eduroam at IFM

Configuring eduroam (common stuff)

Users wishing to authenticate using eduroam needs to configure their mobile devices (laptops, pdas, cell phones) to connect using WLAN using WPA2 Enterprise (or WPA Enterprise) as authentication. The WLAN SSID must be set to 'eduroam'.

eduroam for Linköping University users

In order to use 'eduroam' as a Linköping University employee or student, locally or from other eduroam-enabled sites around the world you must first request a special 'eduroam' password from the LiU account management site.

AddTrust External CA Root

Another requirement for Linköping University users is that your mobile device have the AddTrust External CA Root root certificate installed and configured to be trusted. Without this all authentication attempts will fail. For details see below.

Device-specific configuration information

Apple iPhone, iPod Touch or MacOS X Lion (and later)

Make sure you have requested a LiU 'eduroam' password and have it handy. You will need it at the next steps...
Download and install the LiU network mobile configuration data from the iPhone or iPod Touch web browser. Configures eduroam WiFi, certificates and LDAP for addressbook
When prompted by the device, enter you eduroam username (LIUID@liu.se for employees or LIUID@student.liu.se for students) and the special eduroam password you requested above. Please note that you only have one chance to enter the correct password. If you enter it wrong you will have to start over from step 2 above.
Select the 'eduroam' WiFi network from the Settings/Inst\344llningar application and surf away

Nokia S60 series (Nokia E71 et al)

Make sure you download and install the AddTrust External CA Root certificate first before attempting the configuration below.

Settings
	Connection
		Access points
			eduroam
				Connection name
					eduroam
				Data bearer
					Wireless LAN
				WLAN network name
					eduroam
				Network status
					public
				WLAN network mode
					Infrastructure
				WLAN security mode
					WPA/WPA2
				WLAN security settings
					WPA/WPA2
						EAP
					EAP plug-in settings
						EAP-PEAP
							settings
								Personal certificate
									Not defined
								Authority certificate
									Addtrust External CA (need download first)
								User name in use
									User defined
								User name
									LIUID@liu.se or LIUID@student.liu.se
								Realm in use
									User defined
								Realm
									[blank]
								Allow PEAPv0
									Yes
								Allow PEAPv1
									Yes
								Allow PEAPv2
									Yes
						EAPs (arrow right)
								EAP-MSCHAPv2
									User name
										LIUID@liu.se or LIUID@student.liu.se
									Prompt password
										No
									Password
										********
					WPA2 only mode
						off

Generic configuration information

Select WLAN security WPA-Enterprise or WPA2-Enterprise
EAP-PEAP-MSCHAPv2 or EAP-TTLS-PAP are two authentication variants known to work. Other combinations might work as long as they use PEAP or TTLS and some scheme that use usernames and passwords.
Outer identity should be set to: anonymous@liu.se or your eduroam username (it must end with @liu.se though or things will fail).
Inner identify must be your eduroam username specified as LIUID@liu.se or LIUID@student.liu.se.
The trusted authentication server must/should be specified as eduroam.liu.se.
The authentication server is protected with a certificate signed by AddTrust External CA Root and thus this certificate must be installed (typically by clicking on the link in your device's web browser) and trusted in your device for authentication to work. You will get silent/strange authentication failures if this isn't configured correctly.

For more configuration details (in Swedish), see: http://www.liu.se/insidan/it/eduroam

Guests visiting IFM

WLAN 'eduroam' should be visible all over 'Fysikhuset'.

Ethernet (cable) users

In certain public rooms at IFM it might be possible to connect to the internet and authenticate using eduroam via ethernet cables. For more details contact the computer support staff.