Kings College London

Information Services and Systems

Eduroam
v1.00 15 September 2009

Contents
Introduction ................................................................................................................... 2 Resources ...................................................................................................................... 3 Generic configuration parameters ............................................................................... 4 Configuration for Windows XP SP2 and SP3.............................................................. 5 System requirements ............................................................................................... 5 Connecting for the first time .................................................................................... 5 How to modify the stored user name and password ............................................. 9 Subsequent connections at King's........................................................................... 9 Subsequent connections at other organisations .................................................. 10 Configuration for Windows Vista ............................................................................... 11 Connecting for the first time .................................................................................. 11 How to modify the stored user name and password ........................................... 16 Subsequent connections at King's......................................................................... 16 Subsequent connections at other organisations .................................................. 16 Configuration for Windows 7 ..................................................................................... 18 Connecting for the first time .................................................................................. 18 How to modify the stored user name and password ........................................... 22 Subsequent connections at King's......................................................................... 22 Subsequent connections at other organisations .................................................. 23 Configuration for Mac OS X 10.4 ............................................................................... 24 Connecting for the first time .................................................................................. 24 Subsequent connections at King's......................................................................... 27 Subsequent connections at other organisations .................................................. 27

Introduction
eduroam allows users at any participating organisation to log on to the wireless network using the same username and password that they would use at their home organisation. Within the UK, eduroam is provided by the JANET Roaming Service (JRS) through its membership in the international eduroam federation. You do not need to register to use eduroam. The eduroam network is available to all King's email account holders. Before accessing eduroam you are required to familiarise yourself and then comply with all applicable regulations and acceptable use policies: o o o o King's ISS regulations http://www.kcl.ac.uk/about/governance/regulations/iss.html JANET Acceptable Use Policy http://www.ja.net/company/policies/janet-aup.html JANET Roaming Policy http://www.ja.net/documents/services/janet-roaming/policy.pdf The acceptable use policy of the organisation you are visiting. Visited organisations are required to make their local policies easily accessible, for example through the JANET Roaming web pages or their local login page.

You must also ensure that you are able to access eduroam at King's before visiting another organisation. As all support for eduroam is provided by the user's home organisation, you will not be able to obtain support from the visited organisation and it might be difficult to diagnose your problem remotely when you are away from King's. Eduroam at King's uses a highly secure encryption standard known as WPA2 Enterprise (or WPA2/AES). This encryption standard is supported by current versions of Microsoft Windows and Apple OS X. Other devices and operating systems may or may not support WPA2/AES. If you are a Windows or Apple Mac user, you are strongly advised to: o Install the latest updates and service packs for your operating system. For more information, visit Microsoft update (http://update.microsoft.com) or Apple Software Update (http://www.apple.com/softwareupdate/). Ensure that you have the latest available device driver for your wireless adapter. Visit the web site of the manufacturer of your computer or wireless adapter, then download and install any available updates.

Other organisations may use different network encryption standards (e.g. WPA/TKIP). The information will generally be provided on the organisation's web site. If so, you may have to modify your wireless connection's encryption settings to match. The procedure is described in the section "Subsequent Connections at other organisations" for each operating system.

Eduroam configuration guide

Page 2

Resources
Further information about eduroam and the JANET Roaming Service: JANET Roaming Service home page eduroam web site
http://www.ja.net/services/authentication-and-authorisation/janet-roaming.html http://www.eduroam.org/ http://www.ja.net/documents/services/janet-roaming/userguide.pdf http://www.ja.net/services/authentication-and-authorisation/janet-roaming/participating-organisations-map.html

JANET roaming user guide

Map of participating organisations (UK, Europe and Asia/Pacific)

Using JANET Roaming eduroam - for end users Roaming Technology FAQs

http://www.ja.net/services/authentication-and-authorisation/janet-roaming/using-janet-roaming.html

http://www.ja.net/services/authentication-and-authorisation/janet-roaming/technology.html

Eduroam configuration guide

Page 3

Generic configuration parameters

Network authentication*: Encryption*: PEAP properties: Validate the server's certificate: Authentication method: Identity for PEAP: Yes (The certificate is issued to eduroam.kcl.ac.uk) EAP-MSCHAPV2 [email protected] where username is your Kings username, e.g. [email protected] Your King's password WPA2 AES

Protocol for 802.1X authentication: Protected EAP (PEAP)

Password:

* Eduroam at King's uses a highly secure encryption standard, known as WPA2 Enterprise (or WPA2/AES). Other organisations may use different network encryption (e.g. WPA/TKIP). If so, you will need to change that part of your network configuration. You should check the visited organisation's web site to determine which encryption settings to use.

