Adam Sampson » Tech Notes

Using eduroam with Linux

Skip navigation

• Home
• Code
• Music
• Tech Notes
• Publications
• Recipes
• Books
• Ideas
• Wishlist
• Contact

2007-08-03 · in Tech Notes · 414 words

The "eduroam" wireless networking service is now widely available at academic institutions — for example, through JANET in the UK (originally Location Independent Networking, then JANET Roaming, then just eduroam). Here are some of the ways you can use it from Linux (without needing NetworkManager).

The specific instructions here are for Ubuntu, although it should be trivial to adapt them for other Debian-based Linux distributions, and fairly straightforward to use them on other Unix-ish operating systems.

In all the following examples, my institutional username is ats1@kent.ac.uk, and I'll pretend my password is YourPasswordHere. My wireless card is eth1. Change as appropriate.

eduroam on Debian/Ubuntu

This uses WPA authentication, so you need to use wpa_supplicant. With Ubuntu 6.06 and later, you can just put this in /etc/network/interfaces:

iface eth1-lin inet dhcp
  wpa-driver wext
  wpa-ssid eduroam
  wpa-key-mgmt WPA-EAP
  wpa-identity ats1@kent.ac.uk
  wpa-password YourPasswordHere

(You might need to change wext if you're using an unusual Ethernet driver; do wpa_supplicant --help to list the drivers available. wext should work for most cards, though.)

Then do:

ifup eth1=eth1-lin

eduroam on Maemo (Nokia 770)

If you're using Maemo, you can configure Eduroam using the GUI. These instructions are thanks to ben.

First, download ukerna-chain.pem, which contains the certificates you'll need in an appropriate format for Maemo. In the "Certificate Manager" control panel, first "Import" that file, then go to the "Authorities" tab and set both "GTE CyberTrust Global Root" and "Cybertrust Educational CA" to be trusted for use with WLAN. (It'll only ask about one of them when you import the file; you need to make sure both are trusted to stop it complaining each time you connect.)

Now go to the "Connectivity" control panel and click "Connections". Add a new connection with the following parameters:

• Connection name: Eduroam
• Connection type: WLAN
• Network name (SSID): eduroam
• Network is hidden: no
• Network mode: Infrastructure
• Security method: WPA with EAP
• EAP type: PEAP
• Select certificate: None
• EAP method: MSCHAPv2
• User name: ats1 (note: not ats1@kent.ac.uk)
• Prompt password: yes

Then click on the "Advanced" button, and on the "EAP" tab, set:

• Use manual user name: yes
• Manual user name: ats1
• Require client authentication: no

This works for me on a Nokia 770 with OS version 3.2006.49-2 at Kent; I haven't tried it anywhere else.

eduroam on other systems

If you'd prefer to configure wpa_supplicant by hand, then you can put this in a config file for it:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0

network={
    ssid="eduroam"
    key_mgmt=WPA-EAP IEEE8021X NONE
    pairwise=TKIP CCMP
    group=TKIP CCMP WEP104 WEP40
    eap=PEAP TTLS TLS
    identity="ats1@kent.ac.uk"
    password="YourPasswordHere"
}

Copyright © 1997–2024 Adam Sampson <ats@offog.org>