Configuring Windows 7 for eduroam at DkIT Author: Paul Scollon, Computer Services Date: 18 th July, 2011 Version: 1.0 Note: see http://www.eduroam.ie/userdocs.php for details of other operating systems. 1. One way to open the Windows 7 wireless client is to left-click on the wireless application icon in the tray (you can alse access via Control Panel\Network and Internet\Manage Wireless Networks) You should be presented with a window showing the wireless networks visible at your location. Click Open Network and Sharing Center to manage your wifi profiles.
2. You will be presented with the management interface for network connections. Click Manage wireless networks, on the left of the window, to manage your profiles. 3. In the wireless network management window, which lists any wifi profiles which you have already defined, click on Add to add a new profile.
4. Select Manually create a network profile from the options presented. 5. Define the initial wireless settings using WPA2-Enterprise for wireless security.
Be sure the encryption type is AES and the network name MUST be eduroam (no uppercase letters). Select Start this connection automatically Select Connect even if the network is not broadcasting See http://www.eduroam.ie/userdocs/win7-peap.php for details on setting up a second profile, in case a site is using legacy WPA. Once done, click Next. 6. A window is displayed saying that the profile has been successfully added. Click Change connections settings to complete the profile configuration.
7. A summary of the new profile wifi settings is presented. Select the Security tab to define the authentication method. 8. Define the authentication type by choosing an EAP type of PEAP. In this example the option to cache credentials is chosen but you should consider for yourself whether this option is appropriate for you - if in doubt then opt to not have your credentials cached so that you are prompted for them each time you use the profile. Once done, click on Settings.
9. Define the PEAP properties. These identify the details of the SSL certificate on DkIT's eduroam server, and are essential in order to prevent your wireless client from sending your credentials to a fake server. Check Vaildate Certificates. Uncheck Connect to these servers (Windows 7 has an issue this option). Trusted Root Certification Authorities: AddTrust External CA Root Select Authentication Method:Secured password (EAP-MSCHAP v2) Select Enable Fast Reconnect Select Enable Identity Privacy:anonymous
Your outer identity hides your real identity/username from eduroam sites that you visit. Once done, click Configure. 10.Define the EAP MSCHAPv2 properties. Once done, click OK to be returned to the previous window, and click OK on that window to be returned once more to the wireless network properties window. Un-select Automatically use my Windows logon name and password (and domain if any) 11. Once back at the wireless network properties window, click on Advanced settings and within the 802.1X settings define the authentication mode. Select Specify authentication mode:user authentication. Once done click Save credentials.
12. You are prompted to enter your credentials so that they can be saved with your eduroam profile. Your credentials will be in the form username@dkit.ie eg. jbloggs@dkit.ie, jsmith09@dkit.ie or sometime D00111121@dkit.ie. Check with Computer Services if unsure. As mentioned earlier, you should consider whether saving your credentials with your profile is appropriate for you. Once done, click OK and you will be returned to the Advanced Settings window. Click OK on each window until you are returned to the Manage wireless networks window. 13. Your laptop should now connect to eduroam, at any participating location, when in range. If connecting is not successful, be sure you are using the correct credentials, in the correct format. Go through this document again in detail if issues prevail. Failing this, please contact Computer Services.