connecting to eduroam & harvard wireless without having to install sketchy things

UPDATE 27 SEPT 2019 (checked current as of 27 Dec 2019 as well) – Ubuntu 19.04 / Android version 9

It appears eduroam settings have changed (CA certificate *must* be installed)

On my laptop (Ubuntu 19.04)

Where the CA file comes from

 /etc/ssl/certs/AddTrust_External_Root.pem

(thanks old blog post)

Note: Eduroam appears to be the same settings as Harvard Secure

Android

I also had to install the certs on my phone

  1. Put above file onto phone (I transferred using bluetooth> send files, but usb would work too I’m sure)
  2. Install on phone
  3. And then type some sensible name
  4. Then, connect to Harvard Secure wifi with similar settings as in the desktop case. Select the CA certificate we just installed.

And hopefully it will work.

  PROTIP: You have to be fully disconnect from the network (not attempting to connect to it) in order to edit the settings.

I’m still working out how to reconnect to eduroam… sigh

Legitimately, when I have friends co-work, it’s so annoying for them to connect to the internet that I end up just giving them my password. Which is wrong and bad for all kinds of reasons, but that’s life as an end-user…

Troubleshooting / via CLI for the nerds

 

rui@chaiX1YG2:/ $ nmcli con 
NAME UUID TYPE DEVICE 
eduroam 9196d2be-df9e-4f92-8781-c5c47c60e90d wifi wlp4s0
rui@chaiX1YG2:/etc/NetworkManager/system-connections$ $ sudo cat eduroam
[sudo] password for rui: 
[connection]
id=eduroam
uuid=9196d2be-df9e-4f92-8781-c5c47c60e90d
type=wifi
permissions=
timestamp=1548391592

[wifi]
mac-address=A0:AF:BD:E9:F4:18
mac-address-blacklist=
mode=infrastructure
seen-bssids=A4:6C:3B:3F:AA:FB;70:3A:0E:88:80:50
ssid=eduroam

[wifi-security]
key-mgmt=wpa-eap

[802-1x]
ca-cert=/etc/ssl/certs/AddTrust_External_Root.pem
eap=ttls;
identity=CHANGETHIS@g.harvard.edu
password=CHANGETHIS
phase2-auth=pap

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto


OUTDATED – Old post below:

Harvard is very insistent about me downloading random software in order to connect to their wireless network, even though I have Harvard credentials (and eduroam credentials).

I have no idea why they do this. Why do I need to download software to connect to a wifi network? Anyhow, the solution is to just ignore it and figure out the settings on my own.

I just use eduroam. Here is what the internet told me:

https://superuser.com/questions/34198/securew2-equivalent-on-linux#472303

  • Security : WPA & WPA2 Enterprise
  • Authentication : Tunnelled TLS
  • Anonymous Identity : (I left this blank,but I think they have configured the network that way so it won’t ask for this kind of Identity)
  • CA certificate : (I left this blank as well,but again this has to do with the configuration of the wireless network,so it might be different in other educational institutes)
  • Inner Authentication : PAP
  • Username : (the one given from your school)
  • Password : (the one given from your school)

android

wifi3

Identity & password = my harvard credentials.

windows

Right now I am using Windows 10, and I have discovered that the wireless situation is not really better and maybe somewhat worse than on Ubuntu. *sigh*

Anyhow, I had expired MIT credentials. I finally figured out how to change my password: Go to settings -> Wifi -> Manage known networks (this option is kind of hard to see) -> eduroam -> Forget.

wifi1

(Jeebus knows why “properties” doesn’t tell me / let me do anything useful)

Then, the next time I click on “eduroam” and “Connect”, it will prompt me for a username and password. Enter in my harvard credentials and voila.

wifi2

2 thoughts on “connecting to eduroam & harvard wireless without having to install sketchy things”

  1. That “sketchy” software looks like it’s used to automatically set all of the correct settings for your computer to securely connect to the wifi. It seems to be a fairly standard practice for places that use 802.1x, so not sure what your concerns are. You’re using Ubuntu, are you examining all of the source code for packages you install too?

    1. If you say so! It seemed easier to just set the settings myself, feels a bit like overkill to install something for this.

Comments are closed.