Configuring MacOSX Snow Leopard (v10.6) wireless client for PEAP+MSCHAPv2 (v3.0, 27th Feb 2014)

Described here are the steps involved in configuring the MacOSX v10.6 (aka Snow Leopard) wireless client to use eduroam, authenticating via PEAP+MSCHAPv2. Your home site will be able to tell you whether PEAP+MSCHAPv2 is the appropriate authenticiation method that you should use.

Wherever you see the icon in the instructions below you can click on the text beside it to display further information and click on it again to hide the detailed text once more. Click on an image to open a larger version in a new browser window.

Information you will need

To complete these instructions you'll need some information specific to your home site/organisation, plus your own credentials, as listed below. If any of the details in your wifi profile are incorrect then your authentication will fail and you will not gain wifi access via eduroam. The IT department of your home site will be able to provide you with these details:

Information requiredSample string in the instructions below
Your home site's domain name as would appear in, for example, your e-mail address e.g.
[OPTIONAL] The name of the CA certificate used by your home site for eduroam. You will not require this if your site is using a public CA which is already defined on your iPhone.Cybertrust Educational CA
[OPTIONAL] A file containing the actual CA certificate used by your site for eduroam. You will not require this if your site is using a public CA which is already defined on your iPhone.cacert.crt
The name on the SSL certificate presented by the authentication server at your home site e.g.
The username you use to authenticate against your home account. Note the inclusion of your domain name e.g.
The password you use to authenticate against your home account.mypassword

Configuration instructions

Follow these steps to configure your wireless client:

  1. Click on the wireless icon (in the menu bar at the top of the screen).
    Select Open Network Preferences....
    Select Airport and click Advanced...
  2. Click on the 802.1X tab.
    Click on + and select Add User Profile.
  3. Define the profile details:
    Profile name: eduroam
    User Name:
    Password: mypassword
    Wireless Network: eduroam
    Authentication:Select the tickbox beside PEAP and un-select all the others.

    Further info on credential settings

  4. Select PEAP and click Configure....
    Enter details as follows:
    Outer identity:

    Click OK

  5. Click Configure Trust...

    If your home site has provided you with a file containing a CA certificate then you will need to install it here, otherwise skip to the next part of this step.

    Installing the CA certificate

    Select Servers tab.
    Click + and name the new entry

    Further info on certificate verification

    Click OK

  6. Click OK at the new profile window.
    Click Apply in the Network window.
    Highlight Airport and click Advanced... once more
    Click on + to add eduroam as a preferred network.
  7. Define the eduroam network details:
    Network Name: eduroam
    Security: Select WPA2 Enterprise
    802.1X:Select eduroam, which should cause the remaining fields to auto-fill
    User Name:
    Password: mypassword

    Further info on network details

    Click Add

  8. You can make eduroam your preferred network by dragging the eduroam entry to the top of the list of preferred networks.
    Click OK
    Click Apply
Your wireless client is now configured to avail of eduroam and should connect automatically when at a site where the eduroam service is available.