User Tools

Site Tools


eduroam_linux

eduroam setup for Linux

The following instructions assume using the NetworkManager; they were tested on Fedora Linux 20. The graphical interface might differ a bit from the below screenshots depending on the desktop environment in use, but the required data should be the same. Two protocols can be used for authentication using HITS eduroam IDs: PEAP/MSCHAPv2 and TTLS/MSCHAPv2. The two protocols are similar, there is no preference for using one or the other.

Step 1. Click on the WiFi icon, typically found in the upper right screen corner, and choose “eduroam”.

Step 2. You will be asked to fill in authentication details.

Using PEAP/MSCHAPv2 requires the following settings:

Using PEAP/MSCHAPv2 on Linux

  • Security: WPA & WPA2 Enterprise
  • Authentication: Protected EAP (PEAP)
  • Anonymous identity: anonymous@h-its.org
  • CA certificate: download the certificate to your computer, then select it
  • PEAP version: Automatic
  • Inner authentication: MSCHAPv2
  • Username: <your username>@h-its.org
  • check “Ask for this password every time”, or (not recommended) enter the password. This is the same password that you use to access your e-mail.

Using TTLS/MSCHAPv2 requires the following settings:

Using TTLS/MSCHAPv2 on Linux

  • Security: WPA & WPA2 Enterprise
  • Authentication: Tunelled TLS (TTLS)
  • Anonymous identity: anonymous@h-its.org
  • CA certificate: download the certificate to your computer, then select it
  • Inner authentication: MSCHAPv2
  • Username: <your username>@h-its.org
  • check “Ask for this password every time”, or (not recommended) enter the password. This is the same password that you use to access your e-mail.

Step 3. Click on the WiFi icon again and choose “eduroam”. If “Ask for this password every time” was checked (as recommended) in Step 2, you'll be asked for a password - this is the same password that you use to access your e-mail. After entering the password, the authentication should succeed and access to the “eduroam” network should be granted.

Ubuntu 22.04 configuration

Please activate the following option in the initial setup:

“No CA certificate is required”

Starting from Fedora 33, the settings for crypto algorithms have become more stringent, such that the certificate used above is no longer considered valid and the eduroam authentication fails. The settings can be switched back to the ones in Fedora 32 with the command (run as root):

update-crypto-policies --set DEFAULT:FEDORA32

followed by a restart of the computer.

eduroam_linux.txt · Last modified: 2023/03/29 15:02 by admin