eduroam with Android

WLAN access configuration via the eduroam SSID as described below applies for Android 2.1 and 2.2; it was tested successfully with an HTC Desire.

From version 2.3, two certificates are required, the CA certificate and the user certificate. For the CA certificate, load the Deutsche Telekom Root CA 2 and leave the user certificate blank. After registering a user, Sony Ericsson offers version 2.3.3 Gingerbread (build number 3.0.1.G.0.75) for the Xperia X10i. After the update, EAP TTLS and MSCHAP are again available, as in these instructions.

Caution: Updates are carried out at your own risk and a backup of the phone should always be done beforehand.

For Android version 3, please read the comments at the end of this page.

A description...

Via “All programs”, select “Settings

A description...

Select “Wireless controls” and go to the Selection options for wireless settings.

A description...

In the “Wireless controls” settings, activate “Wi-Fi” and, via “Wi-Fi Settings” go to the selection options for wireless networks.

A description...

Select the “eduroam” SSID

A description...

In the eduroam connection definitions, select the following settings:

EAP method: PEAP

Phase 2 authentication: MSCHAPv2

Identity: LRZusername


Anonymous identity:


Your password for your username


Alternative configuration if no LRZ username:

EAP method: TTLS

Phase2 authentication: PAP

Identity: RADIUS username.



Android devices offer the function „Back up my data“, which sends a lot of personal data, e.g. WLAN passwords unencrypted to Google´s servers. On many devices this is active by default when applying a Google account.

According to LRZ´s password policy ( LRZ passwords must not be given to a third party. Thus this option has to be deactivated. This is to be done in menu "Settings - Privacy settings - Back up my data". As an alternative backup program you can use e.g. the app Helium, which does´nt need root and can use encryption.

Android Version 4:

For version 4 there is an extra (german) tutorial at


With Samsung devices, you can install the AnyConnect VPN client and then use the WLAN in the MWN. Download from

For rooted devices there is a client at