Wifi - ITO Wiki

= WLAN =

This article deals with eduroam configuration for various OS. Its focus is mainly on the network settings in TUM's FMI building.

4

== 1. General information about Eduroam and CAT Eduroam ==

11

12

Education Roaming (eduroam) is a worldwide Internet access service for educational and research institutions and their staff and students. It enables Internet access at the sites of all participating organisations using their own username and password.

13

14

Moreover, eduroam serves as an access to the scientific network for travelling scientists, students and employees of other universities or research facilities that are part of the global roaming.

15

16

A lot of systems carry out little to no security checks during setup, which enables attackers to intercept your password at any time. For this purpose they should simply be in the radio range of your device.

17

18

To ensure a secure eduroam configuration, it is strongly recommended to set up eduroam using the wizard (CAT tool), which provides an automatic configuration for most operating systems. The process entails a WLAN profile configuration and, if needed, an additional installation of a CA certicate by Deutsche Telekom for use in the WLAN profile.

19

20

In order to use the WLAN, Deutsche Telekom's root certificate is required. („T-TeleSec !GlobalRoot Class 2“, valid until 02. Oktober 2033 01:59:59 MESZ) It can be found in the certificate store of most common operating systems or it can be downloaded manually. The root certificate is located under the following link:

21

https://www.pki.dfn.de/fileadmin/PKI/zertifikate/T-TeleSec_GlobalRoot//Class//2.crt

22

23

A manual eduroam configuration holds major security risks and may possibly allow for user data theft. More information on security tips about eduroam in German can be retrieved [[here>>https://www.lrz.de/services/netz/wlan/sicherheit/]].

== 2.Manuals ==

=== 1. Windows ===

==== 1.1. [[Windows with data link>>https://wiki.tum.de/display/docs/Windows+with+data+link]] ====

30

31

==== 1.2. [[Windows without data link>>https://wiki.tum.de/display/docs/Windows+without+data+link]] ====

=== 2. MacOS ===

==== 2.1. [[MacOS with data link>>https://wiki.tum.de/display/docs/macOS+with+data+link]] ====

36

37

==== 2.2. [[MacOS without data link>>https://wiki.tum.de/display/docs/macOS+without+data+link]] ====

=== 3. Linux ===

==== 3.1 systemd-networkd ====

42

43

For the eduroam network following should be appended to your wpa_supplicant configuration for the corresponding WLAN interface:

{{{network={

ssid=eduroam

key_mgmt=WPA-EAP

pairwise=CCMP

group=CCMP TKIP

eap=PEAP

ca_cert=/etc/wpa_supplicant/cert/ca.pem

52

identity=LRZ-Kennung

53

domain_suffix_match=radius.lrz.de

54

phase2=auth=MSCHAPV2

55

password=password

56

anonymous_identity=anonymous@eduroam.mwn.de

}

}}}

Now you only need the eduroam certificate, which you can obtain for example from the LRZ [[website>>https://www.lrz.de/services/netz/wlan_en/]].

63

64

=== 5. iOS (iPhone/iPad) ===

65

66

==== 5.1. [[iOS with mobile data link>>https://wiki.tum.de/display/docs/iOS+with+mobile+data+link]] ====

67

68

==== 5.2. [[iOS without mobile data link>>https://wiki.tum.de/display/docs/iOS+without+mobile+data+link]] ====

=== 6. Android ===

==== 6.1. [[ Android>>https://wiki.tum.de/display/docs/Android+with+PWD]] ====

=== 7. Sources ===

- https://info.gwdg.de/dokuwiki/doku.php?id=en:services:network_services:eduroam:start

77

78

- https://info.gwdg.de/docs/doku.php?id=en:services:network//services:eduroam:linux_ubuntu//14.04

79

80

- https://www.uni-bamberg.de/rz/dienstleistungen/netz/wlan/eduroam/

81

82

- https://www.anleitungen.rrze.fau.de/internet-zugang/wlan/

Wiki source code of Wifi

Navigation

author	version	line-number	content
		1	= WLAN =
		2
		3	This article deals with eduroam configuration for various OS. Its focus is mainly on the network settings in TUM's FMI building.
		4
		5
		6
		7	{{toc/}}
		8
		9
		10	== 1. General information about Eduroam and CAT Eduroam ==
		11
		12	Education Roaming (eduroam) is a worldwide Internet access service for educational and research institutions and their staff and students. It enables Internet access at the sites of all participating organisations using their own username and password.
		13
		14	Moreover, eduroam serves as an access to the scientific network for travelling scientists, students and employees of other universities or research facilities that are part of the global roaming.
		15
		16	A lot of systems carry out little to no security checks during setup, which enables attackers to intercept your password at any time. For this purpose they should simply be in the radio range of your device.
		17
		18	To ensure a secure eduroam configuration, it is strongly recommended to set up eduroam using the wizard (CAT tool), which provides an automatic configuration for most operating systems. The process entails a WLAN profile configuration and, if needed, an additional installation of a CA certicate by Deutsche Telekom for use in the WLAN profile.
		19
		20	In order to use the WLAN, Deutsche Telekom's root certificate is required. („T-TeleSec !GlobalRoot Class 2“, valid until 02. Oktober 2033 01:59:59 MESZ) It can be found in the certificate store of most common operating systems or it can be downloaded manually. The root certificate is located under the following link:
		21	https://www.pki.dfn.de/fileadmin/PKI/zertifikate/T-TeleSec_GlobalRoot//Class//2.crt
		22
		23	A manual eduroam configuration holds major security risks and may possibly allow for user data theft. More information on security tips about eduroam in German can be retrieved [[here>>https://www.lrz.de/services/netz/wlan/sicherheit/]].
		24
		25	== 2.Manuals ==
		26
		27	=== 1. Windows ===
		28
		29	==== 1.1. [[Windows with data link>>https://wiki.tum.de/display/docs/Windows+with+data+link]] ====
		30
		31	==== 1.2. [[Windows without data link>>https://wiki.tum.de/display/docs/Windows+without+data+link]] ====
		32
		33	=== 2. MacOS ===
		34
		35	==== 2.1. [[MacOS with data link>>https://wiki.tum.de/display/docs/macOS+with+data+link]] ====
		36
		37	==== 2.2. [[MacOS without data link>>https://wiki.tum.de/display/docs/macOS+without+data+link]] ====
		38
		39	=== 3. Linux ===
		40
		41	==== 3.1 systemd-networkd ====
		42
		43	For the eduroam network following should be appended to your wpa_supplicant configuration for the corresponding WLAN interface:
		44
		45	{{{network={
		46	ssid=eduroam
		47	key_mgmt=WPA-EAP
		48	pairwise=CCMP
		49	group=CCMP TKIP
		50	eap=PEAP
		51	ca_cert=/etc/wpa_supplicant/cert/ca.pem
		52	identity=LRZ-Kennung
		53	domain_suffix_match=radius.lrz.de
		54	phase2=auth=MSCHAPV2
		55	password=password
		56	anonymous_identity=anonymous@eduroam.mwn.de
		57	}
		58
		59
		60	}}}
		61
		62	Now you only need the eduroam certificate, which you can obtain for example from the LRZ [[website>>https://www.lrz.de/services/netz/wlan_en/]].
		63
		64	=== 5. iOS (iPhone/iPad) ===
		65
		66	==== 5.1. [[iOS with mobile data link>>https://wiki.tum.de/display/docs/iOS+with+mobile+data+link]] ====
		67
		68	==== 5.2. [[iOS without mobile data link>>https://wiki.tum.de/display/docs/iOS+without+mobile+data+link]] ====
		69
		70	=== 6. Android ===
		71
		72	==== 6.1. [[ Android>>https://wiki.tum.de/display/docs/Android+with+PWD]] ====
		73
		74	=== 7. Sources ===
		75
		76	- https://info.gwdg.de/dokuwiki/doku.php?id=en:services:network_services:eduroam:start
		77
		78	- https://info.gwdg.de/docs/doku.php?id=en:services:network//services:eduroam:linux_ubuntu//14.04
		79
		80	- https://www.uni-bamberg.de/rz/dienstleistungen/netz/wlan/eduroam/
		81
		82	- https://www.anleitungen.rrze.fau.de/internet-zugang/wlan/