Eduroam Android

The IT Department's general guide for eduroam is here:

http://intranet.itu.dk/en/Intranet-hjem/Afdelinger/It-afdelingen/IT-Afdelingens-ABC/TrAadlost-internet.aspx

This page here describes how to connect under Android, based on HTC Android 2.1 - but it should apply, with minor variations, to all Android phones.

  • Go to Settings > Wi-Fi settings
  • Under Wi-Fi networks, find "eduroam", tap it

Here comes the step that seems to be a problem for many:

  • If it s the first time you are setting up access info for a network, you may get a dialogue here that asks you for a password for key storage or such - the exact wording depends on version (the danish is probably "identitetslagring", english "credential storage"). This is NOT a password to the eduroam network, or something given to you by the IT department. It is simply your own local password for protecting all access info stored on your phone (often called a keychain). So you choose your own here.

If you have set your password earlier, but cant remember it, you ll have to reset it under "settings > security".

Once you have taken this step, continue with the actual ...

  • Settings (method and phase2 should be automagically recognized, but in case they are not, set them to be ...)
    • EAP method: PEAP
    • Phase 2 authentication: MSCHAPV2
    • Anonymous identity: @itu.dk
    • identity: <username>@itu.dk
    • password: <your-password>

press connect, and you should be fine.

A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate. A warning dialogue notifies you of this, but you are allowed to accept this potential security risk. It is absolutely necessary to retrieve the certificate through your browser, by going to http://itu.dk/cert/ , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue. Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).