Category filter

How to set up Wi-Fi for Linux devices?

Wi-Fi is necessary for seamless internet connectivity in enterprise environments. With Hexnode UEM, administrators can remotely configure and deploy Wi-Fi settings to devices. The Wi-Fi policy ensures that managed devices connect securely to the corporate Wi-Fi networks configured by the administrator. By managing Wi-Fi settings remotely from the UEM portal, users remain unaware of the Wi-Fi password, preventing unauthorized password sharing and enhancing network security through controlled network access. Here’s how you set up Wi-Fi configurations for Linux devices from the Hexnode UEM console.

Note:

This policy is supported by the Ultimate and Ultra pricing plans.

Wi-Fi configurations for Linux devices

To configure the Wi-Fi network on Linux devices,

  1. Log in to the Hexnode UEM portal.
  2. Navigate to the Policies tab.
  3. Click the New policy button to create a new blank policy or continue with an existing policy.
  4. Provide a suitable name and description for the policy in the required fields.
  5. Select Linux. Go to Network > Wi-Fi.
  6. Click Configure to set up the Wi-Fi network settings.
Wi-Fi Settings Description
Service Set Identifier The name of the Wi-Fi network is denoted by the Service Set Identifier (SSID).
Auto-join When enabled, the device will automatically connect to the configured Wi-Fi network whenever it is within range, without requiring user intervention.
Hidden network When enabled, the device connects to hidden networks that don’t broadcast their SSID. Hidden networks will not appear in the list of available networks.
Security type Security type specifies the type of Wi-Fi security protocols. The available security type includes None, WEP, WPA-PSK, LEAP, Dynamic WEP (802.1x), and WPA-Enterprise.
Key Specify the key for authentication. If the key is 64 characters long, it should contain only hexadecimal characters. If not, the key must contain ASCII characters that are between 8 and 63 characters long.
Key type The key type specifies the type of key used for encryption of data. WEP uses two keys for encryption: Hex/ASCII key and Passphrase. Select any one key from the list.
  • When the Hex/ASCII key type is selected, the key must either be a 10- or 26-character hexadecimal string or a 5- or 13-character ASCII password.
  • When the passphrase key type is selected, the passphrase is provided as a string and will be hashed using the de facto MD5 method to derive the actual WEP key.

Dynamic WEP (802.1x) and WPA-Enterprise Settings

Available Options Description
Accepted EAP methods Select the required authentication framework. The available EAP methods include TLS, LEAP, TTLS, FAST, PEAP, and PWD.
Identity The username that is used for authenticating with the network.
CA certificate Choose the CA certificate to be used for authentication. For this, the CA certificate must be uploaded under Security > Certificates.
User certificate (When TLS is selected) Choose the user certificate to be used for authentication. For this, the user certificate must be uploaded under Security > Certificates.
Password Enter the password corresponding to the username provided in the identity field to authenticate with the network.
Allow automatic PAC provisioning Allow automatic PAC provisioning enables the seamless distribution of Protected Access Credentials (PAC) to managed devices during the setup process. The available options include disallow, anonymous, authenticated, and both.
Phase 2 authentication Select a phase 2 authentication method. The available options include PAP, CHAP, MSCHAP, MSCHAPv2, MSCHAPv2 (no EAP), GTC, and MD5. PAP is an authentication method that transmits credentials as plain text. CHAP is an authentication protocol that uses a challenge-response mechanism, where the server sends a random challenge to the client, and the client responds by hashing the challenge with a password. MSCHAP is Microsoft’s variant of CHAP (Challenge-Handshake Authentication Protocol), which uses a hash algorithm and a challenge-response mechanism to securely authenticate users without transmitting passwords in plain text. MSCHAPv2 is the second version of MSCHAP that uses mutual authentication, where both the client and the server verify each other’s identities. MSCHAPv2 (no EAP) uses MSCHAPv2 authentication without the encapsulation provided by EAP. GTC (Generic Token Card) is an EAP (Extensible Authentication Protocol) method that supports token-based credentials or one-time passwords (OTPs) for user authentication. MD5 (Message-Digest Algorithm 5) is an EAP method that utilizes hash cryptographic algorithm to verify user’s credentials.
Outer identity The outer identity refers to the username sent through the secure tunnel before passing the original username and password during authentication.
PAC file (When FAST is selected) The PAC file is uploaded to establish a secure and efficient authentication tunnel.

How to associate the policies with device/groups?

There are two ways by which you can associate restrictions to the devices in bulk.

If the policy hasn’t been saved yet,

  1. Navigate to Policy Targets.
  2. Click on + Add Devices.
  3. Browse and select the devices from the list of devices.
  4. Press OK to save the devices.

Apart from devices, you can also associate the policies with Device Groups, Users, User Groups, or Domains from Policy Targets.

If the policy is already saved,

  1. Select the required policy from the list of policies.
  2. Click on Manage > Associate Targets.
  3. Add the device(s)/device group(s)/user(s)/user group(s)/domain(s) to which the policy needs to be associated.
  4. Click on Associate.

What happens at the device end?

The Wi-Fi network configuration will get saved on the device when the policy gets successfully associated.

  • Uncategorized