Eduroam configuration guide

Page 4

Configuration for Windows XP SP2 and SP3

System requirements
These instructions assume that you are using the standard Windows XP wireless network configuration utility. If you are using the computer or wireless card manufacturers utility, please consult the appropriate documentation for your hardware and use the generic configuration parameters.

Connecting for the first time

Right-click the wireless network icon in the system tray and select View available wireless networks.

In the list of wireless networks, select eduroam and click Connect. This attempted connection will fail, but it will ensure that Windows is aware of the network's existence.

Select Change advanced settings.

Eduroam configuration guide

Page 5

 In the Wireless Network Connection Properties dialog, select the Wireless Networks tab.

In the list of preferred networks, select eduroam and click on Properties.

Set Network Authentication to WPA2. Note: if WPA2 is not shown in the list, download and install the Wireless Client Update from Microsoft at http://support.microsoft.com/kb/917021/ . Set Data encryption to AES.

Eduroam configuration guide

Page 6

 Select the Authentication tab.

o o o

Set the EAP type to Protected EAP (PEAP). Uncheck the box marked Authenticate as computer... Uncheck the box marked Authenticate as guest...

Click the Properties button.

o o o

Ensure that the box marked Validate server certificate is checked. In the Trusted Root Certification Authorities, scroll down the list and ensure that the box marked GTE CyberTrust Global Root is checked. This is important! In the Select Authentication Method dropdown, select Secured Password (EAP-MSCHAP v2).

Eduroam configuration guide

Page 7

 Click the Configure... button.

Uncheck the box marked Automatically use my Windows logon name...

Click OK, then OK again to return to the eduroam properties dialog. Click OK, then OK again to return to the Windows Desktop. A balloon associated with the wireless network icon in the systems tray will appear, prompting you to select a certificate or other credentials. Click on the balloon.

In the Enter Credentials dialog, enter the following information:

o User name:

[email protected] where username is your King's username, e.g. [email protected] Your King's password Leave blank

o Password: o Logon domain:

Eduroam configuration guide

Page 8

 Click OK to connect to the network. On successful connection, the status of the eduroam network in the list of wireless networks will change to connected.

How to modify the stored user name and password

Once you have entered your username and password for the eduroam network and connected successfully, Windows will remember it forever. If you need to change or delete your credentials from your computer, run regedit and delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo Detailed instructions are available on Microsofts web site at http://support.microsoft.com/kb/823731

Subsequent connections at King's

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, if you have also used the KINGSWIRELESS network at King's, your PC may automatically connect to KINGSWIRELESS in preference to eduroam. If this is not what you want, you will need to change the order of preferred networks: Right-click the wireless network icon in the system tray and select View available wireless networks. Select Change the order of preferred networks.

Highlight eduroam, click the Move up button until eduroam is above KINGSWIRELESS then click OK.

Eduroam configuration guide

Page 9

Subsequent connections at other organisations

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, some organisations still use an older encryption standard known as WPA/TKIP and you may have to change your computer's settings to match. You should check the organisation's web site to determine which encryption settings to use. To change the encryption settings to WPA/TKIP: Right-click the wireless network icon in the system tray and select View available wireless networks. Select Change the order of preferred networks. Highlight the eduroam item and click on Properties. o o o Set Network Authentication to WPA. Set Data encryption to TKIP. Click on OK, then OK again to finish.

Don't forget to change the settings back to WPA2/AES when you return to King's!

Eduroam configuration guide

Page 10

Configuration for Windows Vista

Connecting for the first time
Right-click the network icon in the system tray and select Network and Sharing Center.

In Network and Sharing Center, click on Manage wireless networks in the Tasks pane.

The Manage wireless networks dialog will open.

Eduroam configuration guide

Page 11

 Click the Add button, then select Add a network that is in the range of this computer.

Ensure that the eduroam network is present in the list, just to verify that you are located in an area where eduroam is available. Now click Cancel. Click the Add button again, but this time select Manually create a network profile.

Enter the following information: o Network name: o Security type: eduroam WPA2-Enterprise

o Encryption type: AES o Start this connection automatically: Yes o Connect even if the network is not broadcasting: No Click Next. A dialog titled Successfully added eduroam will appear. Click on Change connection settings to open eduroam properties.

Eduroam configuration guide

Page 12

 In the eduroam properties dialog, select the Security tab.

Select Microsoft: Protected EAP (PEAP) as the authentication method and then click Settings.

o o o

Ensure that the box marked Validate server certificate is checked. In the Trusted Root Certification Authorities, scroll down the list and ensure that the box marked GTE CyberTrust Global Root is checked. Select Authentication Method as Secured Password (EAP-MSCHAP v2).

Click the Configure... button.

Uncheck the box marked Automatically use my Windows logon name...

