NOTE: The CLAS Linux Group has provided these instructions as a courtesy to campus Linux users. See UI Wireless - eduroam Support or contact the ITS Help Desk for additional information. These instructions are specific to Fedora 17. If you are using a different version of Linux, these instructions may not work.

This document was modified on Jun 25, 2012. Any changes to the campus wireless network since then may not be reflected in these instructions. Try comparing the instructions for later versions of this OS for any configuration changes.

Assumptions

• You've met the requirements listed on the initial wireless page.
• These instructions were written after doing a default install of Fedora 17 using the x86_64 Live CD install media and then patching all software.
• Your wireless card is working. You can use nm-tool from a terminal to test.

On the system used for creating the instructions, this is a snippit of the output from running nm-tool in a terminal:

- Device: wlan0 --------------------------------------------------
  Type:              802.11 WiFi
  Driver:            iwl3945
  State:             disconnected
  Default:           no
  HW Address:        XX:XX:XX:XX:XX:XX

Capabilities:

Wireless Properties
  WEP Encryption:  yes
  WPA Encryption:  yes
  WPA2 Encryption: yes

Wireless Access Points

When you run nm-tool, the output must show that you have a device of type 802.11 WiFi and that WPA2 Encryption is yes. If you don't have a device of type 802.11 WiFi, then you need to get wireless support working (or get a wireless card/device). If you don't see WPA2 Encryption: yes, then you'll need to get a wireless device that supports WPA2.

Obtain the AddTrustExternalCARoot Certificate

The authentication server used by The University of Iowa wireless networks uses Comodo (AddTrust) as its root certificate authority (CA). Therefore, your laptop must have a valid Comodo root certificate in Privacy-Enhanced Mail (PEM) format.

You can download the certificate by going to Comodo AddTrustExternalCARoot Certificate and clicking the Download link for [Root] AddTrustExternalCARoot (currently the first link). The file will download to your Downloads directory and will be named AddTrustExternalCARoot.crt. Copy the file to your home directory (e.g. cp ~/Downloads/AddTrustExternalCARoot.crt ~/ ).

Configure Wireless Network in NetworkManager

1. Click on the NetworkManager applet (a pair of superimposed monitors) and select eduroam (see the end of the page for information on what to do if eduroam isn't listed).

   

2. The window "Wireless Network Authentication Required" should appear as below.

   

3. Set (or verify):
   "Authentication" to "Protected EAP (PEAP)"
   "CA Certificate" to "AddTrustExternalCARoot.crt" file, as noted above
   "PEAP Version" to "Automatic"
   "Inner Authentication" to "MSCHAPv2"
   "User Name" to be your HawkID followed by @uiowa.edu, e.g. hawkid@uiowa.edu
   "Password" to your HawkID password
   Optionally check "Ask for this password every time" if you don't want the computer to store your HawkID password.

   

4. Click Connect and you should be connected to the eduroam network. I was left with a window showing that I had connected to eduroam at 48 Mb/s.

   

   If you click on the network applet, you should see the baseball field strength indicator and a dot next to the eduroam network.

   

Troubleshooting

I keep trying to connect, but I'm never successful. What now?

Try to get somewhere where you have direct line-of-sight to a wireless access point, you should then be able to see the eduroam network in the pull down and successfully connect.

List of things to try:

1. If you still can't connect after moving within sight of an access point, try again later during off-peak usage (i.e. not the middle of the day)
2. Try a different device/operating system to see how good the signal is from that location. If none of your devices can get connected, your linux computer won't be able to either. If the signal is weak, try moving to where the signal is stronger and try again.

I don't have eduroam as an option in the Network Manager pull down, what do I do?

1. You do have to be on campus for these instructions to work and you'll need to be somewhere with wireless coverage. If you meet those requirements, try the following steps.
2. Click on Activities and type nm-connection-editor in the "Type to search..." field on the upper right and push Enter. You should see a window open that looks similar to:

   

3. Click on the Wireless tab.

   

4. Click Add on the right to bring up the wireless connection editor:

   

5. Set:
   "Connection name" to "eduroam"
   "SSID" to "eduroam"

   

6. Click on the Wireless Security tab:

   

7. Change "Security" to "WPA & WPA2 Enterprise" and then set (or verify):
   "Authentication" to "Protected EAP (PEAP)"
   "CA Certificate" to "AddTrustExternalCARoot.crt" as noted at the beginning of the instructions
   "PEAP Version" to "Automatic"
   "Inner Authentication" to "MSCHAPv2"
   "Identity" to be your HawkID followed by @uiowa.edu, e.g. hawkid@uiowa.edu
   "Password" to your HawkID password
   Optionally check "Ask for this password every time" if you don't want the computer to store your HawkID password.

   

8. Click Connect and you should get connected to the eduroam network.

My Network Manager applet disappeared, how do I get it back?

Open a terminal (Activities > Applications, then search for Terminal) and run nm-applet &.