Connecting to the eduroam wireless network - University for the

Document Sample
Connecting to the eduroam wireless network - University for the Powered By Docstoc
					University for the Creative Arts

Connecting to the eduroam wireless network
How to configure laptop computers to connect to the eduroam wireless network
Saved on 19 August, 2008
V1.3 ews; Tiger by mjoyce


Contents

Contents ........................................................................................................................................................ 1
Introduction ................................................................................................................................................... 1
Prerequisites ................................................................................................................................................. 1
Connecting Microsoft Windows XP SP3 computers to eduroam.................................................................. 3
Connecting Microsoft Vista computers to eduroam ...................................................................................... 8
Connecting Apple Mac OS X 10.5 (Leopard) computers to eduroam ........................................................ 14
Connecting Apple Mac OS X 10.4 (Tiger) computers to eduroam ............................................................. 18
Connecting the Apple iPhone and iPod Touch to eduroam........................................................................ 22
Connecting Symbian S60 devices to eduroam ........................................................................................... 25
Technical Information.................................................................................................................................. 39
Access for staff using ucreative laptops...................................................................................................... 39
Access for visitors to the University for the Creative Arts ........................................................................... 39
Access for UCA users visiting other institutions ......................................................................................... 39

Introduction

The University for the Creative Arts offers wireless network access to students using their own or loan
laptops across all campuses. A good wireless signal is available in all libraries and in some other areas.
Network access is restricted almost exclusively to internet access for normal purposes. These include
web browsing, ftp download, imap and pop mailbox access, and instant messaging. You will not be able
to access fileshares from the wireless network.
The name of the wireless network is eduroam. It is not an open wireless network: a username and
password must be supplied. The instructions below tell you how to configure a laptop running Microsoft
Windows XP, Microsoft Vista or Mac OS X.
In all cases the instructions are for the most recent version of the operating system. If you have an older
version, you are encouraged to update it.
The next section of this document gives some technical details to help students with laptops running
Linux or other operating systems to connect. With these details it should be possible to configure most
modern operating systems and some PDAs and wifi equipped mobile phones to connect to eduroam.
However, only Windows XP, Vista and Mac OS 10.5 have been tested: ucreative IT cannot offer help with
any other platform.
The eduroam network has some further features. It allows enhanced network access to staff using
ucreative laptops. It can also be used to give network access here to students and staff from other
academic institutions. And it permits University students and staff to access the network at other
academic institutions. These features are briefly documented in the final two sections of this document.

Prerequisites

To access the eduroam wireless network, you need:
      •     A laptop equipped with a wireless network card. Many laptops now come with a wireless network
            card built in – make sure you switch this on when you are trying to configure your laptop. You will
            get best performance from a modern card that supports 802.11g, but older cards which support
            802.11b will also work.
      •     Your ucreative login and password. Your ucreative login is the username you use to log in to
            University computers. It is usually but not always the same as the first part of your University
                                                                                                                                               Page 1 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network

       email address. It usually consists of one of your initials, followed by your family name, sometimes
       followed by a number: jsmith2, astudent3.
   •   Somewhere to sit within range of the wireless networks. You should configure your laptop for the
       first time in one of the libraries, where the wireless signal is good, to avoid the risk that a weak
       wireless signal may cause the connection to fail.
   •   These instructions.




                                                                                              Page 2 of 40
University for the Creative Arts                               Connecting to the eduroam wireless network


Connecting Microsoft Windows XP SP3 computers to eduroam

Configure common wireless networking settings
From the Start menu, select Control Panel. The Control Panel opens.
If the Control Panel is in category view, click Switch to Classic View to go to Classic View.
Double-click Network Connections.




Right click Wireless Network Connection and select Properties from the contextual menu.



The Wireless Network Connection Properties dialogue box opens.




Select the Wireless Networks tab.




Ensure that the Use Windows to configure my wireless network settings check box is ticked.
                                                                                                Page 3 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network

Click the Advanced button. The Advanced dialogue box opens. Ensure the Any available network
(access point preferred) radio button is selected. Ensure that the Automatically connect to non-
preferred networks check box is unticked.




Click Close. The Advanced dialogue box closes and you are returned to the Wireless Network
Connection Properties dialogue box.
Add a new wireless network
Click Add. A new dialogue box titled "Wireless network properties" opens.




In the Network name (SSID) field, type eduroam. From the Network Authentication drop-down menu,
choose WPA. From the Data encryption menu, choose AES. Ensure that the two check boxes on this
tab are unticked.
Select the Authentication tab.




                                                                                         Page 4 of 40
University for the Creative Arts                       Connecting to the eduroam wireless network

Configure PEAP-EAP-MSCHAPv2 authentication




From the EAP type drop-down menu, choose Protected EAP (PEAP). Ensure that the two check boxes
on this tab are unticked.
Click Properties. The Protected EAP Properties dialogue box opens.




Ensure that all check boxes on this dialogue box are unticked.
Select Secured password (EAP-MSCHAP v2) from the Select Authentication Method drop-down
menu. Then click Configure. The EAP MSCHAPv2 Properties dialogue box opens.




                                                                                    Page 5 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network

Ensure that the check box on this dialogue box is unticked.
Click OK on the EAP MSCHAPv2 Properties dialogue box, then OK on the Protected EAP Properties
dialogue box to return to the Wireless network properties dialogue box.
Select the Connection tab.




Ensure that the check box on this tab is ticked.
Click OK to return to the Wireless Network Connection Properties dialogue box. This should now show
eduroam (Automatic) in the list of preferred networks.




Connect to eduroam
Click OK. The wireless network connection icon in the taskbar begins to move, showing that your
computer is trying to connect to the eduroam wireless network. After a few seconds, the Wireless
Network Connection prompt balloon appears.




                                                                                            Page 6 of 40
University for the Creative Arts                                Connecting to the eduroam wireless network




Click on the Wireless Network Connection prompt balloon. The Enter Credentials dialogue box opens.




In the User name field, type your ucreative login followed by @ucreative.ac.uk. Your ucreative login is
the username you use to log in to University computers. It is usually but not always the same as the first
part of your University email address. It usually consists of one of your initials, followed by your family
name, sometimes followed by a number.
Note For many but not all people, what should be entered is the same as your full University email
         address. If the first part of your University email address is different to your ucreative login, make
         sure you type your ucreative login before the @. If your email address finishes
         @students.ucreative.ac.uk, ensure that you leave out the students. portion.
In the Password field type the password for your ucreative login. Leave the Logon domain field blank.
Then click OK.
Your computer will now try to connect to the eduroam wireless network with the username and password
you have supplied. If it is successful, a confirmation balloon will appear above the taskbar.




You are now connected to the eduroam wireless network. Click on the cross to close the confirmation
balloon.




                                                                                                  Page 7 of 40
University for the Creative Arts                              Connecting to the eduroam wireless network


Connecting Microsoft Vista computers to eduroam

Configure common wireless networking settings
From the Start menu, select Control Panel. The Control Panel opens.
If the Control Panel is in category view, click Switch to Classic View to go to Classic View.
Double-click Network and Sharing Center.




The Network and Sharing Center opens. Click Manage wireless networks under Tasks on the left hand
side of the window.




The Manage Wireless Networks window opens.




Add a new wireless network
Click Add to add a wireless network.
A wizard opens. Click Manually create a network profile.
The wizard moves forward a screen, prompting you to enter information for the wireless network you want
to add.




                                                                                                Page 8 of 40
University for the Creative Arts                          Connecting to the eduroam wireless network




In the Network name field, type eduroam. From the Security type drop-down menu, select WPA-
Enterprise. From the Encryption type drop-down menu, select AES. Leave the Security
Key/Passphrase field empty. Ensure that the two check boxes on this wizard screen are unticked. Then
click Next.




The wizard adds the eduroam wireless network and moves on to the next screen. Click Change
connections settings. The eduroam Wireless Network properties dialogue box opens.




                                                                                         Page 9 of 40
University for the Creative Arts                          Connecting to the eduroam wireless network




Select the Security tab.




From the Security type drop-down menu, select WPA-Enterprise. From the Encryption type drop-down
menu, select AES. From the drop-down menu under Choose a network authentication method choose
Protected EAP (PEAP). Ensure that the check box next to Cache user information is ticked. Then click
Settings.... The Protected EAP Properties dialogue box opens.




                                                                                       Page 10 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network

Configure PEAP-EAP-MSCHAPv2 authentication




Ensure that all check boxes on this dialogue box are unticked.
Select Secured password (EAP-MSCHAP v2) from the Select Authentication Method drop-down
menu. Then click Configure. The EAP MSCHAPv2 Properties dialogue box opens.




Ensure that the check box on this dialogue box is unticked.
Click OK on the EAP MSCHAPv2 Properties dialogue box, then OK on the Protected EAP Properties
dialogue box to return to the eduroam Wireless network properties dialogue box. Then click OK to return
to the wizard.




                                                                                          Page 11 of 40
University for the Creative Arts                           Connecting to the eduroam wireless network




Connect to eduroam
Click Connect to.... The wizard moves on to a screen listing available wireless networks. Select
eduroam and click Connect. The dialogue box screen changes, informing you that additional log on
information is required to connect to this network.




Click Enter/select additional log on information. The Enter Credentials dialogue box opens.




                                                                                        Page 12 of 40
University for the Creative Arts                                Connecting to the eduroam wireless network




In the User name field, type your ucreative login followed by @ucreative.ac.uk. Your ucreative login is
the username you use to log in to University computers. It is usually but not always the same as the first
part of your University email address. It usually consists of one of your initials, followed by your family
name, sometimes followed by a number.
Note For many but not all people, what should be entered is the same as your full University email
         address. If the first part of your University email address is different to your ucreative login, make
         sure you type your ucreative login before the @. If your email address finishes
         @students.ucreative.ac.uk, ensure that you leave out the students. portion.
In the Password field type the password for your ucreative login. Leave the Logon domain field blank.
Then click OK.
Your computer will now try to connect to the eduroam wireless network with the username and password
you have supplied. If it is successful, a dialogue box appears to inform you.




You are now connected to the eduroam wireless network. Click Close to close the dialogue box.




                                                                                                 Page 13 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network


Connecting Apple Mac OS X 10.5 (Leopard) computers to eduroam

Add a new wireless network
From the Apple menu, select System Preferences.




The System Preferences application opens. Click the Network icon.




The network system preferences are displayed.
In the list of interfaces on the left hand side, click AirPort. The System Preferences window changes to
show the AirPort configuration.




Ensure that AirPort is turned on, and that the Ask to join new networks check box is ticked.
Click Advanced.... The Advanced pane slides in.




                                                                                            Page 14 of 40
University for the Creative Arts                                Connecting to the eduroam wireless network




Click the plus sign (+) to add a new preferred network. A dialogue box opens.




In the Network Name field, type eduroam. From the Security drop-down menu, choose WPA
Enterprise. The dialogue box expands to show more fields.




In the User Name field, type your ucreative login followed by @ucreative.ac.uk. Your ucreative login is
the username you use to log in to University computers. It is usually but not always the same as the first
part of your University email address. It usually consists of one of your initials, followed by your family
name, sometimes followed by a number.
Note For many but not all people, what should be entered is the same as your full University email
         address. If the first part of your University email address is different to your ucreative login, make

                                                                                                 Page 15 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network

        sure you type your ucreative login before the @. If your email address finishes
        @students.ucreative.ac.uk, ensure that you leave out the students. portion.
In the Password field type the password for your ucreative login. Ensure that the 802.1X drop-down
menu shows Automatic, and that the Remember this network check box is ticked. Then click Add.
The dialogue box closes and you are returned to the previous pane. The list of preferred networks should
now include a Network Name eduroam with Security WPA Enterprise. Click OK to return to the main
AirPort configuration, then click Apply.
Connect to eduroam
Your computer should now attempt to connect to the eduroam wireless network. After a few seconds, a
Verify Certificate dialogue box will open.




Click Show Certificate. The dialogue box expands to show the certificate details.




Tick the check box next to Always trust and then click Continue.
A dialogue box may appear informing you that eaptlstrust requires that you type your password. Enter the
username and password that you use to log in to your Macintosh, then click OK.
Note Your computer may now appear to be busy, with the multicoloured busy cursor spinning. This is a
        bug. Move the spinning cursor to the title bar of the Verify Certificate dialogue box, then click,
        hold and drag to move the Verify Certificate dialogue box to the bottom of the screen. This should
        reveal a different dialogue box which asks you to type your password to make changes to your
        Certificate Trust Settings. Enter the username and password that you use to log in to your
        Macintosh, then click OK.
A dialogue box entitled 802.1X Authentication opens. The User Name field is already filled with your
ucreative login and @ucreative.ac.uk. Type your ucreative password in the Password field, ensure that
the Only use this password once check box is unticked, then click OK.




                                                                                            Page 16 of 40
University for the Creative Arts                           Connecting to the eduroam wireless network




The main AirPort configuration window in the System Preferences application changes to show that you
are connected to the eduroam wireless network.




You are now connected to the eduroam wireless network and can close the system preferences
application.




                                                                                        Page 17 of 40
University for the Creative Arts                           Connecting to the eduroam wireless network


Connecting Apple Mac OS X 10.4 (Tiger) computers to eduroam

Add a new wireless network
From the Apple menu, select System Preferences.




The System Preferences application opens. Click the Network icon.




The network system preferences are displayed.




In the list select AirPort and click on Configure. The System Preferences window changes to show the
AirPort configuration.




                                                                                        Page 18 of 40
University for the Creative Arts                                Connecting to the eduroam wireless network




Click the plus sign (+) to add a new preferred network. A dialogue box opens.




In the Network Name field, type eduroam. From the Wireless Security drop-down menu, choose WPA
Enterprise. The dialogue box expands to show more fields.




In the User Name field, type your ucreative login followed by @ucreative.ac.uk. Your ucreative login is
the username you use to log in to University computers. It is usually but not always the same as the first
part of your University email address. It usually consists of one of your initials, followed by your family
name, sometimes followed by a number.
Note For many but not all people, what should be entered is the same as your full University email
         address. If the first part of your University email address is different to your ucreative login, make
         sure you type your ucreative login before the @. If your email address finishes
         @students.ucreative.ac.uk, ensure that you leave out the students. portion.
In the Password field type the password for your ucreative login. Ensure that the 802.1X drop-down
menu shows Automatic. Then click OK.

                                                                                                 Page 19 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network

Connect to eduroam
Your computer should now attempt to connect to the eduroam wireless network. After a few seconds, a
Verify Certificate dialogue box will open.




Click Show Certificate. The dialogue box expands to show the certificate details.




Tick the check box next to Always trust and then click Continue.
A dialogue box may appear informing you that eaptlstrust requires that you type your password. Enter the
username and password that you use to log in to your Macintosh, then click OK.
Note Your computer may now appear to be busy, with the multicoloured busy cursor spinning. This is a
        bug. Move the spinning cursor to the title bar of the Verify Certificate dialogue box, then click,
        hold and drag to move the Verify Certificate dialogue box to the bottom of the screen. This should
        reveal a different dialogue box which asks you to type your password to make changes to your
        Certificate Trust Settings. Enter the username and password that you use to log in to your
        Macintosh, then click OK.
A dialogue box entitled 802.1X Authentication opens.




                                                                                            Page 20 of 40
University for the Creative Arts                          Connecting to the eduroam wireless network

The User Name field is already filled with your ucreative login and @ucreative.ac.uk. Type your
ucreative password in the Password field, ensure that the Only use this password once check box is
unticked, then click OK.
You are now connected to the eduroam wireless network




                                                                                       Page 21 of 40
University for the Creative Arts                           Connecting to the eduroam wireless network


Connecting the Apple iPhone and iPod Touch to eduroam

The Apple iPhone and iPod touch are simple to configure to use eduroam.




Tap Settings on the main screen. The Settings application opens.




Tap Wi-Fi. The wireless network settings pane opens.




                                                                                       Page 22 of 40
University for the Creative Arts                               Connecting to the eduroam wireless network




Tap eduroam. You are prompted enter logon information for eduroam.




In the User name field, tap the keyboard to enter your ucreative login followed by @ucreative.ac.uk.
Your ucreative login is the username you use to log in to University computers. It is usually but not always
the same as the first part of your University email address. It usually consists of one of your initials,
followed by your family name, sometimes followed by a number.
Note For many but not all people, what should be entered is the same as your full University email
        address. If the first part of your University email address is different to your ucreative login, make
        sure you type your ucreative login before the @. If your email address finishes
        @students.ucreative.ac.uk, ensure that you leave out the students. portion.
In the Password field type the password for your ucreative login Then tap Join.



                                                                                               Page 23 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network




Your device attempts to join the eduroam network. A pane opens warning you that the certificate
presented by the ucreative server is not known to your device. Tap Accept to accept the certificate.




Your device is now connected to the eduroam network.




                                                                                            Page 24 of 40
University for the Creative Arts                              Connecting to the eduroam wireless network


Connecting Symbian S60 devices to eduroam

Symbian S60 devices with wireless networking capability, such as many of the Nokia E- and N-series
mobile phones, can be configured to connect to eduroam. The process is quite complex and requires
either a computer with a Bluetooth or cable connection to the device or for the device to be able to
browse to the internet using another method, such as via 3G/GPRS packet data or via another wireless
access point.
The instructions here were prepared using a Nokia E51 mobile phone. Other Symbian devices may differ
slightly.
Install and trust the ucreative root certificate – using a computer
There are a number of ways to install the ucreative root certificate. This document describes a method
using a separate computer connected to the internet, from which you can connect to your device, either
by Bluetooth or by cable.
Alternatively, you could use an alternative method of internet access through your device – from another
wireless network, or through your mobile phone operator’s GPRS, EDGE or 3G data connection – to
connect directly to http://www.ucreative.ac.uk/ithelp and download the root certificate. The procedure for
doing this will vary according to the device and the method of internet access used, so no instructions are
given here. But note that in all circumstances the certificate must be trusted before a Symbian S60 device
will connect successfully to eduroam.
Install and trust the ucreative root certificate – using a computer
Using a computer from which you can connect to your device, use a web browser to go to:
http://www.ucreative.ac.uk/ithelp
Follow the links through Wireless Internet Access to where you can download the ucreative root
certificate. When prompted, save the certificate in file ucreative-ca-certificate.crt somewhere
accessible, such as on your Desktop.
Now connect your computer to your device, using Bluetooth or a cable. Use your computer’s software to
upload the certificate to a location on your device. Make a note a where you upload it to: whether it is on
the device’s main memory or on a memory card, and in what folder you have uploaded the certificate. In
this example, the certificate was uploaded to the Other folder within the main device memory.
Press the Menu key on your Symbian device. The main menu opens.




Use the navikey to select and click Office. The Office menu opens.




                                                                                              Page 25 of 40
University for the Creative Arts                                Connecting to the eduroam wireless network




Use the navikey to select and click the File Manager application. The File Manager application opens.
Use the File Manager to navigate to the location where you uploaded the certificate file, and click on it
with the centre button of your navikey.
Note The certificate file in this example is called certnew.cer. Depending on the method you have
        used, your certificate file will probably be called ucreative-ca-certificate.crt.




Your device prompts you to save the certificate.




Press the Save softkey.
Your device warns you that the certificate might be insecure.




                                                                                              Page 26 of 40
University for the Creative Arts                                Connecting to the eduroam wireless network




Press the Save softkey.
Your device prompts you to confirm the label for the certificate.




Leave the label ucreative unchanged and press the OK soft key.
Your device prompts you to define the uses for which the certificate is to be trusted.




Use the navikey to tick all the check-boxes on this screen. Then press the OK softkey.
You have now installed and trusted the ucreative certification authority root certificate. If you need to alter
or verify settings in the future, you can do so from your device’s preferences, within the Security pane.
Set up your connection to eduroam
Press the Menu key on your Symbian device. The main menu opens.




                                                                                                Page 27 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network




Use the navikey to select and click Tools. The Tools menu opens.




Select and click Settings. The Settings application opens.




Use the navikey to scroll down to Connection and click.




                                                                                         Page 28 of 40
University for the Creative Arts                           Connecting to the eduroam wireless network




Use the navikey to Scroll down to Access Points and then click the Options softkey.




