Make this work BEFORE leaving campus!
Table of Contents
- Mac laptop running Mac OSX 10.6, 10.7, 10.8
- WLAN must be setup and working, see http://www.apple.com/support/snowleopard/ for help
Method 1: Using System Preferences dialog
In the "System Preferences" panel click "Network":
Select "AirPort" on the left-hand side, click the "Network Name" selector and choose "eduroam":
You'll be prompted with a dialog to authenticate the certificate of the server "sradius01.jacobs-university.de":
To prevent others from spying on your password, klick on "Show Certificate" and confirm, that "This certificate is valid":
If you would like more protection against server spoofing, klick on "Details" and confirm this data:
After you verified the certificate, click on "Continue". You'll be prompted for your LOCAL COMPUTER PASSWORD to add the above certificate to the key chain for future use. Enter your username and password of your Mac OSX computer. This is not your JACOBS user account and not your CampusNet account. It was set by you or your Mac administrator. Neither the CampusNet team nor IT Support do know your password or can help you in retrieving it!
After trust and encryption is established to the server, the server needs to check your CampusNet id. You'll be prompted with a password dialog. Enter your campusnet username followed by "@jacobs-university.de". So, if your JACOBS user name is "myusername", enter "email@example.com" here. This is NOT your email address! The user name does NOT have a dot in it. Then click "OK".
Now, it seems you are connected, but you aren't. DO NOT STOP HERE, CONTINUE ON! Even if it incidentally already works, CONTINUE ON! REALLY!!!
Click on "Advanced...". While you are at it, in the "AirPort" tab, move the "eduroam" entry to the top to use this as preferred network in the future. This will also automatically log you in at remote locations:
Select the "802.1X" tab, then select the "WPA:eduroam" entry in the list on the left. Make sure that EXACTLY these two options are selected, and ALL OTHERS ARE DESELECTED: PEAP and TTLS. This usually means, to DESELECT EAP-FAST. Also scroll down the list to check, that there are no hidden check marks. Really! This is important! PEAP and TTLS, nothing else! If you are at another institution and eduroam does not work, make sure PEAP and TTLS are set and nothing else:
Then, select PEAP, and click on the "Configure..." rectangle (not the "Configure Trust..." button). A window opens asking for PEAP authentication information, specifically the "Outer Identity". Despite the box tagging this as "Optional", it is NOT! Enter "firstname.lastname@example.org", literally, as written here:
After clicking OK, select TTLS and also click the "Configure..." rectangle. A window pops up and asks for TTLS Inner Authentication: Select "MSCHAPv2" from the drop-down list, and as "Outer Identity" again enter "email@example.com". This is NOT optional!
Click "OK" and "Apply" as often as needed to get back to the Network preferences. You are connected to the eduroam network now and will get network access immediately at each other institution world-wide also being member of the eduroam federation.
Method 2: Using connection profile
Please download the connection profile.
Double-click the file to open it and begin its installation.
A prompt for the per-user authentication fields appears, please fill in the missing information. The user name is your Jacobs username followed by "@jacobs-university.de". The password is your Jacobs password. After continuing the installation you may be asked for an admin password, this is your local password on your device.
You can change or delete the profile later in the System Preferences > Profiles. The associated 802.1X profile is visible in System Preferences > Network > Advanced > 802.1X.