Monday, April 23, 2007

The ease of WPA in Ubuntu Feisty Fawn

With the new release of Ubuntu 7.04 (aka Feisty Fawn) the Network Manager has become the standard way of connecting to wireless (and wired) networks in Ubuntu.

While this new way has some drawbacks (connection is only established on login, so time doesn't get synced with the internet on startup) it is a great way for all the Linux roadwarriors to easily connect to all sorts of networks. In this mini-howto I will show you how it is done. I will also show you how to automatically connect after the login without needing to enter your gnome-keyring password.

The Screens

When logging in to your fresh install of Feisty the first thing you will notice is a new icon (the network-manager applet) that says you are not connected to any network:

Since the SSID of my network is hidden, I have to enter it manually. So I left-click the icon and chose Connect to Other Wireless Network.

Now I enter my SSID (Boognish), pick the wireless security I set up in my router (WPA-PSK TKIP) and enter my wireless encryption key.

The connection is not established right away. Since this is a fresh install of Feisty, I don't have a default gnome-keyring, yet. The Gnome Keyring is something like a password vault, which other Gnome applications can use. It can also store password for things like FTP servers or SSH sessions. If you don't have a default keyring, yet, Gnome will automatically create one and ask you to enter a master password. So next time you want to connect to a known WiFi network (or an FTP server) you will only be asked your master password. As your master password I would chose the same as your login password (more on that later).

After you hit OK, your wireless connection will be established.


The Magic

Now everytime you start your computer and log in, you will have to enter the master password for your Gnome Keyring and you will be connected to your WiFi network. For me, personally, it is a little bit annoying to enter my login password, and right after that enter it again to connect to the wireless. So what I do is, on login I hand over the login password to the gnome-keyring. That means the gnome-keyring is open on login and the network-manager can use it right away and won't ask you for a password (Note: In an environment where security is important you don't want this behavior). As it is your login password that is passed on, your gnome-keyring password has to be identical to it (as mentioned above). If you created your keyring with a different password see below.

To accomplish this we have to install a package and modify a file. Lets open the Terminal to do it (Applications -> Accessories -> Terminal).

# to install libpam-keyring enter
user@host:~$ sudo apt-get install libpam-keyring
# and to modify the gdm login file do
user@host:~$ sudo gedit /etc/pam.d/gdm
Now the texteditor gedit will open with a file. To the end of the file append the following three lines:
# use session pw for gnome-keyring
auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so
Now save it and close gedit. That is it. You will never be asked the keyring password again.

The Troubleshooting

  1. If your Network Manager doesn't show anything, chances are good your WiFi interface is not managed by it. In System -> Administration -> Network you have to enable the Roaming Mode for you wireless interface to allow it to be managed by the Network Manager. Reboot. If it still doesn't work open and modify the file /etc/network/interfaces (with sudo gedit like above) and comment-out all lines except two, so that it looks kind-of like this:
    auto lo
    iface lo inet loopback
    #auto eth0
    #iface eth0 inet dhcp
    #auto ath0
    #iface ath0 inet dhcp
    If it still doesn't work your wireless interface is probably not supported out-of-the-box and you will have to install the drivers yourself.
  2. If you created your gnome-keyring with a password different from your login password you cannot change it (the idiots forgot to implement this feature). You will have to delete it alltogether.
    rm $HOME/.gnome2/keyrings/default.keyring
  3. If you want to remove the password stored for a network you can go to System -> Administration -> Keyring Manager
  4. BTW: The network-manager saves its profiles here: $HOME/.gconf/system/networking

The Bottom Line

On my stationary desktops I deactivated the Network Manager in favour of the traditional ifup/ifdown mechanism because I want my network to be up at boot-time. But for laptops this is really a nice thing and in the future I think we can expect the Network Manager to work seamlessly with ifup/ifdown. So lets see what the next Ubuntu release will bring.

based on Mathias blog

No comments: