Wicd is capable of using any type of wireless encryption that wpa_supplciant is capable of. This guide will help you to convert a wpa_supplicant.conf file into a template that wicd can use. Here is our sample wpa_supplicant.conf file, which we'll turn into a wicd template.
network={
ssid="The SSID"
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=TLS
identity="Some Name for connecting"
ca_cert="PATH to CA CERT dot PEM"
client_cert="PATH to CLIENT CERT dot PEM"
private_key="PATH to PRIVATE KEY dot PEM"
private_key_passwd="some password for auth"
}The first step is copy and paste your original conf file into your new template file, which you should put in /etc/wicd/encryption/templates. You can pick any name you want for the template file, but it's a good idea to make it related to the type of encryption somehow. I named this one eap-tls.
Now you want to specify which of the lines in the configuration file you want to be able to assign through wicd's gui (typically usernames, passwords, and certificates). In this case there are quite a few; identity, ca_cert, client_cert, private_key, and private_key_passwd all need to be specified in the gui. The essid will also be filled in automatically by wicd, though not quite the same way as the others. The way to tell wicd to fill in these lines using information from the gui is by replacing the second half of the option="something" line with a special variable name, with the format $_VARIABLE_NAME. So for our sample config file, it should look like this:
network={
ssid="$_ESSID"
scan_ssid=$_SCAN
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=TLS
identity=$_IDENTITY
ca_cert=$_CA_CERT
client_cert=$_CLIENT_CERT
private_key=$_PRIVATE_KEY
private_key_passwd=$_PRIVATE_KEY_PASSWD
}Next we need to put our header information in, which includes the name to display in the GUI dropdown box for our template, the author of the template, the version number, and what fields to display in the GUI for the user to enter. Here's what this looks like in our sample template.
name = EAP-TLS
author = Dan O'Reilly
version = 1
require identity *Identity ca_cert *Path_to_CA_Cert client_cert *Path_to_Client_Cert private_key *Path_to_Private_Key private_key_passwd *Private_Key_Password
-----
network={
ssid="$_ESSID"
scan_ssid=$_SCAN
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=TLS
identity=$_IDENTITY
ca_cert=$_CA_CERT
client_cert=$_CLIENT_CERT
private_key=$_PRIVATE_KEY
private_key_passwd=$_PRIVATE_KEY_PASSWD
}
identity *Identity
ca_cert *Path_to_CA_Cert
client_cert *Path_to_Client_Cert
private_key *Path_to_Private_Key
private_key_passwd *Private_Key_PasswordThe first part of each pair should correspond to one of the $_VARIABLE entries in the template, except using lowercase letters instead of capitals. The second part of the pair tells wicd what you want to display as a label for this enry in the wicd gui. So *Path_to_CA_Cert will show up in the GUI as "Path to CA Cert". Make sure to start this part with an asterisk (*), and to use underscores (_), never spaces.
The last thing we'll add to the file is the line
ctrl_interface=/var/run/wpa_supplicantWhich wicd uses to query wpa_supplicant to determine if authentication succeeded or failed. So the final template looks like this:
name = EAP-TLS
author = Dan O'Reilly
version = 1
require identity *Identity ca_cert *Path_to_CA_Cert client_cert *Path_to_Client_Cert private_key *Path_to_Private_Key private_key_passwd *Private_Key_Password
-----
ctrl_interface=/var/run/wpa_supplicant
network={
ssid="$_ESSID"
scan_ssid=$_SCAN
key_mgmt=WPA-EAP
pairwise=TKIP
group=TKIP
eap=TLS
identity=$_IDENTITY
ca_cert=$_CA_CERT
client_cert=$_CLIENT_CERT
private_key=$_PRIVATE_KEY
private_key_passwd=$_PRIVATE_KEY_PASSWD
}
The last step is to tell wicd to parse your template file when the GUI initially loads. The way to do this is to open up /etc/wicd/encryptions/templates/active, and add your template filename to the list. So, since I saved this template as /etc/wicd/encryption/templates/eap-tls, you would simply add eap-tls to the list. Then reload wicd and make sure your template shows up in the encryption dropdown box. It should appear with the name you specified in the "name=" line.
Also, if you create a template, don't hesitate to post it on the forums! Odds are someone else out there will be able to use it, and there's a good chance we'll end up packaging it with wicd by default.