Copyright 2018 - CSIM - Asian Institute of Technology

On this page, you will find information about connecting to eduroam.

802.1x

Wizard configuration

Browse to CSIM page on 1x-config and download the installer that corresponds to your operating system.

When asked for a username, enter your CSIM username (your username must have @cs.ait.ac.th at the end) and CSIM password. If you don't use @cs.ait.ac.th, the connection will not be authenticated.

You can also use the QR-code for quick access.

There is no automated installer for Android, so you will have to configure eduroam network manually.

Manual configuration

The configuration for UbuntuAndroid and Mac OS X are described further.

Configuring eduroam for Microsoft Windows 7

The solution below has been tested with Windows 7. The graphical interface may vary but the procedure is the same.

1. Open the Network and Sharing Center in the Control Panel and click on Manage wireless networks.
 2. Click Add to create a new network.

Choose Manually create a network profile.

In the Network name, enter eduroam (note that the work eduroam is all lowercase).
Select WPA2-Enterprise for the Security type.
Make sure that the box Start this connection automatically is sexlected.
Click Next.

3. Once the window Sucessfully added eduroam is up, click on Change connection settings.

In the tab Security, click on Advanced settings.

Check the box Specify authentication mode.
Select User authentication.
And click OK.

 4. Click on Settings

Make sure that the box Validate server certificate is checked.
Check the box Connect to these servers and enter the server name radius.cs.ait.ac.th
In the Trusted Root Certification Authorities, select AddTrust External CA Root
Uncheck the box Do not prompt user to authorize new server or trusted certification authorities.
Check the box Enable Identity Privacy and enter the word anonymous. The paragraph below explains what is aunymous identity.
Click Configure.

Uncheck the box Automatically use my Windows logon name and password (and domain if any).
Click OK. 

Close all the windoWs that were open during the configuration of eduroam, click OK or Close.

5.  Select the WiFi network eduroam and click Connect.
6. Enter your CSIM username (your username must have @cs.ait.ac.th at the end) and CSIM password. If you don't use @cs.ait.ac.th, the connection will not be authenticated.

Click OK.

 
7. When you get the message saying that the Credentials provided by the server could not be validated, click on Details.

This message arises because Windows 7 does not containts the Certificate Root used by Let's Encrypt.

 
8. Check that the the details are as follow (it is very important that you confirm that the details are correct, else you could be sending your password to an untrusted server):

Radius server: radius.cs.ait.ac.th
Root CA: DST Root CA X3

Click Connect.

You are not connected to eduroam, anytime and anywhere an eduroam network is available, you will be connected automatically.

 

Configuring eduroam for Ubuntu

1. Select eduroam from the list of possible wireless networks.
2. In the form for configuring eduroam you must enter the following:
- Authentication: Protected EAP (PEAP)
- Anonymous identity: This email address is being protected from spambots. You need JavaScript enabled to view it. See the section below for more details about the anonymous identity and why it matters with Ubuntu.
- Click on No CA certificate is required.
- Username: enter your CSIM username followed by @cs.ait.ac.th. It is important that you do not forget the @cs.ait.ac.th if you want the connection to be authenticated.
- Password: use your CSIM password.
- Click on Connect.

Your connection to eduroam is established. Any time and anywhere the eduroam network is available, you will be automatically connected.

Configuring eduroam for Android

When you select eduroam WiFi connection on your smartphone, you must enter your CSIM username (with @cs.ait.ac.th at the end) and your CSIM password. Do not forget the @cs.ait.ac.th or the connection will not be authenticated.

Note that your password is always sent on encrypted connection, the Anonymous identity protects only your username

Click on Anvanced options and use This email address is being protected from spambots. You need JavaScript enabled to view it. for the Anonymous identity. The section below details what is anonymous identity.

The other options need no change.

Anytime and anywhere the network eduroam is available, you will be automatically connected.

Configuring eduroam for Mac OS X

This profile may work on iPhones.

1. Download the CSIM eduroam profile on your computer.

While you could do the configuration manually, using the existing profile, you are sure all the correct information are provided; this include the anonymous identity as decribe in the paragraph about what is anonymous identity below.
 
2. Double click on the file you have downloaded, this will start installing CSIM eduroam profile on your computer.

Click Continue.
3. The profile has not been signed or certfied, but it is valid.

Click Continue to turst the profile.
4. At this stage, you must provide the account and password you will be using with eduroam.

Make sure you use @cs.ait.ac.th after your user name; for example st119873@cs.ait.ac.th
Without the @cs.ait.ac.th, authentication to eduroam will fail. Use your CSIM password.

If you install this profice on a system with several users, leave the username and password empty; each user will have to enter his credentials when he connects to eduroam.
5. To save the profile in your computer, you must enter the password of the root user.
6. The profile is installed and look like the example provided.
7.  Now select eduroam in the list of avaible WiFi networks.
8. The first time you connect to eduroam, your system will need to install the encryption certificate used by our authentication server.

Click on Show Certificate to the details of the certificate you are about to install.
9. It should show:
- DST Root CA X3
- Let's Encrypt Certificate
- radius.cs.ait.ac.th

Click on Continue.
10. You need to enter the password of your root user to save the certificate.

You are now connected to eduroam; any time and any where an eduroam network is available, you will be connected automatically.

802.1x, EAP, eduroam and anonymous identity

When you authenticate with eduroam, your credentials, that is your username and your password, must be sent by your computer to a server at CSIM.

Your password is always encrypted, so it is not a problem.

But your username is not. The system needs to know the part cs.ait.ac.th in order to roam the authentication to CSIM server. If the system can see the cs.ait.ac.th part, it can also see your username. This is not a threat as big as knowing your password, but that could allow phishing, social engeeniring and open the gate to some attacks. To mitigate this risk, an anonymous identity can be used while negociating to roaming to CSIM server. Once this roaming is established, an encrypted tunnel is opened and your real username is sent encryoted.

This page describes 802.1x and EAP and how it applies to eduroam in greater details.

Powered by: 802.1x-config

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology