Closed grawity closed 3 years ago
What exactly is the alternative? WPA PSK didn't work for me last time I checked, but maybe my configuration was bad.
The same WPA-EAP/PEAP/MSCHAPv2, but with the server's certificate validation enabled. Same logic as HTTPS (and it's even the same SSL/TLS behind the scenes) – if you verify the cert, you know you're always talking to your home institution's auth server. If you don't, it could be anybody's.
(We use a standard web CA from /etc/ssl/certs, so domain_suffix_match="utenos-kolegija.lt"
would be the important part. Unfortunately the path to standard CAs is distro-dependent...)
Confirming that this configuration (EAP-PEAP with MSCHAPv2) will work with
@ukolegija.lt
and@utenos-kolegija.lt
accounts.(Not that I want to encourage using a configuration that broadcasts your easily-crackable password hash literally everywhere you go, but if it does the job for you...)