Excellent. If you don't want to expose your password, leave it as "my_password" in the .conf file. When you connect, you will get a pop-up window to enter it.

@rcrsn51 & @rerwin - thankyou - have used peasywifi 4.6 & this thread to solve PEAP connection issue caused by lack of information from an institutional IT support centre.

School year has just started again, and I'm going to talk the IT dept through the setup, and will report results back as soon as available.

I've done what I can myself initially to set up a PEAP profile and config file. The IT dept at the high school will have to edit the config and add the necessary parameters and password, as well as encrypting it if it works. They are scheduling Tue Sept 6 for that try.

PeasyWif1 ver 4.5 on Bionic64:

We were successful in getting connected via PeasyWifi using peap to my daughter's school's enterprise Wifi authorization setup!

I did have to talk the IT manager through setup over the phone, but mainly for minor issues -- he had tried it on his own but lost program access because of an accidental switch to desktop 2 with the PWFi screen open on desktop1. Once we figured it out and switched back to Desktop1we could continue with Peasywifi.

Other small usability issues: I had started a new PEAP profile in advance, and had filled in as much info as I could, but did not know the exact configuration details or passphrases needed. We tried to edit that profile over the phone, and the first "intuitive" method of doing that was wrong: in the opening Peasywifi screen we selected the profile we wanted to edit, then clicked on the config button at the bottom of the screen. This opened the file, pwf.conf, in a text editor. However, pwf.conf wasn't the configuration file we wanted to edit. There was no way of actually opening that other config file in this tab, even though we chose the file we wanted in the dropdown list.

Instead, we decided to give up and create a new profile from scratch. So we clicked the Profile tab at the top of the screen, and filled in relevant details. For PEAP there was a slight bit of confusion because it actually needs two passphrases, but there was space for only one. Also most of the PEAP details are actually entered via a text editor in the config file AFTER you click the Make button. I knew this, but it wasn't obvious to an inexperienced user unfamiliar with this network manager. I told the IT manager to enter anything in the passphrase section because we could change that later.

Then we hit Make, and then hit Check. Check opens up the directory where the profiles are stored. We could see all of the created profiles there, including the one we had wanted to edit earlier. I told the IT manager to click on the new profile to open it in a text editor, which he did. He was then able to enter all of the needed specs and credentials, and save the file.

We then switched to the Connect tab, and chose the new profile. He hit connect, and PeasyWifi successfully connected.

We then went to the Auto tab, selected the new profile, and then hit On. After that, to protect the credentials, we went to the Encrypt tab, again selected the profile, and entered a PIN. I explained that the PIN didn't matter because if any changes were needed in future, a new profile could be created. Also, I couldn't explain how to use the PIN to unencrypt a profile anyway. He entered a PIN and then hit Encrypt. Done!

Recommendations:

A small change to make it more user intuitive, I'd suggest that the Config button at the bottom of the Connect tab screen actually open the selected profile in the dropdown rather than always opening pwf.conf. Or, at least opening the /etc/pwf/ directory to show all available profile config files. (That last action is the same as the Check button in the Profile screen performs. But I think opening the actual selected profile in the text editor would be better.)

The Check button itself is non-intuitive to use on a pre-existing profile, other than one just made, since its button is located below lines of new profile parameter entry, and adjacent to the Make button. You often need to check a file that has already been made, and there actually doesn't look like there is a path to get there. Check is usable for that because it opens a directory, not the file just made, but not obviously so.

Anyway, the program works, and those are the only suggestions I have re. user feedback.