wiki.in.tum.de
Technische Universität München
You are here: Foswiki>Informatik/Helpdesk Web>Wifi (04 Jul 2019, NikolayStoyanovGa48pif)Edit Attach

WLAN


This article deals with eduroam configuration for various OS. Its focus is mainly on the network settings in TUM's FMI building.

1. General information about Eduroam and CAT Eduroam

Education Roaming (eduroam) is a worldwide Internet access service for educational and research institutions and their staff and students. It enables Internet access at the sites of all participating organisations using their own username and password.

Moreover, eduroam serves as an access to the scientific network for travelling scientists, students and employees of other universities or research facilities that are part of the global roaming.

A lot of systems carry out little to no security checks during setup, which enables attackers to intercept your password at any time. For this purpose they should simply be in the radio range of your device.

To ensure a secure eduroam configuration, it is strongly recommended to set up eduroam using the wizard (CAT tool), which provides an automatic configuration for most operating systems. The process entails a WLAN profile configuration and, if needed, an additional installation of a CA certicate by Deutsche Telekom for use in the WLAN profile.

In order to use the WLAN, Deutsche Telekom's root certificate is required. („T-TeleSec GlobalRoot Class 2“, valid until 02. Oktober 2033 01:59:59 MESZ) It can be found in the certificate store of most common operating systems or it can be downloaded manually. The root certificate is located under the following link: https://www.pki.dfn.de/fileadmin/PKI/zertifikate/T-TeleSec_GlobalRoot_Class_2.crt

A manual eduroam configuration holds major security risks and may possibly allow for user data theft. More information on security tips about eduroam in German can be retrieved here.

2.Manuals

1. Windows

2. MacOS

3. Linux

3.1 systemd-networkd

For the eduroam network following should be appended to your wpa_supplicant configuration for the corresponding WLAN interface:

network={
  ssid=\"eduroam\"
  key_mgmt=WPA-EAP
  pairwise=CCMP
  group=CCMP TKIP
  eap=PEAP
  ca_cert=\"/etc/wpa_supplicant/cert/ca.pem\"
  identity=\"<i>LRZ-Kennung</i>\"
  domain_suffix_match=\"radius.lrz.de\"
  phase2=\"auth=MSCHAPV2\"
  password=\"<i>password</i>\"
  anonymous_identity=\"anonymous@eduroam.mwn.de\"
}

Now you only need the eduroam certificate, which you can obtain for example from the LRZ website.

5. iOS (iPhone/iPad)

6. Android

6.1. Android

7. Sources

- https://info.gwdg.de/dokuwiki/doku.php?id=en:services:network_services:eduroam:start
- https://info.gwdg.de/docs/doku.php?id=en:services:network_services:eduroam:linux_ubuntu_14.04
- https://www.uni-bamberg.de/rz/dienstleistungen/netz/wlan/eduroam/
- https://www.anleitungen.rrze.fau.de/internet-zugang/wlan/
Topic revision: r13 - 04 Jul 2019, NikolayStoyanovGa48pif
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback