Eduroam: King's College London

King’s College London
Information Services and Systems
Eduroam
v1.07 15 February 2010
Contents
Introduction.......................................................................................................................... 2
Resources ............................................................................................................................. 3
Generic configuration parameters (handhelds, mobiles and operating systems other than
Windows or Mac OS X)....................................................................................................... 4
Configuration for Windows XP SP2 and SP3 ...................................................................... 5
System requirements ........................................................................................................ 5
Connecting for the first time ............................................................................................. 5
How to modify the stored user name and password .......................................................... 9
Subsequent connections at King's ................................................................................... 10
Subsequent connections at other organisations ............................................................... 10
Configuration for Windows Vista ....................................................................................... 11
Connecting for the first time ........................................................................................... 11
How to modify the stored user name and password ........................................................ 16
Configuration for Windows 7 ............................................................................................. 17
Configuration for Mac OS X 10.4 ...................................................................................... 22
Configuration for Mac OS X 10.5 and 10.6 ........................................................................ 26
Set the order of preferred networks ................................................................................ 29
Introduction
eduroam allows users at any participating organisation to log on to the wireless network using the
same username and password that they would use at their home organisation. Within the UK,
eduroam is provided by the JANET Roaming Service (JRS) through its membership in the
international eduroam federation.
You do not need to register to use eduroam. The eduroam network is available to all King's email
account holders.
Before accessing eduroam you are required to familiarise yourself and then comply with all
applicable regulations and acceptable use policies:
o King's ISS regulations
http://www.kcl.ac.uk/about/governance/regulations/iss.html
o JANET Acceptable Use Policy
http://www.ja.net/company/policies/janet-aup.html
o JANET Roaming Policy
http://www.ja.net/documents/services/janet-roaming/policy.pdf
o The acceptable use policy of the organisation you are visiting.
Visited organisations are required to make their local policies easily accessible, for example
through the JANET Roaming web pages or their local login page.
You must also ensure that you are able to access eduroam at King's before visiting another
organisation. As all support for eduroam is provided by the user's home organisation, you will not
be able to obtain support from the visited organisation and it might be difficult to diagnose your
problem remotely when you are away from King's.
Eduroam at King's uses a highly secure encryption standard known as WPA2 Enterprise (or
WPA2/AES). This encryption standard is supported by current versions of Microsoft Windows
and Apple OS X. Other devices and operating systems may or may not support WPA2/AES. If
you are a Windows or Apple Mac user, you are strongly advised to:
o Install the latest updates and service packs for your operating system. For more information,
visit Microsoft update (http://update.microsoft.com) or Apple Software Update
(http://www.apple.com/softwareupdate/).
o Ensure that you have the latest available device driver for your wireless adapter. Visit the
web site of the manufacturer of your computer or wireless adapter, then download and install
any available updates.
Other organisations may use different network encryption standards (e.g. WPA/TKIP). The
information will generally be provided on the organisation's web site. If so, you may have to
modify your wireless connection's encryption settings to match. The procedure is described in the
section "Subsequent Connections at other organisations" for each operating system.
Eduroam configuration guide Page 2

Resources
Further information about eduroam and the JANET Roaming Service:
JANET Roaming Service home page
http://www.ja.net/services/authentication-and-authorisation/janet-roaming.html
eduroam web site

http://www.eduroam.org/
JANET roaming user guide

http://www.ja.net/documents/services/janet-roaming/userguide.pdf
Map of participating organisations (UK, Europe and Asia/Pacific)

http://www.ja.net/services/authentication-and-authorisation/janet-roaming/participating-organisations-map.html
Using JANET Roaming eduroam - for end users

http://www.ja.net/services/authentication-and-authorisation/janet-roaming/using-janet-roaming.html
Roaming Technology – FAQs

http://www.ja.net/services/authentication-and-authorisation/janet-roaming/technology.html

Generic configuration parameters
(handhelds, mobiles and operating systems other than
Windows or Mac OS X)
Network name or SSID: eduroam

Important note: The name is case sensitive.
Network authentication*: WPA2
Encryption*: AES
Protocol for 802.1X authentication: Protected EAP (PEAP)
PEAP properties:
Validate the server's certificate: Yes (The certificate is issued to eduroam.kcl.ac.uk)
Authentication method: EAP-MSCHAPV2
PEAP outer identity: Leave blank
Username or identity: username@kclad.ds.kcl.ac.uk

where username is your King’s username,
e.g. rsvp1234@kclad.ds.kcl.ac.uk
Password: Your King's password
Domain: Leave blank
* Eduroam at King's uses a highly secure encryption standard, known as WPA2 Enterprise (or
WPA2/AES). Other organisations may use different network encryption (e.g. WPA/TKIP). If
so, you will need to change that part of your network configuration. You should check the visited
organisation's web site to determine which encryption settings to use.

