WPA2 Enterprise Support

Thoughts about Raise3D, 3D printing and making in general.
Flole
Posts: 9
Joined: Sun Aug 27, 2017 10:37 pm

WPA2 Enterprise Support

Postby Flole » Sun Aug 27, 2017 10:43 pm

Hi,

I'm considering buying a N2 Plus and as I want to connect it to my Wifi I need WPA2 Enterprise support. Is PEAP or even better EAP-TLS supported?

Thanks for your help

Florian

Jetguy
Posts: 1790
Joined: Tue Mar 22, 2016 1:40 am

Re: WPA2 Enterprise Support

Postby Jetguy » Tue Aug 29, 2017 2:09 pm

You can SSH in and directly edit the config files so yes, possible- maybe not as elegant- but you may want to isolate (vlan) and firewall as an untrusted device from the regular user Vlan anyway. Just saying yes, the hardware is capable even if not obvious from the LCD menu.

Flole
Posts: 9
Joined: Sun Aug 27, 2017 10:37 pm

Re: WPA2 Enterprise Support

Postby Flole » Tue Aug 29, 2017 9:28 pm

As my APs are able to get the VLan configuration from the RADIUS server and assign a client based on it's identity to a VLAN that's exactly what I want to do. If theres no option for WPA Enterprise I could still put it on the Guest Wifi (unencrypted), but that's probably not a good idea. Does the printer keep the configuration? I've had devices before that just overwrote the config whenever it restarted, that was kinda annoying but a startup script resolved that. Also when the setting menu was entered the other device overwrote the config, is this the same with the n2 plus? Just some experiences and issues I had in the past, I would prefer to not have them again ;)

Jetguy
Posts: 1790
Joined: Tue Mar 22, 2016 1:40 am

Re: WPA2 Enterprise Support

Postby Jetguy » Thu Aug 31, 2017 3:18 am

Let me see if I can best answer your question. I do not have a WPA2 Enterprise network handy I can attach any of my N series printers to for direct validation. At best, what I can do is set either a fake WPA2 setup in the config manually over SSH and validate that the front panel wifi gui menu subsystems will not overwrite it (a specific concern you have) and by that I mean as long as a user does not go into this menu and set something manually.
What I do know- in the past before special characters and language packs were added to the front panel, this was the method to enter strong passwords contains special characters and also other than English characters for those having that type of password.

So, this has a proven track record and while I don't have the time or resources to setup a test WPA2 Enterprise network to 100% end to en validate the solution, I will give you best effort. Also, you can easily use WINSCP or whatever client to access the the printer using SCP to visually see the file system (I'm more of a visual person than straight command line). This is also an easy way to manage the print files. So as expected you can see the pretty bog standard /etc/wpa_supplicant.conf and it has my network settings as stored by the GUI interface. Now I sanitized the below file with completely made up numbers but you can see a typical WPA2 SSID and PSK pairing.

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
update_config=1

network={
ssid="Unknown"
bssid=E0:21:72:46:56:D2
psk=86df2345902374003480234880
}


For a WPA2 Enterprise network, I think this is what it should look like:

network={
ssid="YOUR_SSID"
scan_ssid=1
key_mgmt=WPA-EAP
identity="YOUR_USERNAME"
password="YOUR_PASSWORD"
eap=PEAP
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}

Again, this is a pretty simple system of a pcDuino based IMX6 board running the Raise 3D application for the front end GUI. All it does is act as a print server and touchscreen user interface to talk to standard Marlin on a custom mega2560 based controller derived from the RUMBA controller.

#1 no, the OS will not overwrite this config unless the user goes into the LCD wifi menu and tries to change it from there.
#2 I see no reason why WPA2 enterprise could not be supported- but again, this custom config you have to first get into the file system and edit the /etc/wpa_supplicant.conf (no it's also not nested in a folder /etc/wpa_supplicant like many Raspberry Pi OS images). You can either SSH into the system and navigate command line to edit or for the graphical user- use WinSCP or equivalent.
#3 You might groan from the security standpoint, but you log in as user "root" and the either random SSH password auto generated by the system and viewed on the LCD menu under security and privacy, or you can custom create your own at the printer and then use it.

Also, all 3 Raise 3D printers use the same basic front panel code and system, the only difference is the mounting or housing (n1 is landscape, N2, and N2 Plus orients the 7 inch LCD portrait vertically) and in the Raise 3D application there is a printer configuration file and the machine type of N1, N2, or N2 Plus determines what machine it "thinks" it is. Just trying to show you this information is universal- I own all 3 versions.

Jetguy
Posts: 1790
Joined: Tue Mar 22, 2016 1:40 am

Re: WPA2 Enterprise Support

Postby Jetguy » Thu Aug 31, 2017 3:28 am

Some semi related threads on how to see the file system and some other details.
This shows using WinSCP and some the details of basic navigation (remember, the file for network config is /etc/wpa_supplicant.conf, where this tutorial was showing navigation to /opt/Raise3D/)
viewtopic.php?f=2&t=2742&p=17766&hilit=password#p17766

This discusses the last update and how that added the SSH random password as default (good security fix by Raise 3D VS the original blank password or instead of a canned default that everyone knows too and users fail to change)
viewtopic.php?f=3&t=1895&p=15598&hilit=password#p15598

Flole
Posts: 9
Joined: Sun Aug 27, 2017 10:37 pm

Re: WPA2 Enterprise Support

Postby Flole » Thu Aug 31, 2017 11:15 pm

Thanks for your help! Ordered the printer yesterday, will be here tomorrow and then I will actually verify if it's working as it should! I also don't see an issue there but it wouldn't be the first time.


Return to “General”

Who is online

Users browsing this forum: Baidu [Spider] and 6 guests