Table of Contents
eduroam with Linux (Desktop)
To ensure a secure eduroam configuration, it is strongly recommended to set up eduroam using the configuration wizard (CAT tool)!
Setting up the eduroam with the CAT tool
After downloading the eduroam CAT you have to make it executable. To achieve this first right click on the file and select Properties then select the Permissions tab and check the box next to “Execute”. Please also note that the behavior when executing files has been set correctly under “Files Preferences”.
Alternatively the file can be made executable by running chmod +x on that file. Now you can run the assistant by double clicking it and selecting Run. Now walk through the assistant until you are asked for your userid, then enter your username as described in the username section of this article. After clicking on OK enter your password and confirm it.
After you complete the wizard, the NetworkManager should automatically connect you to the eduroam network if it is available.
If you do not have a Network Manager running during the installation, the assistant will create a wpa_supplicant.conf. For details on how to use this config file see the article wpa_supplicant.
Manual setup of the eduroam
If the eduoram network is configured manually a “man-in-the-middle attack” is possible because the client will accept any certificate signed by the Deutsche Telekom CA. So if it is possible the configuration assistant should be used.
Eduroam can be set up manually under “Settings” → “Wi-Fi”. Switch on the Wi-Fi and select the “eduroam” network under “Visible Networks”. Click the button with the lock on the listed network “eduroam” to configure “eduroam”. A window opens in which the necessary settings have to be configured. Then press the “Connect” button. Please enter your username and password in the login window. You should now be connected to eduroam.
Please observe the following instructions when entering the configuration parameters:
- The screenshot for the network settings shows the login data for a GWDG account as an example.
- Therefore, please enter firstname.lastname@example.org as “Anonymous identity”.
- The CA certificate can be found at /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt .
- Enter your user name according to the table in the username section and the corresponding password.