Eduroam Linux

The IT Department's general guide for eduroam is here:

This page here describes how to connect under Ubuntu 9.10 / 10 / 12 - but should be valid for all flavors of GNU/Linux that support 802.1x.

  1. find network with SSID "eduroam" and connect to it
  2. configure security settings as
  • WPA2 (Enterprise)
  • EAP (if it is neccessary to set this - should be recognized automatically)
  • authentication: Tunneled TLS
  • Anonymous Identity:
  • CA Certificate: fetch certificate from, use the one called
    • the checksums are:
      • md5: 82bd9a0b826a0e3e91ad3e27042b3f45 Go Daddy Class 2 Certification Authority.cer
      • sha1: de70f4e2116f7fdce75f9d13012b7e687a3b2c62 Go Daddy Class 2 Certification Authority.cer
  • Inner Authentication MSCHAP v2
  • Then enter your general ITU username / password
    • username: is the user part only, without the domain (, but it should work with full too.

A note on certificates: the implementaion of WPA/802.1x in Ubuntu allows you to connect, even though you do not have a trusted server certificate. A warning dialogue notifies you of this, but you are allowed to accept this potential security risk. It is absolutely necessary to retrieve the certificate through your browser, by going to , store it locally, and inform your WPA/802.1x client of its location, in the warning dialogue. Without the proper certificate, authentication is completely broken - the internal encryption provided by Microsofts MSCHAPv2 is known to be fully cracked (August 2012).

A student has contributed the following guide to configuring wpa_supplicant directly, via command line rather than GUI, which we share here as is - without having checked.

Enabling eduroam in Ubuntu 9.10
Enabling eduroam in Ubuntu 12
Choosing GoDaddy Cert in Ubuntu 12