Use the navikey to select and click New access point.




Click Connection with the navikey and enter eduroam.




                                                                                       Page 29 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network




Use the navikey to scroll down to Data Bearer.




Click the navikey. The Data Bearer options screen opens.




Use the navikey to change the activated radio button to Wireless LAN, the click the OK softkey.




                                                                                          Page 30 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network




Scroll down to WLAN network name and click the navikey.




Use the navikey to change the activated radio button to Search for networks, then click the OK softkey.
The devices searches.




Use the navikey to select eduroam and then press the Select softkey. You are returned to the main
connection configuration screen, now entitled eduroam.




                                                                                          Page 31 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network




Use the navikey to scroll down to WLAN Security Settings and click.




Use the navikey to scroll down to EAP plug-in settings and click. The device shows a screen listing the
available EAP types for the connection.




You must now enable only the EAP type EAP-PEAP. First, scroll down to EAP-PEAP using the navikey
and then press the Options softkey.




                                                                                          Page 32 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network




Use the navikey to select Enable and then press the Select softkey. You are returned to the list of EAP
Types.
Now scroll up to EAP-SIM and press the Options softkey.




Use the navikey to move to Disable and then press the Select softkey.
Repeat the process to disable EAP-AKA and any other EAP types that are not EAP-PEAP.
When you have finished, the EAP types screen should look like the following screenshot.




Use the navikey to scroll down to EAP-PEAP and then click the navikey. The EAP-PEAP settings screen
opens, on the Settings tab.




                                                                                           Page 33 of 40
University for the Creative Arts                                 Connecting to the eduroam wireless network




Use the navikey to scroll to Authority Certificate and click. A list of certification authority root certificates
opens.




Use the navikey to activate the ucreative radio button, then click the OK softkey. You are returned to the
EAP-PEAP settings screen.




Use the navikey to scroll down to User name in use and click. The setting changes to User defined.




                                                                                                  Page 34 of 40
University for the Creative Arts                               Connecting to the eduroam wireless network




Use the navikey to scroll down to User name and click. Your device shows a screen prompting you to
enter your username.




Enter your ucreative login. Your ucreative login is the username you use to log in to University computers.
It is usually but not always the same as the first part of your University email address. It usually consists
of one of your initials, followed by your family name, sometimes followed by a number: jsmith2,
astudent3.
Then click the OK softkey. You are returned to the EAP-PEAP settings screen.




Use the navikey to scroll down to Realm in use and click. The setting changes to User defined.




                                                                                              Page 35 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network




Use the navikey to scroll down to Realm, then click. In the same manner that you entered your ucreative
login, enter the realm ucreative.ac.uk, then click the OK softkey.
You are returned to the EAP-PEAP settings screen.




Now press the right edge of the navikey to move from the Settings tab to the EAPs tab.




The screen shows the EAP types that your device will use inside EAP-PEAP – the inner EAP type.
Using the same method that you used before, enable EAP-MSCHAPv2. Then disable EAP-SIM, EAP-
AKA and any other EAP type.
When you have finished the inner EAP type screen should look like the following screenshot.




                                                                                          Page 36 of 40
University for the Creative Arts                            Connecting to the eduroam wireless network




Use the navikey to scroll down to EAP-MSCHAPv2 and click. Your device shows the EAP-MSCHAPv2
settings screen.




Use the navikey to click User name. Your device prompts you to enter your username.




Once again, enter your ucreative login and then press the OK softkey. You are returned to the EAP-
MSCHAPv2 settings screen.




                                                                                          Page 37 of 40
University for the Creative Arts                             Connecting to the eduroam wireless network




Ensure that the Prompt password setting is set to No.
Use the navikey to scroll down to Password and click.




Enter the password you use with your ucreative login. Your device only shows each letter for a few
moments, so take care when entering your password. Note in particular that this password is case
sensitive. Then click the OK softkey.
Finally, click Back and Exit on the right-hand softkey to return to your device’s main screen. You can now
connect to the internet using eduroam. How you do this will depend on your device, and whether or not it
is set up to scan for wireless networks. On the Nokia E51, either eduroam will appear in the list of
wireless networks on the main screen, or an option to scan for wireless networks will appear there.
Scrolling to either of these and clicking with navikey will begin the process of connecting to the internet
via eduroam.
Note Some S60 Symbian applications, such as RealPlayer, do not automatically use the same Access
         Point as the Symbian web browser. Always ensure that you are indeed connecting via eduroam,
         to avoid possible expensive charges which can be occurred when using your mobile phone
         operator’s data connection.




