The information given here may help configure eduroam on wireless devices, operating systems and client software not listed in the main eduroam documentation.
You will need your credentials (eduroam identifier and Network access token (username and password)) from the UCS Tokens service.
- Wireless network settings:
- The SSID (Network Name) is eduroam (note that this is case-sensitive).
- The wireless Network Authentication type is WPA2 Enterprise.
- The Data Encryption method to use is AES.
- User authentication settings:
- The EAP Authentication Type or Outer Authentication Protocol is PEAP or PEAPv0.
- The Authentication Method, Authentication Protocol or Inner Authentication Protocol is MS-CHAPv2.
- Your Username and Password will be the ones given
on the UCS Tokens page:
- The Username or Inner Identity is the eduroam identifier (typically your CRSid followed by @cam.ac.uk).
- The Password is the Network access token.
- If prompted for an Outer or Roaming Identity (may also be known as Anonymous Identity, specify @cam.ac.uk (nothing in front of the @ sign).
- Server authentication settings:
(although these settings can often be omitted and eduroam will still work, note that you may be exposing yourself to some security risks if you do not configure them correctly):
- If you can specify the Server or Certificate Name or
Server, you should:
- Set this to be network.tokens.csx.cam.ac.uk.
- Validate the Server Certificate:-
- If you were able to specify the Server or Certificate Name, above, and your system has an Any Trusted Certification Authority (CA) option, select this.
- Otherwise, if you must choose from a list of Certificate Issuers or Certification Authorities (CAs) select AddTrust External CA Root.
- If you are not able to specify the Server or Certificate Name or Server, you should select AddTrust External CA Root from the list of Certificate Issuers or Certification Authorities (CAs)
- If you can specify the Server or Certificate Name or Server, you should:
Note: if you needed to select the names from a list of Certification Authorities then it may be necessary to adjust this setting from time to time. The University Computing Service will advise you if this is required, and provide instructions.
The recommended authentication protocols to use (EAP-PEAP with MS-CHAPv2) are given above, there are many other available combinations:
- EAP-TTLS with CHAP, MS-CHAP and MS-CHAPv2 work and are also supported
- EAP-TTLS with PAP is supported but strongly advised against (if used, the server must be authenticated by name and the certificate validated) as it may reveal your Network Access Token to third party sites
- EAP-LEAP is not supported and will not work
- EAP-FAST is not supported and will not work
Combinations other than those listed above must not be used and are unlikely to work.
If you have trouble following these settings the University Computing Service Service Desk (Help Desk) may be able to help configure your device. However please note that not all devices can use eduroam; if you find this is the case Lapwing may be used instead.