Note: This document is intended as a README for GitHub. The script described below is released under the GNU General Public License v3.0 (GPLv3) and helps you connect to eduroam or other WPA2-Enterprise networks on Linux using nmcli.
This script connects your Linux machine to your university’s Wi-Fi (eduroam) which typically uses WPA2-Enterprise with PEAP/MSCHAPv2 authentication. By leveraging NetworkManager and its command-line interface tool nmcli, the script:
- Scans for the desired network SSID (e.g.,
"eduroam"). - Checks if a previous profile exists and removes it (if found).
- Creates a new connection profile with the proper 802.1x settings.
- Brings up (activates) the new connection.
- Can optionally install NetworkManager if it is not already present, by detecting the distribution and using the appropriate package manager.
- A Linux distribution that uses (or can use) NetworkManager.
- sudo privileges to install packages and modify system network connections.
- A valid eduroam (or similar WPA2-Enterprise) username and password.
- Basic knowledge of your Wi-Fi interface name (e.g.,
wlan0,wlp2s0, etc.).
-
Clone or Download
Clone this repository or download the script (connect-eduroam.sh) to your local machine. -
Make the Script Executable
chmod +x connect-eduroam.sh
-
Edit Script Variables
Open the script in a text editor:SSID="eduroam"— change if your network uses a different name.USERNAME="username@uni.edu"— your eduroam/uni username.PASSWORD="password"— your Wi-Fi password.INTERFACE="wlan0"— update to match your Wi-Fi interface (check withnmcli dev statusoriw dev).
-
Run the Script
./connect-eduroam.sh
-
Verify Connection
Once the script completes, you should see a message indicating a successful connection. Verify by running:nmcli connection show --active
or by checking your system’s network status.
Security Note: Storing passwords in plain text can be insecure. Consider using environment variables if you are concerned about storing credentials in the script.
-
Interface Names
If the script fails to connect, make sure you have the correct interface name in theINTERFACEvariable.nmcli dev status
This command will show the active interfaces (e.g.
wlan0,wlp3s0, etc.). -
CA Certificate / Anonymous Identity
Some universities require a CA certificate or domain validation settings:802-1x.domain-suffix-match802-1x.altsubject-matches802-1x.anonymous-identity 585F
Uncomment and adjust these lines in the script if your institution requires them.
-
Manual Credentials Entry
Instead of hardcoding your password, you can prompt for the password:read -sp "Enter your eduroam password: " PASSWORD
This avoids leaving the password in plain text.
-
Unsupported Distro
- If the script cannot detect your distribution or fails to install NetworkManager, you must manually install or enable NetworkManager before running the script.
- Please make an issue with your distribution and I can add support
connect-eduroam.sh is licensed under the GNU General Public License v3.0. You are free to use, modify, and distribute it under the terms of this license.