Click OK, then OK again to return to the eduroam properties dialog. Click OK to return to the Successfully added eduroam dialog. Click Close to return to the Manage wireless networks dialog. The eduroam network should now be listed there:

Eduroam configuration guide

Page 13

 Close the Manage wireless networks dialog, then close the Network and Sharing Center. Right-click the network icon in the system tray and select Connect to a network.

In the list of networks, select eduroam and click on connect.

You will receive a message informing you that Additional logon information is required to connect to this network.

Eduroam configuration guide

Page 14

 Click on Enter/select additional log on information and enter the following information:

o User name:

[email protected] where username is your King's username, e.g. [email protected] Your King's password Leave blank

o Password: o Logon domain:

Click on OK. A Connecting to eduroam message will be shown. On successful connection, this will be replaced by the message Successfully connected to eduroam.

You will next be prompted to select a location for the eduroam network. The choices are Home Nework, Work Network and Public Network. Choose Public Network and then press Close in the confirmation dialog.

Eduroam configuration guide

Page 15

How to modify the stored user name and password

Once you have entered your username and password for the eduroam network and connected successfully, Windows will remember it forever. If you need to change the stored credentials: o o o o o o Right-click the network icon in the system tray and select Network and Sharing Center. If you are connected to eduroam, click on Disconnect. Click on Manage wireless networks, right-click on eduroam and select Properties. Select the Security tab and uncheck the box marked Cache user information for subsequent connections to this network. Click OK. Connect to eduroam again. This time you will be prompted for the new credentials.

If you want the new credentials to be remembered, repeat the procedure but this time check the box marked Cache user information for subsequent connections to this network.

Subsequent connections at King's

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, if you have also used the KINGSWIRELESS network at King's, your PC may automatically connect to KINGSWIRELESS in preference to eduroam. If this is not what you want, you will need to change the order of preferred networks: Right-click the network icon in the system tray and select Network and Sharing Center. In Network and Sharing Center, click on Manage wireless networks in the Tasks pane. The Manage wireless networks dialog will open, showing a list of all your wireless networks. Click on eduroam and drag it upwards so that it is above KINGSWIRELESS in the list.

Subsequent connections at other organisations

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, some organisations still use an older encryption standard known as WPA/TKIP and you may have to change your computer's settings to match. You should check the organisation's web site to determine which encryption settings to use. To change the encryption settings to WPA/TKIP: Right-click the network icon in the system tray and select Network and Sharing Center. In Network and Sharing Center, click on Manage wireless networks in the Tasks pane. The Manage wireless networks dialog will open, showing a list of all your wireless networks. Eduroam configuration guide Page 16

 Right-click the eduroam item and click on Properties. Select the Security tab. o o o Set Security type to WPA-Enterprise. Set Data encryption to TKIP. Click on OK to finish.

Don't forget to change the settings back to WPA2-Enterprise / AES when you return to King's!

Eduroam configuration guide

Page 17

Configuration for Windows 7

Connecting for the first time
Click the network icon in the system tray and then click on Wireless Network Connection to see the list of available wireless networks.

Verify that the eduroam network is present, which means that you are within range. Click on Open Network and Sharing Center. In Network and Sharing Center, click on Manage wireless networks.

The Manage wireless networks dialog will open.

Eduroam configuration guide

Page 18

 Click the Add button and select Manually create a network profile.

Enter the following information: o Network name: o Security type: eduroam WPA2-Enterprise

o Encryption type: AES o Start this connection automatically: Yes o Connect even if the network is not broadcasting: No Click Next. A dialog titled Successfully added eduroam will appear. Click on Change connection settings to open eduroam properties. In the eduroam properties dialog, select the Security tab.

Select Microsoft: Protected EAP (PEAP) as the authentication method and then click Settings.

Eduroam configuration guide

Page 19

o o o

Ensure that the box marked Validate server certificate is checked. In the Trusted Root Certification Authorities, scroll down the list and ensure that the box marked GTE CyberTrust Global Root is checked. Select Authentication Method as Secured Password (EAP-MSCHAP v2).

Click the Configure... button.

Uncheck the box marked Automatically use my Windows logon name...

Click OK, then OK again to return to the eduroam properties dialog. Click OK to return to the Successfully added eduroam dialog. Click Close to return to the Manage wireless networks dialog. The eduroam network should now be listed there:

Eduroam configuration guide

Page 20

 Close the Manage wireless networks dialog, then close the Network and Sharing Center. Click the network icon in the system tray. Then click on eduroam and click the Connect button.

You will receive a message informing you that Additional logon information is required and a dialog box prompting you for a user name and password.