Configuration for Windows XP SP2 and SP3
System requirements
These instructions assume that you are using the standard Windows wireless network configuration
utility. If you are using a third-party utility provided by the manufacturer of your computer or
wireless card, please consult the appropriate documentation for your hardware and use the generic
configuration parameters.
Connecting for the first time
Right-click the wireless network icon in the system tray and select View available wireless
networks.
In the list of wireless networks, select eduroam and click Connect.

This attempted connection will fail, but it will ensure that Windows is aware of the network's
existence.
Select Change advanced settings.

In the Wireless Network Connection Properties dialog, select the Wireless Networks tab.
If you have any other wireless networks listed there, arrange them in order of preference.
In the list of preferred networks, select eduroam and click on Properties.
o Set Network Authentication to WPA2.

Note: if WPA2 is not shown in the list, download and install the Wireless Client Update
from Microsoft at http://support.microsoft.com/kb/917021/ .
o Set Data encryption to AES.

Select the Authentication tab.
o Set the EAP type to Protected EAP (PEAP).

o Uncheck the box marked Authenticate as computer...
o Uncheck the box marked Authenticate as guest...
Click the Properties button.
o Ensure that the box marked Validate server certificate is checked.

o In the Trusted Root Certification Authorities, scroll down the list and ensure that the box
marked GTE CyberTrust Global Root is checked. This is important!
o In the Select Authentication Method dropdown, select
Secured Password (EAP-MSCHAP v2).

Click the Configure... button.
o Uncheck the box marked Automatically use my Windows logon name...
Click OK, then OK again to return to the eduroam properties dialog.

Click OK, then OK again to return to the Windows Desktop.
A balloon associated with the wireless network icon in the system tray will appear, prompting you
to select a certificate or other credentials. Click on the balloon.
In the Enter Credentials dialog, enter the following information:
o User name: username@kclad.ds.kcl.ac.uk

where username is your King's username,
o Password: Your King's password
o Logon domain: Leave blank

Click OK to connect to the network.
On successful connection, the status of the eduroam network in the list of wireless networks will
change to connected.
How to modify the stored user name and password
Once you have entered your username and password for the eduroam network and connected
successfully, Windows will remember it forever.
If you change your King’s password, a balloon associated with the wireless network icon in the
system tray will appear when you attempt to connect, prompting you to process your logon
information for the network eduroam.
Click on the balloon and enter your new password in the password prompt.
Windows XP does not allow you to change the stored user name. If you need to change the user
name, you must delete the stored credentials so that you will be prompted for them when you next
attempt to connect:

Run the Windows Registry Editor (regedit) and delete the key
HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo
Detailed instructions are available on Microsoft’s web site at
http://support.microsoft.com/kb/823731
Subsequent connections at King's
On subsequent occasions your PC should connect to eduroam automatically and you will not need to
re-enter your credentials. However, when you are at King's it is preferable to connect to AccessKings
or KINGSWIRELESS instead. If you find that your PC connects to eduroam by default, you can
change the order of preference:
networks.
Select Change the order of preferred networks.
Highlight a network and click the Move up or Move down buttons as appropriate. Then click
OK to finish.
Subsequent connections at other organisations
re-enter your credentials. However, some organisations still use an older encryption standard known
as WPA/TKIP and you may have to change your computer's settings to match. You should check
the organisation's web site to determine which encryption settings to use.
To change the encryption settings to WPA/TKIP:
networks.
Select Change the order of preferred networks.
Highlight the eduroam item and click on Properties.
o Set Network Authentication to WPA.
o Set Data encryption to TKIP.
o Click on OK, then OK again to finish.
Don't forget to change the settings back to WPA2/AES when you return to King's!

Configuration for Windows Vista
Right-click the network icon in the system tray and select Network and Sharing Center.
In Network and Sharing Center, click on Manage wireless networks in the Tasks pane.
The Manage wireless networks dialog will open.

