Configuring MacOSX Leopard (v10.5) wireless client for TTLS+PAP (v2.0, 29th Jun 2011)
Described here are the steps involved in configuring the MacOSX v10.5 (aka Leopard) wireless client to use eduroam, authenticating via TTLS+PAP. Your home site will be able to tell you whether TTLS+PAP is the appropriate authenticiation method that you should use.
Wherever you see the icon in the instructions below you can click on the text beside it to display further information and click on it again to hide the detailed text once more. Click on an image to open a larger version in a new browser window.
Information you will need
To complete these instructions you'll need some information specific to your home site/organisation, plus your own credentials, as listed below. If any of the details in your wifi profile are incorrect then your authentication will fail and you will not gain wifi access via eduroam. The IT department of your home site will be able to provide you with these details:
|Information required||Sample string in the instructions below|
|Your home site's domain name as would appear in, for example, your e-mail address e.g. ucd.ie||mysite.ie|
|[OPTIONAL] The name of the CA certificate used by your home site for eduroam. You will not require this if your site is using a public CA which is already defined on your iPhone.||Cybertrust Educational CA|
|The name on the SSL certificate presented by the authentication server at your home site e.g. tweedledum.ucd.ie||certname.mysite.ie|
|The username you use to authenticate against your home account. Note the inclusion of your domain name e.g. firstname.lastname@example.orgemail@example.com|
|The password you use to authenticate against your home account.||mypassword|
The instructions below are broken into two sections:
Notes on the MacOSX Leopard wireless client
Create a wifi profile
Follow these steps to create your eduroam wifi profile:
- Click on the wireless icon (in the menu bar at the top of the screen).
Select Open Network Preferences....
Select Airport and click Advanced...
- Click on the 802.1X tab.
Click on + and select Add User Profile.
- Define the profile details:
|Profile name:|| eduroam|
|User Name:|| firstname.lastname@example.org|
|Wireless Network:|| eduroam|
|Authentication:||Select the tickbox beside TTLS and un-select all the others.||
Further info on credential settings
- Select TTLS and click Configure....
Enter details as follows:
|TTLS Inner Authentication:|| PAP|
|Outer identity:|| email@example.com||
- Click OK at the new profile window.
Click Apply in the Network window.
Highlight Airport and click Advanced... once more
Click on + to add eduroam as a preferred network.
- Define the eduroam network details:
|Network Name:|| eduroam|
|Security:|| Select WPA2 Enterprise|
|802.1X:||Select eduroam, which should cause most/all of the remaining fields to auto-fill|
|User Name:|| firstname.lastname@example.org|
|Select Remember this network||
Further info on network details
- You can make eduroam your preferred network by dragging the eduroam entry to the top of the list of preferred networks.
Your wireless client is now configured to avail of eduroam and should connect automatically when at a site where the eduroam service is available.
Using eduroam for the first time
When you use your new eduroam profile for the first time you will be required to verify the details of the authentication server you are talking to, as follows:
- A "Verify Certificate" pop-up window will display on your screen.
Click Show Certificate
- Compare the details shown against those certificate details provided by your home site, as described earlier:
If CA certificate name (in the upper pane) matches Cybertrust Educational CA and SSL certificate name (in the lower pane) matches certname.mysite.ie, then do the following to proceed with your wifi connection:
Select Always trust "certname.mysite.ie"
Otherwise, click Cancel to disconnect from this potentially fake server and report the incident to your home site as soon as possible.
If you follow the instructions above then this manual verification step will happen once only, and on subsequent connections to eduroam you will not need to repeat this verification process.
Further info on certificate verification