1 Configuring Eduroam on Microsoft Windows Vista and 7 (all editions, 32 and 64 bits) This documents explain to you how to configure the Eduroam Wireless Access (EWA) correctly on Microsoft Windows Vista and Windows 7 (32 and 64 bits, all editions like Home, Professional, etc.). If you use the built-in Wizard on Windows to connect to the wireless network, an issue about trusted certificates break the authentication procedure and stop you to join to the network (a yellow exclamation mark is showed on the network connection icon at the bottom right of your desktop). The workaround is to create manually the configuration and force Windows to include the trusted certificates and permits a successfully authentication. Configuration steps Please kindly note: the pictures referenced by square brackets [ ] are listed at the end of this document! 1. Go to Start Control Panel Network and Internet (if you are using Windows Vista) or Network and Sharing Center (if you are using Windows 7) [see picture 1] 2. From the left menu click Manage Wireless Network, a new window get up [see picture 2] 3. Now you choose Add from the action bar; in the new window choose Manually create a new profile [see picture 3] 4. You will then be asked for information about the new wireless network: in the Network name box, type eduroam (be careful to write eduroam all in lower-case, it's very important!!!) [see picture 4] From the drop-down lists select: For Security type choose WPA2-Enterprise (or WPA-Enterprise only if your wireless card 24/04/ Configuration steps 1 / 14
2 doesn't support WPA2-Enterprise security system) For Encryption type choose AES (TKIP is not supported by Eduroam) 5. Select Next: you should now be told that eduroam has been successfully added [see picture 5] 6. From the same window [see picture 5 again], select Change connection settings; this will bring up the network wireless connection properties and a new window get up [see picture 6] 7. On the Connection tab, deselect Connect to a more preferred network if available [see picture 6 again] (leave checked only Connect automatically when this network is in range) 8. On the Security tab (on the same window) [see picture 7], from the drop-down list named Choose a network authentication method choose the option Protected EAP (PEAP) [see picture 7] 9. Now push Settings, another window get up[see picture 8] 10. Modify the settings in this dialogue box as follow (see image below) [see picture 8]: check Validate server certificate, uncheck Connect to these servers and leave blank the corresponding field, from Trusted Root Certification Authorities list, find and check the following item: VeriSign Class 3 Public Primary Certification Authority - G5 PLEASE NOTE: the picture is only for example purpose; in your computer may be exist other trusted certificate authorities. For Eduroam configuration, just select the certificate in the above list! PLEASE NOTE AGAIN: the certificate in the list may be different on your computer because certificates have an expiration date; then renewed, they can change a little bit in your name: select a certificate from Verisign Class 3 Public Primary Certification Authority check the option Do not prompt user to authorize new servers or trusted certification authorities (it's very important!!!) check Enable Fast Reconnect from drop-down list under Select Authentication Method, select (if not already done) Secured password (EAP-MSCHAP v2) leave unchecked Enforce Network Access Protection, Disconnect if server does not present cryptobinding TLV and Enable Identity Privacy (and, of course, leave blank the relative field) 11. Push Configure near Secured password (EAP-MSCHAP v2); a dialogue box called EAP MSCHAPv2 Properties come up [see picture 9] 12. Be sure to uncheck Automatically use my Windows logon name and password (and domain if any) and select OK; this action save the data and close this pop-up [see picture 9 again] 13. Select OK again onto previous window entitled Protected EAP (PEAP); this action save the 24/04/ Configuration steps 2 / 14
3 configurations and close the window and go back on Eduroam Wireless Network Properties window (on Security tab) [see picture 7 again] 14. Select Advanced settings at the bottom of Security tab [see picture 7] 15. Select 802.1X settings tab, check Specify authentication mode option and, from the drop-down list, choose User authentication [see picture 10] 16. Now select the settings tab (on the same window) and check Enable Pairwise Master Key (PMK) caching [see picture 11] 17. Select OK to close this window and OK again on the next window to close all the various dialogue boxes opened until now. 18. Finally select Close from the main window to close the Manually connect to a wireless network box (now none of all windows used here is open, you should see only your desktop pane) 19. Within few seconds, your computer should detect the eduroam wireless network and display a balloon, telling you Additional information is needed to connect eduroam. [see picture 12] 20. Click in the balloon (or by clicking on the eduroam item in the available wireless network list, by clicking the wireless network icon in the notify bar) and a dialogue box will appear prompting you for your credentials [see picture 12]. Type in the following information: username: your academic like for example, for John Smith, is It's really important to on your username, don't forget it!!! Password: the password related to your address account. 21. Select OK; in few seconds the window close and your computer is successfully joined to eduroam network!!! [see picture 13] If you get some errors or warnings see the troubleshooting section below. PLEASE NOTE VERY CAREFULLY: if you change your 's password, the eduroam network connection ask you the new password the next time you try to reconnect to this wireless network. If you fail to do this, Windows Vista and 7 (or may be 8) stores in it's configuration a wrong password, making impossible wireless connections. In this case, you must delete the eduroam configuration and repeat ALL the steps above (with the right password)!!! Troubleshooting FAQ Q: Changing account username or password A: If you change your 's account password, your eduroam configuration must be updated with new password. Normally, when you try to connect to Eduroam network, the system detect a failure with the authentication procedure and ask you again the right credentials (username and password). Just type it in and the problem is solved. If this doesn't work, it's better to erase the eduroam configuration and repeat ALL the steps above (with the right password)!!! Q: Credentials are OK but with limited connection 24/04/ Troubleshooting FAQ 3 / 14
4 A: If you are connected to Eduroam (authentication passed and the radio signal level is good) but you get some notification like limited connection (or similar) on the Wireless Status icon (on the bottom right side of your desktop) and you cannot surf on Internet, the problem may be around certificates related on Eduroam connection. Generally speaking, certificates are digitally signed information trusted by some international authorities (called Certification Authorities or CA) to enhance the security in many applications; this certificates have an expiration date, as the milk. After the expiration date the certificate is not usable and a new valid certificate must be provided from the CA. In some circumstance, Windows don't renew automatically a certificate when a fresh copy is available; it store the old certificate making impossible the Eduroam connection. If this happen, you must delete manually the stored certificate; next time you try to connect, Windows is forced to get a new certificate. Follow this steps to delete the Eduroam Certificate: 1. Stop the eduroam connection by clicking Disconnect on the Wireless Status icon (in the bottom right side of your computer's desktop) 2. Run Internet Explorer (version 8, 9 and 10) and choose Tools icon from the right side [see picture 15] 3. Choose Internet Options from the menu [see picture 16] 4. Select the Content tab and push Certificates at the middle in the window [see picture 17] 5. Select the Other People tab; some certificates will be showed [see picture 18] 6. Search and select the certificate issued from eduroam [see picture 19] 7. Click Remove; a pop-up ask you a confirmation, reply with Yes [see picture 20] PLEASE NOTE: if Remove button is disabled ( grayed ) you must first delete the eduroam configuration, restart your PC and then try again to remove this certificate. Some edition of Microsoft Windows locks the certificate until was in use. 8. Close the Certificate Management Panel and other window [see picture 21] 9. Now try to connect to Eduroam; if a Windows Security Alert pop-up get up, a mistake with certificates is detected; click Terminate [see picture 22] and recheck the step 10 [see picture 8] If doesn't work again, you must delete the eduroam configuration, recheck (and delete) the eduroam certificate with the steps above and repeat ALL the steps about making a new eduroam connection. 24/04/ / 14
5 Services and protocols available with Eduroam Depending on which University you are connected, at Università degli Studi di Milano the following services (or network ports) are available with eduroam wireless connection: Standard IPSec VPN: IP protocol 50 (ESP) and 51 (AH) input and output; UDP/500 (IKE) output OpenVPN 20:UDP/1194 IPv6 Tunnel Broker service: IP protocol 41 input and output IPsec NAT-Traversal: UDP/4500 Cisco IPSec VPN over TCP: TCP/10000 output PPTP VPN: IP protocol 47 (GRE) input and output; TCP/1723 output SSH: TCP/22 output HTTP: TCP/80 output HTTPS (with SSL encryption):tcp/443 output IMAP4: TCP/143 output IMAP3: TCP/220 output IMAPS (with SSL encryption): TCP/993 output POP3: TCP/110 output POP3S (with SSL encryption): TCP/995 output Passive (S)FTP: TCP/21 output SMTPS (with SSL encryption): TCP/465 output SMTP submission via STARTTLS: TCP/587 output RDP: TCP/3389 output Please visit this URL to get a more updated list: More Information about Eduroam UNIMI: Official Website of Eduroam: Eduroam Service in Italy (GARR): List of Institutes involved in Eduroam (in italian language): For questions and problems please write to: 24/04/ More Information about Eduroam 5 / 14
6 Pictures List Picture 1 Network and Sharing Center on Windows 7 Picture 2 Manage your Wireless Networks 24/04/ Pictures List 6 / 14
7 Picture 3 Start to manually create a new wireless connection Picture 4 Information about new connection 24/04/ Pictures List 7 / 14
8 Picture 5 Customize your new wireless connection Picture 6 Main panel of Wireless Connection Properties 24/04/ Pictures List 8 / 14
10 Picture 9 Password exchange properties Picture 10 Advanced settings, part 1 24/04/ Pictures List 10 / 14
11 Picture 11 Advanced settings, part 2 Picture 12 Eduroam is now ready to connect Picture 13 Write your credentials! 24/04/ Pictures List 11 / 14
12 Pictures List for troubleshooting Picture 14 You are connected to Eduroam! Picture 15 From Internet Explorer, choose Tools (Alt + X keys) Picture 16 then choose Internet Options Picture 17 Open Certificates Management Panel 24/04/ Pictures List for troubleshooting 12 / 14
13 Picture 18 Other Authority Certificates list Picture 19 Select Eduroam Certificate 24/04/ Pictures List for troubleshooting 13 / 14
14 Picture 20 Delete Eduroam certificate Picture 21 Close Certificates Management Panel Picture 22 Trouble with certificates 24/04/ Pictures List for troubleshooting 14 / 14
Vodafone R101 Table of Contents Welcome...3 1. Getting Started Initial Connection and Security Settings... 4 1.1 Overview... 5 System Requirements... 5 Device overview... 5 Sharing Dock and USB Stick LEDs...
Installation / Backup \ Restore of a Coffalyser.Net server database using SQL management studio This document contains instructions how you can obtain a free copy of Microsoft SQL 2008 R2 and perform the
Allworx OfficeSafe Operations Guide Release 6.0 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy,
COMPREHENSIVE INTERNET SECURITY SonicWALL Internet Security Appliances SonicWALL SSL-VPN 2.1 User s Guide Using This Guide About this Guide...................................................... 5 Organization
IceWarp Unified Communications IceWarp Outlook Sync User Guide Version 10.5 Printed on 20 December, 2012 Contents IceWarp Outlook Sync User Guide 1 Installation... 2 Installation Pre-requisites... 3 Installation
LogMeIn Backup User Guide Contents About LogMeIn Backup...4 Getting Started with LogMeIn Backup...5 How does LogMeIn Backup Work, at-a-glance?...5 About Security in LogMeIn Backup...5 LogMeIn Backup System
COMPREHENSIVE INTERNET SECURITY SonicWALL Secure Remote Access Appliances SonicWALL SSL VPN 5.0 User s Guide Table of Contents Using This Guide About this Guide......................................................
WIRELESS FUSION ENTERPRISE MOBILITY SUITE USER GUIDE FOR VERSION H3.40 Wireless Fusion Enterprise Mobility Suite User Guide for Version H3.40 72E-160082-01 Rev. A January 2012 ii Wireless Fusion Enterprise
This guide is intended to help you troubleshoot problems connecting a wireless device to the Gogo Biz network. TABLE OF CONTENTS Windows Operating System... 3 Blackberry... 5 Android... 6 Apple Macbook...
Standard Setup Guide 1 2 3 4 5 Pre-Installation Checks Installation Creating Users and Quick Setup Usage Examples and Settings Appendix Read this manual carefully before you use this product and keep it
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
Iomega EZ Media and Backup Center User Guide Table of Contents Setting up Your Device... 1 Setup Overview... 1 Set up My Iomega StorCenter If It's Not Discovered... 2 Discovering with Iomega Storage Manager...
Diamond II v2.3 Service Pack 4 Installation Manual P/N 460987001B ISS 26APR11 Copyright Disclaimer Trademarks and patents Intended use Software license agreement FCC compliance Certification and compliance
PREFACE Every effort has been made to ensure that the information in this document is complete, accurate, and up-to-date. The manufacturer assumes no responsibility for the results of errors beyond its
Configuration Manager en Installation and operation manual Configuration Manager Table of Contents en 3 Table of contents 1 Using the Configuration Manager help 5 1.1 Finding information 5 1.2 Printing
Outlook: Storing Email Academic Computing Services www.ku.edu/acs Abstract: Use AutoArchive to move items to an archive file (.pst). Archiving copies items to the archive file and then removes them from
INTRODUCTION... 2 Windows 7... 2 Windows 8... 7 Mac OS X... 11 Ubuntu... 15 Advanced routing... 18 Windows... 18 Mac OS X... 18 Ubuntu... 18 Updated: Juha Jokinen Page (1/18) INTRODUCTION This is a guide
FileMaker Server 13 FileMaker Server Help 2010-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and Bento are trademarks of FileMaker,
Remote Monitoring Setup Guide QC SERIES NVR MODELS Apple Macintosh Computer PC with Windows Operating System iphone Android BlackBerry* * Select Models Setup Guide for Remote Internet and Smartphone Monitoring,
Corporate Telephony Toolbar User Guide 1 Table of Contents 1 Introduction...6 1.1 About Corporate Telephony Toolbar... 6 1.2 About This Guide... 6 1.3 Accessing The Toolbar... 6 1.4 First Time Login...
Liebert Nform Infrastructure Monitoring Software User Manual - Version 4 TABLE OF CONTENTS 1.0 ABOUT LIEBERT NFORM................................................1 1.1 How Do You Contact Emerson Network
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method...1 About SSL...1 About SSH...2 About OpenPGP...2 Using FIPS 140-2 Validated Cryptography...2