Click the Add button, then select Add a network that is in the range of this computer.
Ensure that the eduroam network is present in the list, just to verify that you are located in an area
where eduroam is available. Now click Cancel.
Click the Add button again, but this time select Manually create a network profile.
Enter the following information:

o Network name: eduroam
The network name is case sensitive. Type it in lowercase.
o Security type: WPA2-Enterprise
o Encryption type: AES
o Start this connection automatically: Yes
o Connect even if the network is not broadcasting: No
Click Next. A dialog titled Successfully added eduroam will appear.
Click on Change connection settings to open eduroam properties.

In the eduroam properties dialog, select the Security tab.
Select Microsoft: Protected EAP (PEAP) as the authentication method and then click Settings.

marked GTE CyberTrust Global Root is checked.
o Select Authentication Method as Secured Password (EAP-MSCHAP v2).


Click OK to return to the Successfully added eduroam dialog.
Click Close to return to the Manage wireless networks dialog. The eduroam network should
now be listed there:
Close the Manage wireless networks dialog, then close the Network and Sharing Center.
Right-click the network icon in the system tray and select Connect to a network.
In the list of networks, select eduroam and click on Connect.
You will receive a message informing you that Additional logon information is required to
connect to this network.

Click on Enter/select additional log on information and enter the following information:

o Logon domain: Leave blank
Click on OK. A Connecting to eduroam message will be shown. On successful connection, this
will be replaced by the message Successfully connected to eduroam.
You will next be prompted to select a location for the eduroam network.
The choices are Home Nework, Work Network and Public Network.
Choose Public Network and then press Close in the confirmation dialog.

successfully, Windows will remember it forever. If you need to change the stored credentials:
o Right-click the network icon in the system tray and select Network and Sharing Center.
o If you are connected to eduroam, click on Disconnect.
o Click on Manage wireless networks, right-click on eduroam and select Properties.
o Select the Security tab and uncheck the box marked Cache user information for
subsequent connections to this network.
o Click OK.
o Connect to eduroam again. This time you will be prompted for the new credentials.
If you want the new credentials to be remembered, repeat the procedure but this time check the box
marked Cache user information for subsequent connections to this network.
The Manage wireless networks dialog will open, showing a list of all your wireless networks.
To change the order of preference, click on a network name and drag it upwards or downwards.
Right-click the eduroam item and click on Properties.
Select the Security tab.
o Set Security type to WPA-Enterprise.
o Click on OK to finish.
Don't forget to change the settings back to WPA2-Enterprise / AES when you return to King's!

Configuration for Windows 7
Click the network icon in the system tray and then click on Wireless Network Connection to see
the list of available wireless networks.
Verify that the eduroam network is present, which means that you are within range.
Click on Open Network and Sharing Center.
In Network and Sharing Center, click on Manage wireless networks.
The Manage wireless networks dialog will open.

Click the Add button and select Manually create a network profile.
Enter the following information:

o Network name: eduroam
The network name is case sensitive. Type it in lowercase.
o Security type: WPA2-Enterprise
o Encryption type: AES
o Start this connection automatically: Yes
o Connect even if the network is not broadcasting: No
Click Next. A dialog titled Successfully added eduroam will appear.
Click on Change connection settings to open eduroam properties.
In the eduroam properties dialog, select the Security tab.

Select Microsoft: Protected EAP (PEAP) as the authentication method and then click Settings.

marked GTE CyberTrust Global Root is checked.
o Select Authentication Method as Secured Password (EAP-MSCHAP v2).

Click OK to return to the Successfully added eduroam dialog.
Click Close to return to the Manage wireless networks dialog. The AccessKings network should
now be listed there, along with your configured wireless networks:

Close the Manage wireless networks dialog, then close the Network and Sharing Center.
Click the network icon in the system tray.

