Introduction:

This tutorial will help you configure your Nokia 5800 XpressMusic or any other Symbian S60v5 device to connect to Eduroam. A tutorial for doing this on S60v3 devices was already written here

The configuration shown in this document can be used as is by students & staff at the TUM,  LMU and other universities in and around Munich, Germany. If you are a student elsewhere some settings in the configuration may require change.

Eduroam in Munich is operated by the Leibniz-Rechenzentrum (LRZ). By integrating Eduroam into its Munich Reseach Network (MWN) it enables researches, staff and students at the various universities and study facilities seamless internet connectivity.

Access to Eduroam is through your LRZ ID. Ex:

• firstname.lastname@mytum.de

• firstname.lastname@campus.lmu.de

• lx87zz@lrz.de

• name@radiuszone

 For further information on Eduroam, please visit its website – www.eduroam.org .

Overview:

Eduroam uses WPA/WPA2 protocols to provide secure access to its research network. The WPA/WPA2 standards in Eduroam are configured to authenticate users based upon EAP-TTLS protocol.

The EAP-TTLS protocol involves authenticating the server with which user login information is exchanged. To ensure we are connecting to the right authentication server, a server root certificate has to be downloaded and configured in the client. This is shown in the sections below. After verifying the server, the client uses this certificate to establish a secure connection. Actual user authentication is done though this secure connection various EAP plugin protocols such as EAP-MSCHAPV2, EAP-PAP, EAP-PEAP. We will be using EAP-PAP as a EAP plugin protocol for connecting to Eduroam.

Now, as you see, the Authentication is done twice, first by the EAP-TTLS protocol and then by EAP-PAP. The authentication done by EAP-TTLS protocol is called outer-ring authentication (also known as anonymous authentication) and the one done by EAP-PAP is called inner-ring authentication.

The outer ring authentication requires only a username. Use the username: anonymous@mwn.de

The inner-ring authentication requires both, a username and a password which are your LRZ ID and its password, respectively.

The following steps will guide you

Installing the Server Certificate:

Download the certificate at http://www.pki.dfn.de/fileadmin/PKI/zertifikate/deutsche-telekom-root-ca-2.crt

Transfer it to your mobile via Bluetooth or cable and install it by opening it. A dialogue asking your permission to save the certificate will be shown, accept it to install the certificate.

                

Once installed the certificate can be found in Menu>>Settings>>Phone>>Phone mgmt.>>Security>>Certif. Management>> Authority certificates

Now go to Menu>>Settings>>Connectivity>>Destinations>>Add new accesspoint

The phone will prompt to search automatically the available WLANs, select ‘No’. Then it will ask which type of Access point to add, select Wireless LAN. When prompted for its Name enter as ‘eduroam’

The initial settings for the newly created access point should be like this:

Now, select the WLAN security settings from the above figure, the next set of settings should be as shown below:

Select EAP plug-in settings and only check EAP-TTLS, uncheck all others as we are not going to use them. Here we configure EAP-TTLS as the outer-ring authentication.

Double tap on EAP-TTLS to open its settings. Here we select the server certificate (Authority Certificate) and the outer-ring username. Before entering the username, you may have to change the ‘User name in use’ setting to ‘User defined’. A client side certificate (personal certificate) is optional, hence we can safely keep it as ‘Not defined’. Change the ‘Realm in use’ to ‘user defined’ and change the ‘Realm’ to be empty.

     

Now, we have to configure the inner-ring authentication protocol. We do that by tapping on the right arrow at the top left corner just after the ‘Settings’ heading. Here we select PAP to be checked, all others are to be unchecked.

Double tap on PAP to configure it. Here you provide inner-ring authentication credentials. These are your LRZ ID and password.

Now go back to the previous screen and again tap the right arrow and select all the available ciphers.

     

                          

The configuration is now complete.  Now goto Menu>>Settings>>Connectivity>>WLAN Wizard. The eduroam network should be listed as ‘known’. Select it and goto to Options>>Connect.  Welcome to Eduroam :)