Click on Enter/select additional log on information and enter the following information: o User name: [email protected] where username is your King's username, e.g. [email protected] Your King's password Page 21

o Password: Eduroam configuration guide

 Click on OK. A Connecting to eduroam message will be shown. On successful connection, this will be replaced by the message Successfully connected to eduroam.

You will next be prompted to select a location for the eduroam network. The choices are Home Nework, Work Network and Public Network. Choose Public Network and then press Close in the confirmation dialog.

How to modify the stored user name and password

Once you have entered your username and password for the eduroam network and connected successfully, Windows will remember it forever. If you need to change the stored credentials: o o o o o Click the network icon in the system tray. If you are connected to eduroam, click on eduroam and then click on Disconnect. Right-click on eduroam and select Properties. Select the Security tab and uncheck the box marked Remember my credentials for this connection each time Im logged on. Click OK. Connect to eduroam again. This time you will be prompted for the new credentials.

If you want the new credentials to be remembered, repeat the procedure but this time check the box marked Cache user information for subsequent connections to this network.

Subsequent connections at King's

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, if you have also used the KINGSWIRELESS network at King's, your PC may automatically connect to KINGSWIRELESS in preference to eduroam. If this is not what you want, you will need to change the order of preferred networks: Click the network icon in the system tray and select Open Network and Sharing Center. In Network and Sharing Center, click on Manage wireless networks. The Manage wireless networks dialog will open, showing a list of all your wireless networks. Click on eduroam and drag it upwards so that it is above KINGSWIRELESS in the list.

Eduroam configuration guide

Page 22

Subsequent connections at other organisations

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, some organisations still use an older encryption standard known as WPA/TKIP and you may have to change your computer's settings to match. You should check the organisation's web site to determine which encryption settings to use. To change the encryption settings to WPA/TKIP: Click the network icon in the system tray. If you are connected to eduroam, click on eduroam and then click on Disconnect. Right-click on eduroam and select Properties. Select the Security tab. o o o Set Security type to WPA-Enterprise. Set Data encryption to TKIP. Click on OK to finish.

Don't forget to change the settings back to WPA2-Enterprise / AES when you return to King's!

Eduroam configuration guide

Page 23

Configuration for Mac OS X 10.4

Connecting for the first time
Visit an area where eduroam is available. Right-click on the AirPort icon. If AirPort is off, select Turn AirPort On.

Ctrl-click (or right-click) on the AirPort icon. Make sure that eduroam is present in the list of available wireless networks and select Open Internet Connect.

In the Internet Connect window, select the 802.1X item.

Eduroam configuration guide

Page 24

 Click inside the Configuration selector and choose Edit Configurations.

In the Edit Configurations dialog, enter the following information:

o Description: o User name:

eduroam [email protected] where username is your King's username, e.g. [email protected] Your King's password eduroam Unselect all items except PEAP

o Password: o Wireless network: o Authentication:

Click OK to return to the 802.1X window. You are now ready to connect.

Click the Connect button.

Eduroam configuration guide

Page 25

At this stage you may be presented with a Verify Certificate dialog which says The server certificate is not trusted because there are no explicit trust settings.

Click on Show Certificate.

The displayed certificate should be have the name eduroam.kcl.ac.uk and be signed by Cybertrust Educational CA and GTE Cybertrust Global Root. Check the box titled Always trust these certificates then click Continue. After a few seconds, the Status: indicator in the 802.1X window should show that you are connected to the network.

You can now quit the Internet Connect application.

Eduroam configuration guide

Page 26

Subsequent connections at King's

On subsequent occasions the connection to eduroam will be established automatically. You will not need to re-enter your credentials but you may be prompted with a dialog asking "Mac OS X wants permission to use the "eduroam" item from your keychain. Do you want to allow this?". Click on Always allow if you do not want to be prompted again. If you have also used the KINGSWIRELESS network at King's, your Mac may connect to KINGSWIRELESS in preference to eduroam. If this is not what you want, you will need to change the order of preferred networks: Open System Preferences, click the Network item and in the Show selector, choose AirPort. Then drag the eduroam item to the top of the list and click on Apply Now.

Subsequent connections at other organisations

On subsequent occasions your PC should connect to eduroam automatically and you will not need to re-enter your credentials. However, some organisations still use an older encryption standard known as WPA Enterprise (also known as WPA/TKIP) instead of WPA2 Enterprise and you may have to change your computer's settings to match. You should check the organisation's web site to determine which encryption settings to use. To change the encryption settings to use WPA: Open System Preferences, click the Network item and in the Show selector, choose AirPort. Click on the eduroam item, then click the Edit button. In the Wireless Security selector, choose WPA Enterprise. Don't forget to change the settings back to WPA2 Enterprise when you return to King's!

Eduroam configuration guide

Page 27