Copyright 2017 - CSIM - Asian Institute of Technology

On this page, you will find information about connecting to eduroam.

For Android, jump to the bottom of this page.

Configuring eduroam for Microsoft Windows 7

The solution below has been tested with Windows 7. The graphical interface may vary but the procedure is the same.

1. Open the Network and Sharing Center in the Control Panel and click on Manage wireless networks.
 2. Click Add to create a new network.

Choose Manually create a network profile.

In the Network name, enter eduroam (note that the work eduroam is all lowercase).
Select WPA2-Enterprise for the Security type.
Make sure that the box Start this connection automatically is sexlected.
Click Next.

3. Once the window Sucessfully added eduroam is up, click on Change connection settings.

In the tab Security, click on Advanced settings.

Check the box Specify authentication mode.
Select User authentication.
And click OK.

 4. Click on Settings

Make sure that the box Validate server certificate is checked.
Check the box Connect to these servers and enter the server name radius.cs.ait.ac.th
In the Trusted Root Certification Authorities, select AddTrust External CA Root
Uncheck the box Do not prompt user to authorize new server or trusted certification authorities.
Check the box Enable Identity Privacy and enter the word anonymous. The paragraph below explains what is aunymous identity.
Click Configure.

Uncheck the box Automatically use my Windows logon name and password (and domain if any).
Click OK. 

Close all the windoWs that were open during the configuration of eduroam, click OK or Close.

5.  Select the WiFi network eduroam and click Connect.
6. Enter your CSIM username (your username must have @cs.ait.ac.th at the end) and CSIM password.

Click OK.

 
7. When you get the message saying that the Credentials provided by the server could not be validated, click on Details.

This message arises because Windows 7 does not containts the Certificate Root used by Let's Encrypt.

 
8. Check that the the details are as follow (it is very important that you confirm that the details are correct, else you could be sending your password to an untrusted server):

Radius server: radius.cs.ait.ac.th
Root CA: DST Root CA X3

Click Connect.

You are not connected to eduroam, everytime an eduroam network is available, you will be connected automatically.

 

Configuring eduroam for Android

When you select eduroam WiFi connection on your smartphone, you must enter your CSIM username (with @cs.ait.ac.th at the end) and your CSIM password.

Note that your password is always sent on encrypted connection, the Anonymous identity protects only your username

Click on Anvanced options and use This email address is being protected from spambots. You need JavaScript enabled to view it. for the Anonymous identity. The section below details what is anonymous identity.

The other options need no change.

802.1x, EAP, eduroam and anonymous identity

When you authenticate with eduroam, your credentials, that is your username and your password, must be sent by your computer to a server at CSIM.

Your password is always encrypted, so it is not a problem.

But your username is not. The system needs to know the part cs.ait.ac.th in order to roam the authentication to CSIM server. If the system can see the cs.ait.ac.th part, it can also see your username. This is not a threat as big as knowing your password, but that could allow phishing, social engeeniring and open the gate to some attacks. To mitigate this risk, an anonymous identity can be used while negociating to roaming to CSIM server. Once this roaming is established, an encrypted tunnel is opened and your real username is sent encryoted.

This page describes 802.1x and EAP and how it applies to eduroam in greater details.

Powered by:

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology