Question
How can I troubleshoot problems connecting to eduroam on a Linux machine?
Overview
A frequent error users have been experiencing when using Linux systems to connect to campus wireless is a "Choose CA Certificate" box that will not go away.
Answer
An error that some Linux users have been seeing when trying to connect to eduroam. Often, clicking "Choose CA Certificate" does nothing, and you get stuck in a loop. This appears to be a bug.
Linux machines don't always automatically detect the settings needed in order to connect to eduroam. We've found the best way to connect it to do the following:
- Access your Network Connection (named differently in different Linux distros but, in general, go to Settings -> Network Connections)
- Add or Edit the eduroam connection
- If eduroam is not on the list, click Add.
- If eduroam is on the list, highlight it and click Edit (If after following all steps it still doesn't work, some users have had to highlight eduroam, click Delete, and then add the network again, to wipe out all the settings and start from scratch).
- If asked, choose Wi-Fi or Wireless as the connection type.
- Use the following settings (they may be in a different order/in different places depending on the Linux distro and desktop environment):
- Under Wi-Fi Settings (or similar section):
- Network Name/SSID: Either eduroam
- Security/Encryption: WPA2 Enterprise
- Authentication/EAP Type: Protected EAP (PEAP)
- Anonymous Identity: Leave blank unless you're having trouble connecting. Then, for eduroam try: anonymous@ucdavis.edu or @ucdavis.edu.
- CA Certificate*: Click the browse button and navigate to /etc/ssl/certs/AddTrust_External_Root.crt
- Note: You'll have to navigate to this file using the file browser, which looks and acts differently in each Linux distribution, but the basic functions are the same. You may need to click "Computer" or "/" before you then navigate to /etc/, etc. If there is an address bar you can type into, just copy and paste the above location.
- An alternate certificate can be found at /usr/share/ca-certificates/mozilla and select the file "USERTrust_RSA_Certification_Authority.crt".
- PEAP Version: Automatic
- Inner Authentication: MSCHAPv2
- Username - LoginID@ucdavis.edu
- Note: This looks like an email address but it isn't! It's your LoginID with @ucdavis.edu after it. So if your Kerberos ID is jsmith, your eduroam username is jsmith@ucdavis.edu even if your email is something else, like jonsmith@ucdavis.edu
- The reason for the @ucdavis.edu is because eduroam can be used at many universities and other locations worldwide. Visit the eduroam website for a list of all locations.
- Password: Kerberos Passphrase
*Note about Certificates: the specific example has been tested on Ubuntu 12.04 and 14.04. Other versions and distributions may have different locations for CA certificates.
If you are using Wicd as your wireless manager, check the following boxes:
- Use these settings for all networks sharing this essid
- Use encryption
- Choose PEAP with GTC as the encryption method
- Identity: Your UC Davis KerberosID@ucdavis.edu
- Password: Your UC Davis Kerberos Passphrase