Then click on eduroam and click the Connect button.
You will receive a message informing you that Additional logon information is required and a
dialog box prompting you for a user name and password.
Click on Enter/select additional log on information and enter the following information:
Click on OK. A Connecting to eduroam message will be shown. On successful connection, this
will be replaced by the message Successfully connected to eduroam.
You will next be prompted to select a location for the eduroam network.
The choices are Home Nework, Work Network and Public Network.
Choose Public Network and then press Close in the confirmation dialog.

successfully, Windows will remember it forever. If you need to change the stored credentials:
o Click the network icon in the system tray. If you are connected to eduroam, click on
eduroam and then click on Disconnect.
o Right-click on eduroam and select Properties.
o Select the Security tab and uncheck the box marked Remember my credentials for this
connection each time I’m logged on.
o Click OK.
o Connect to eduroam again. This time you will be prompted for the new credentials.
If you want the new credentials to be remembered, repeat the procedure but this time check the box
marked Cache user information for subsequent connections to this network.
Click the network icon in the system tray and select Open Network and Sharing Center.
In Network and Sharing Center, click on Manage wireless networks.
To change the order of preference, click on a network name and drag it upwards or downwards.
Click the network icon in the system tray. If you are connected to eduroam, click on eduroam
and then click on Disconnect.
Right-click on eduroam and select Properties.
Select the Security tab.
o Set Security type to WPA-Enterprise.
o Click on OK to finish.
Don't forget to change the settings back to WPA2-Enterprise / AES when you return to King's!

Configuration for Mac OS X 10.4
Visit an area where eduroam is available.

Click on the AirPort icon. If AirPort is off, select Turn AirPort On.
Click on the AirPort icon. Make sure that eduroam is present in the list of available wireless
networks and select Open Internet Connect.
In the Internet Connect window, select the 802.1X item. If the 802.1X item is missing, select File
> New 802.1X Connection from the menu.

Click inside the Configuration selector and choose Edit Configurations.
If you have no configurations defined, modify the default configuration named 802.1X
Configuration, else click the + (Plus sign) button to copy an existing configuration.
In the Edit Configurations dialog, enter the following information:
o Description: eduroam
o Wireless network: eduroam
o Authentication: Unselect all items except PEAP
Click OK to return to the 802.1X window. You are now ready to connect.

Click the Connect button.
At this stage you may be presented with a Verify Certificate dialog which says The server
certificate is not trusted because there are no explicit trust settings.
Click on Show Certificate.
The displayed certificate should have the name eduroam.kcl.ac.uk and be signed by Cybertrust
Educational CA and GTE Cybertrust Global Root.
Check the box titled Always trust these certificates then click Continue.
After a few seconds, the Status: indicator in the 802.1X window should show that you are connected
to the network.
You can now quit the Internet Connect application.
successfully, it will be stored permanently. If you change your King’s password, the next time you
attempt to connect you will receive an error message saying that WPA Authentication failed. Follow
this procedure to enter your new King’s password or change any other of the stored credentials:
Click on the AirPort icon. and select Open Internet Connect.

In the Internet Connect window, select the 802.1X item.
Click inside the Configuration selector and select the eduroam item.
If you are connected to eduroam, click the Disconnect button.
In the menu, select Internet Connect > Quit Internet Connect, then click Save when prompted
to save the changes.
On subsequent occasions the connection to eduroam will be established automatically. You will not
need to re-enter your credentials but you may be prompted with a dialog asking "Mac OS X wants
permission to use the "eduroam" item from your keychain. Do you want to allow this?". Click on
Always allow if you do not want to be prompted again.
However, when you are at King's it is preferable to connect to AccessKings or KINGSWIRELESS
instead. If you find that your computer connects to eduroam by default, you can change the order of
preference:
Open System Preferences, click the Network item and in the Show selector, choose AirPort. In the
selector named By default, join: select Preferred networks then drag the listed networks into your
preferred order and click on Apply Now.
as WPA Enterprise (also known as WPA/TKIP) instead of WPA2 Enterprise and you may have to
change your computer's settings to match. You should check the organisation's web site to determine
which encryption settings to use.
To change the encryption settings to use WPA:
Open System Preferences, click the Network item and in the Show selector, choose AirPort.
Click on the eduroam item, then click the Edit button.
In the Wireless Security selector, choose WPA Enterprise.
Don't forget to change the settings back to WPA2 Enterprise when you return to King's!

Configuration for Mac OS X 10.5 and 10.6
Visit an area where eduroam is available.

Click on the AirPort icon. If AirPort is off, select Turn AirPort On.
(If no AirPort icon is shown, open System Preferences, select Network, click on AirPort and
check the box titled Show AirPort status in menu bar)
Click on the AirPort icon. Make sure that eduroam is present in the list of available wireless
networks and select Open Network Preferences.
The Network dialog should appear. Click on the AirPort item, then click the Advanced...
button.
The AirPort configuration screen should appear. Click the 802.1X button.
Click the + (Plus sign) button and select the option Add User Profile to add a new configuration.

Name the new profile eduroam and enter the following information:
OSX 10.5 only

o Wireless Network: eduroam
OSX 10.6 only

o Wireless Network: eduroam
o Security type: WPA2 Enterprise

Click OK to apply the 802.1X settings. This will return you to the Network window.
Click OK to apply the 802.1X settings. This will return you to the Network window.
Click Apply in the network window, then OK to close the Network window.
Quit the System Preferences application.
Click on the AirPort icon in the menu bar and select eduroam in the list of networks.
At this stage you may be presented with a Verify Certificate dialog which says The server
certificate is not trusted because there are no explicit trust settings.
Click on Show Certificate.

The displayed certificate should have the name eduroam.kcl.ac.uk and be signed by Cybertrust
Educational CA and GTE Cybertrust Global Root.
Check the box titled Always trust “radius.kcl.ac.uk” then click Continue to connect.
Set the order of preferred networks
On subsequent occasions the connection to eduroam should be established automatically. However,

when you are at King's it is preferable to connect to AccessKings or KINGSWIRELESS instead. If
you find that your computer connects to eduroam by default, you can change the order of preference:
Open System Preferences, select Network and click on AirPort. Click the Advanced... button. In
the list titled Preferred Networks drag the listed networks into your preferred order and click on
OK, then on Apply.
successfully, it will be stored permanently. If you change your King’s password, the next time you
attempt to connect you might receive an error message. Follow this procedure to enter your new
King’s password or change any other of the stored credentials:
Open System Preferences, select Network and click on AirPort.
Click the Advanced... button and select the 802.1X item.
Click on the triangular icon next to User Profiles to expand the user profiles list.
Select the eduroam item and enter the new credentials.
Click on OK, then on Apply.

Eduroam: King's College London

Uploaded by

Copyright:

Available Formats

Eduroam: King's College London

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eduroam: King's College London

Uploaded by

Copyright:

Available Formats

King’s College London

Information Services and Systems

Eduroam configuration guide Page 2

eduroam web site

JANET roaming user guide

Map of participating organisations (UK, Europe and Asia/Pacific)

Using JANET Roaming eduroam - for end users

Roaming Technology – FAQs

Eduroam configuration guide Page 3

Network name or SSID: eduroam

Username or identity: username@kclad.ds.kcl.ac.uk

Eduroam configuration guide Page 4

Connecting for the first time

In the list of wireless networks, select eduroam and click Connect.

Select Change advanced settings.

Eduroam configuration guide Page 5

In the list of preferred networks, select eduroam and click on Properties.

o Set Network Authentication to WPA2.

Eduroam configuration guide Page 6

o Set the EAP type to Protected EAP (PEAP).

Click the Properties button.

o Ensure that the box marked Validate server certificate is checked.

Eduroam configuration guide Page 7

o Uncheck the box marked Automatically use my Windows logon name...

Click OK, then OK again to return to the eduroam properties dialog.

In the Enter Credentials dialog, enter the following information:

o User name: username@kclad.ds.kcl.ac.uk

Eduroam configuration guide Page 8

How to modify the stored user name and password

Eduroam configuration guide Page 9

Subsequent connections at King's

Subsequent connections at other organisations

Eduroam configuration guide Page 10

The Manage wireless networks dialog will open.

Eduroam configuration guide Page 11

Enter the following information:

Eduroam configuration guide Page 12

o Ensure that the box marked Validate server certificate is checked.

Eduroam configuration guide Page 13

o Uncheck the box marked Automatically use my Windows logon name...

Click OK, then OK again to return to the eduroam properties dialog.

Eduroam configuration guide Page 14

o User name: username@kclad.ds.kcl.ac.uk

Eduroam configuration guide Page 15

Subsequent connections at King's

Subsequent connections at other organisations

Eduroam configuration guide Page 16

The Manage wireless networks dialog will open.

Eduroam configuration guide Page 17

Enter the following information:

Eduroam configuration guide Page 18

o Ensure that the box marked Validate server certificate is checked.

Click the Configure... button.

o Uncheck the box marked Automatically use my Windows logon name...

Click OK, then OK again to return to the eduroam properties dialog.

Eduroam configuration guide Page 19

Click the network icon in the system tray.

Eduroam configuration guide Page 20