Linux - EAP-PEAP

How to Connect to Wi-Fi Using EAP-PEAP on Linux

EAP-PEAP (Protected Extensible Authentication Protocol) is a secure and common method for enterprise Wi-Fi authentication. It uses a TLS tunnel and then authenticates using a username and password (typically with MSCHAPv2).

Option 1: GUI Using NetworkManager

1. Click the network icon and select your Wi-Fi network.
2. Under “Security,” choose WPA & WPA2 Enterprise.
3. Set the following:

• Authentication:

  Protected EAP (PEAP)

• Anonymous identity: Optional (e.g.,

  [anonymous@example.com](mailto:anonymous@example.com)

  )
• CA certificate: Recommended — e.g.,

  /etc/ssl/certs/ca-cert.pem

• PEAP version:

  Automatic

  or

  0

• Inner authentication:

  MSCHAPv2

• Username (identity): Your network login (e.g.,

  [user@example.com](mailto:user@example.com)

  )
• Password: Your Wi-Fi or directory service password Click Connect.

Option 2: CLI Using

wpa_supplicant

1. Create Config File

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

2. Add This Configuration:

3. Start the Connection:

Then get a DHCP address:

sudo dhclient wlan0

Troubleshooting

• Use

  dmesg

  or

  journalctl -u NetworkManager

  for logs.
• Ensure

  ca_cert

  is correct and readable.
• Check that the RADIUS server presents a certificate trusted by your system.

Security Tip

Always validate the RADIUS server’s certificate using

ca_cert

. This protects you from man-in-the-middle attacks. Avoid using

ca_cert="/etc/ssl/certs/ca-cert.pem"

blindly — verify the correct CA with your administrator.

Related Topics

• Linux EAP-TLS
• Linux TTLS + PAP
• Client Configuration Overview
• Troubleshooting