Configuring MacOSX Snow Leopard (v10.6) wireless client for TTLS+PAP (v3.0, 27th Feb 2014)
Described here are the steps involved in configuring the MacOSX v10.6 (aka Snow Leopard) wireless client to use eduroam, authenticating via TTLS+PAP. Your home site will be able to tell you whether TTLS+PAP is the appropriate authenticiation method that you should use.
Wherever you see the 
icon in the instructions below you can click on the text beside it to display further information and click on it again to hide the detailed text once more. Click on an image to open a larger version in a new browser window.
Information you will need
To complete these instructions you'll need some information specific to your home site/organisation, plus your own credentials, as listed below. If any of the details in your wifi profile are incorrect then your authentication will fail and you will not gain wifi access via eduroam. The IT department of your home site will be able to provide you with these details:
| Information required | Sample string in the instructions below |
|---|
| Your home site's domain name as would appear in, for example, your e-mail address e.g. ucd.ie | mysite.ie |
| [OPTIONAL] The name of the CA certificate used by your home site for eduroam. You will not require this if your site is using a public CA which is already defined on your iPhone. | Cybertrust Educational CA |
| [OPTIONAL] A file containing the actual CA certificate used by your site for eduroam. You will not require this if your site is using a public CA which is already defined on your iPhone. | cacert.crt |
| The name on the SSL certificate presented by the authentication server at your home site e.g. tweedledum.ucd.ie | certname.mysite.ie |
| The username you use to authenticate against your home account. Note the inclusion of your domain name e.g. jsoap@ucd.ie | myname@mysite.ie |
| The password you use to authenticate against your home account. | mypassword |
Configuration instructions
Follow these steps to configure your wireless client:
- Click on the wireless icon
(in the menu bar at the top of the screen).
Select Open Network Preferences....
Select Airport and click Advanced...
- Click on the 802.1X tab.
Click on + and select Add User Profile.
- Define the profile details:
| Profile name: | eduroam |
| User Name: | myname@mysite.ie |
| Password: | mypassword |
| Wireless Network: | eduroam |
| Authentication: | Select the tickbox beside TTLS and un-select all the others. |
|
|
Further info on credential settings
Credential Settings
Your credentials consist of your username, in a form much like an e-mail address, and your password. In this example, the option to cache credentials is chosen by saving them with the profile, but you should consider for yourself whether this option is appropriate for you, and if in doubt then opt to not have your credentials cached (by leaving the username and password fields in the profile empty). If your credentials are not cached then you will be prompted for them each time you use eduroam wifi.
- Select TTLS and click Configure....
Enter details as follows:
| TTLS Inner Authentication: | PAP |
| Outer identity: | anonymous@mysite.ie |
|
|
Click OK
- Click Configure Trust...
If your home site has provided you with a file containing a CA certificate then you will need to install it here, otherwise skip to the next part of this step.
Installing the CA certificate
Installing the CA Certificate
We will assume the CA certificate is stored in file cacert.crt
Select Certificates tab.
Click + and select Select Certificate File
Browse to where cacert.crt is stored and select it. |
 |
The operating system will later prompt for your password "to make changes to your Certificate Trust Settings" as it saves this new certificate.
Select Servers tab.
Click + and name the new entry certname.mysite.ie
Further info on certificate verification
Certificate Verification
When your client connects to eduroam, it will try to verify the identity of your home authentication server before it passes your credentials to the server for validation. The wireless client relies upon the SSL certificate presented by your home authentication server in order to carry out this verification. Defining the certificate details here allows the client to complete this verification without any intervention required by you, and provides the greatest level of protection of your credentials.
Click OK
- Click OK at the new profile window.
Click Apply in the Network window.
Highlight Airport and click Advanced... once more
Click on + to add eduroam as a preferred network.
- Define the eduroam network details:
| Network Name: | eduroam |
| Security: | Select WPA2 Enterprise |
| 802.1X: | Select eduroam, which should cause the remaining fields to auto-fill |
| User Name: | myname@mysite.ie |
| Password: | mypassword |
|
|
Further info on network details
Network Details
Some of the fields in this window will be automatically filled in from the eduroam 802.1X profile created in a previous step. In this example, the option to cache credentials is chosen by saving them with the profile, but you should consider for yourself whether this option is appropriate for you, and if in doubt then opt to not have your credentials cached (by leaving the username and password fields in the profile empty) so that you are prompted for them each time.
Click Add
- You can make eduroam your preferred network by dragging the eduroam entry to the top of the list of preferred networks.
Click OK
Click Apply
Your wireless client is now configured to avail of eduroam and should connect automatically when at a site where the eduroam service is available.