                                                                                            Page 38 of 40
University for the Creative Arts                               Connecting to the eduroam wireless network


Technical Information

The following technical information is to help people running Linux or other operating systems to
configure their laptops, PDAs or wireless network equipped mobile phones.
The system used to authenticate users and encrypt network traffic on eduroam at ucreative is WPA
Enterprise, Wi-Fi Protected Access Enterprise. Other forms of WPA, including WPA-PSK and WPA2-
Enterprise are not supported and will not work. WPA Enterprise is a combination of 802.1x network
access control and wireless encryption techniques. Both AES and TKIP encryption techniques are
supported.
802.1x relies on EAP, the Extensible Authentication Protocol to authenticate users. There are a number
of EAP types. For students and other users using their own laptops or mobile devices, the EAP type that
must be used is PEAPv0/EAP-MSCHAPv2. This is sometimes known simply as PEAP.
PEAPv0/EAP-MSCHAPv2 is used to transmit the ucreative login and password in a secure manner to
Active Directory servers for verification. However, in order for laptops to be able to work consistently
across eduroam sites, the ucreative login must be provided with @ucreative.ac.uk appended.
PEAPv0/EAP-MSCHAPv2 requires that the server doing the authentication identify itself by means of an
X.509 electronic certificate in a similar manner to a secure website. The certificate supplied by the
ucreative authentication server is signed by the ucreative certification authority. This certification
authority will be unknown to all computers except those issued by ucreative IT. Therefore for most
operating systems either verification of the certificate must be turned off or the certificate manually
installed and trusted. The root certificate for the ucreative certification authority can be downloaded onto
computers on the internal wired network from here:
        http://ul03vn0006/certsrv/
Fast Reconnect is not supported and should be disabled.
The ucreative implementation of eduroam also supports authentication using EAP-TLS. This method
requires that the laptop has a certificate installed, and is only for laptops and other devices supplied by
ucreative IT. EAP-TLS will not work with other laptops.

Access for staff using ucreative laptops

Although this document refers to ‘students’, staff may also use their own laptops on the eduroam network
by configuring them as described above. They may also use the eduroam networks at other institutions
as described below.
Staff using ucreative laptops, either Macs or PCs, can gain enhanced access to eduroam on the UCA
campuses. Enhanced access allows staff to connect to fileservers, and also to run the full-featured
version of Outlook rather than the web version. Not all laptops are suitable, and laptops must be under
ucreative control to gain enhanced access. Contact ICT for more information.

Access for visitors to the University for the Creative Arts

The University implements JANET Roaming Service Tier 2, documented at:
        http://www.ja.net/services/authentication-and-authorisation/janet-roaming.html
This allows visitors from participating organisations to access the eduroam network here using their own
username and password.
Visitors should ensure that their eduroam setup is working correctly in their own organisation before
travelling.

Access for UCA users visiting other institutions

Not all academic institutions support eduroam. An up to date list is available at:
        http://www.ja.net/services/authentication-and-authorisation/janet-roaming.html
Students should ensure that their eduroam setup is working correctly here before travelling. They can
then log in at other eduroam enabled institutions using their ucreative login and password. It is important
that their eduroam setup uses the username in the format give in this document, with ucreative.ac.uk
either as part of the username or as the realm. Whilst some other formats will work within the UCA

                                                                                               Page 39 of 40
University for the Creative Arts                              Connecting to the eduroam wireless network

campus, only this format can be successfully routed by other institutions back to the University’s servers
for checking.
Not all academic institutions support AES encryption. For Windows Vista and Windows XP, it may be
advisable to change the Encryption type setting from AES to TKIP. This will also work within the UCA
campus; however, the AES encryption type is recommended because it offers greater security.




                                                                                             Page 40 of 40

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:3/12/2013
language:English
pages:40