Peterhouse Computing: Configuring Windows 7 (and Windows Vista) for a wired network connection. Introduction The Peterhouse network uses IEEE802.1x (hereafter.1x ) network authentication to control access to the College network. In order to use.1x authentication on Windows it is necessary to make some changes to the default network configuration. Once these changes have been made they can be left as they will not affect network operation on non-authenticated networks. 1: Obtain a Network Access token from the University Computing Service website. Your Network Access token is a password that allows access to various resources on both the College and University networks. You may already know your Network Access Token as your Eduroam password. If you do not know it then open Internet Explorer (in this instance it is best to use Internet Explorer even if it is not your default web browser as using Internet Explorer allows the UCS Tokens website to install a security certificate on your computer) and navigate to https://tokens.csx.cam.ac.uk (You will need to authenticate with your Raven password new users can go to https://jackdaw.cam.ac.uk/signup/ to retrieve their account details, including their Raven password).
2: Configure Windows to use 802.1x Authentication. Click on the Windows logo button and in the Search field, enter services.msc and press Return: The Services Control Panel window will appear. In this window scroll down the list of services until you find the Wired AutoConfig Service:
Now double-click on the Wired AutoConfig item to open its Properties window. Change the Startup type from Manual to Automatic (this makes the service start automatically when you start Windows): Next click on the Start button to start the service: Now click on OK to close the Wired AutoConfig Properties window and then on the X to close the Services control panel window.
Now click on the Windows logo button again and type ncpa.cpl in the Search box and press Return: The Network Connections control panel will open. Find the Local Area Connection icon and right-click on it and choose Properties from the pop-up menu:
Now click on the Authentication tab in the Local Area Connection Properties window that has appeared. (If you don t see an Authentication tab, check that you completed the previous steps correctly and that the Wired AutoConfig service is running). Click the check-box next to Enable IEE 802.1x authentication. Next click on the Settings button to the right of the authentication method drop-down: In the Protected EAP properties window that opens, click on the Configure button to the right of the authentication method drop-down:
In the EAP MSCHAPv2 Properties window un-check the box that says Automatically use my Windows logon name and password (and domain if any). : Click on OK to close the EAP MSCHAPv2 Properties window and then on OK again to close the Protected EAP Properties window and finally on OK a third time to close the Local Area Connection Properties window. 3: Enter your Username and Network Access Token when prompted. Once you have closed the Local Area Connection Properties window you should see beneath the Local Area Connection icon that Windows is Attempting to authenticate. After a few moments a balloon should appear at the lower-right of the screen asking for additional information: Click on the balloon to open a Windows Security dialog box: Enter your CRSid@cam.ac.uk into the User name field (the @cam.ac.uk is important do not omit it) and your Network Access Token into the password field. If there is a box to enter a Domain name, leave this blank. Click on OK. After a few moments Windows should successfully authenticate you onto the College network. If this fails, recheck your username and password. Note: There have been some issues with Windows reporting that the certificate in use is untrusted. You will see a second balloon appear after you click on OK telling you that Windows is unable to verify the trust of the certificate being used by radius.csx.cam.ac.uk and giving you the option to either Terminate or Continue (or sometimes Cancel and OK). Normally we would recommend you Terminate an untrusted connection, however in this instance you need to click on
Continue (or OK) you will then be connected. If you then revisit https://tokens.csx.cam.ac.uk using Internet Explorer, the problem will be resolved as the trust certificate will now install correctly. Once completed these settings will be retained by Windows and you will be automatically authenticated on the network whenever you are in College. As the username and password are your Eduroam connections you should also be able to connect to any other wired network that uses Eduroam for authentication. Peterhouse Computer Office, September 2012.