Dr. Lawlor's Code, Robots, & Things

August 18, 2014

UAF Eduroam setup in Linux

Filed under: Linux — Dr. Lawlor @ 5:23 pm

Eduroam provides simple, no-login roaming wifi at a bunch of higher educational institutions.  It’s an IEEE 802.1X authentication setup, where you set up credentials at your home institution, and they can be used worldwide.

First go to https://nah.alaska.edu/eduroam/, and log in with your UA credentials (same as blackboard, UAOnline, etc).  Download the Root certificate (rootCA.crt) and your “PKCS12 with intermediate and root” .p12 file, and save them to a fixed location on your machine.

Select the “eduroam” network from Network-Manager applet.
Should auto-identify as WPA/WPA2 Enterprise.
Authentication is TLS.  (It’s NOT Tunneled TLS or PEAP here, like it is most other places.)
Identity is “YOURLOGIN@alaska.edu”.
User certificate is left blank (for some reason).
CA certificate is rootCA.crt file downloaded above.
Private key is your .p12 file, again from above.
Private key password is YOURLOGIN.
Overall, it should look like this browser and network manager setup.

This shows Eduroam working correctly in Linux.

This shows Eduroam working correctly in Linux.

Now connect to the eduroam wifi!

It should connect within 10 seconds; if it lags for half a minute or more something’s messed up.  You need to download new certificates every year, so keep this post handy!

Advertisements

3 Comments »

  1. […] wireless without logging in, so I set out to get my robot to connect to it. Dr. Lawlor has a great blog post about connecting to eduroam on Ubuntu, but the gui on Raspbian, wpa_gui, was so limited that the […]

    Pingback by Connecting Raspberry Pi to Eduroam at UAF | Rainforest Robots — December 4, 2015 @ 1:56 pm

  2. Thanks for this post. FYI, here’s the raw netctl file for anyone directly using netctl:

    Description=’eduroam’
    Interface=wlp1s0
    Connection=wireless
    IP=dhcp
    ESSID=eduroam
    Security=wpa-configsection
    WPAConfigSection=(
    ‘ssid=”eduroam”‘
    ‘scan_ssid=1’
    ‘key_mgmt=WPA-EAP’
    ‘eap=TLS’
    ‘identity=”foo@alaska.edu”‘
    ‘ca_cert=”/path/to/rootCA.crt”‘
    ‘private_key=”/path/to/foo.p12″‘
    ‘private_key_passwd=”foo”‘
    )

    Comment by Cam — January 27, 2017 @ 4:05 pm

    • Nice! I’ve been looking for a command line way to connect to eduroam for headless Raspberry Pi’s, I’ll need to try this trick!

      Comment by Dr. Lawlor — January 27, 2017 @ 4:12 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: