Eduroam (WiFi)

You can use your GFZ account to connect to Eduroam on the GFZ Campus and in other participating institutions and universities. This allows you access to the Internet. On GFZ Campus you are also granted access to the intranet and to central servers.

Prerequisites

To use Eduroam you have to activate this service on the Passwords & Services site on the GFZ intranet web site and set a separate password for it.

General information

Parameters to connect to Eduroam.

  • Network name: eduroam
  • Wireless securiry: WPA2-Enterprise
  • Authentication: Protected EAP (PEAP)
  • Inner authentication: EAP-MSCHAPv2
  • Root certificate: Deutsche Telekom Root CA 2
  • Username: Your-Login@gfz-potsdam.de
  • Password: Your Eduroam password

Detailed Instructions

Create a new WLAN profile manually

Open the "Network and Sharing Center" and choose "Manage wireless networks" in the left section of the menu. Click on "Add".

SSID and security settings

As SSID please use "eduroam" and then choose the security type "WPA2-Enterprise". Set the encryption type to "AES". Afterwards click on "Next".

Fig. 1: SSID and security settings

Change your connection settings

Open the connection settings by clicking on "Change connection settings".

Fig. 2: Change connection settings

Connection settings

Open the connections security settings by clicking on the "Security" tab. Choose the method "Microsoft: Protected EAP (PEAP)" and click on "Settings".

Fig. 3: Properties: Connection
Fig. 4: Properties: Security

Properties for secured EAP

Activate the option "Validate server certificate" and choose the CA "Deutsche Telekom Root CA 2" for your trusted root certification authority.

Configure the authentication method "Secured password (EAP-MSCHAP v2)".

Fig. 5: Properties: PEAP

Properties for EAP-MSCHAPv2

Deactivate the option to use your windows login data as default.

Fig. 6: Properties: EAP-MSCHAPv2

Advanced settings

Confirm your changes by clicking "OK". Afterwards you open the security tab in the advanced settings of your wireless network.

Activate "Specify authentication mode" and choose "User authentication".

Fig. 7: Advanced settings

After that it is possible for you to save your login data. This will be used to establish the connection automatically without asking you for your user data every time.

ATTENTION
You have to use your e-mail address as the username: Your-Login@gfz-potsdam.de.

Confirm your settings by closing all settings / properties windows by clicking "OK" resp. "Close".

Login window

Now you can connect with Eduroam.

If you did not save your user data you will now be asked to enter it.

Fig. 8: Login window

Connecting to Eduroam

Click the Wi-Fi icon in the control panel to display all available Wi-Fi networks.

Select 'eduroam' and click 'Connect'. If you do not wish to automatically connect to this Wi-Fi every time, first uncheck 'Connect automatically'.

Fig. 1: Wi-Fi 'eduroam'

You have to use your e-mail address as the username: Your-Login@gfz-potsdam.de.

The required password is your eduroam password.

Fig. 2: Enter login data

Then click 'Connect'.

Fig. 3: Establish the connection

Open Network Preferences

In your task bar, click the WLAN symbol and then "Open Network Preferences..."

It is possible to alternatively go to your System Preferences and click "Network"

Fig. 1: Open Network Preferences

Network

Make sure that the Wi-Fi section is selected on the left hand side of the screen. Click "Advanced..."

Fig. 2: Network preferences

Wi-Fi

You will see a list of all Wi-Fi networks that you have previously connected to. Below this list, click the "+" button to add a new one.

Fig. 3: Add a new Wi-Fi

Configure a Wi-Fi network profile

As the Network Name, type in "eduroam". Choose "WPA/WPA2 Enterprise" from the "Security" drop-down menu. The Mode "Automatic" does not need to be changed.

Enter your username written like this: login@gfz-potsdam.de and your Eduroam password. Click "OK".

Fig. 4: Configure a Wi-Fi network profile

Turn Wi-Fi on

To save your configuration click "Apply". Click on "Turn Wi-Fi On". Your computer will try to connect to a WiFi. In case there is more than one WiFi within reach, make sure you really are connected to Eduroam.

Fig. 5: Turn Wi-Fi on

It is possible to always connect to Eduroam even if there are other WiFi networks available. This is accomplished by going to the "Advanced..." area and dragging the Eduroam entry further up in the list.

Verify certificate

When establishing a connection for the first time you will be asked to verify the certificate from radius1.gfz-potsdam.de resp. radius2.gfz-potsdam.de.

Clicking on "Show Certificate" will give you more detailed information and should look like this:

Fig. 6: Verify certificate

Click "Continue" to add this certificate to your Keychain Access. You will be prompted to authorise this change to your system.

Connecting to Eduroam

Choose the wireless network "eduroam" and click on "Connect".

Enter the following parameters.

Wireless security: WPA & WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity: anonymous@gfz-potsdam.de
CA certificate: Deutsche_Telekom_Root_CA_2.pem *
PEAP version: Automatic
Inner authentication: MSCHAPv2
Username: Your-login@gfz-potsdam.de
Password: Your Eduroam Password

* Please note: The certificate is located in /etc/ssl/certs or can be downloaded and installed from the DFN website.

Fig. 1: Properties to connect to Eduroam

Contact

Helpdesk (IT-Support)
+49 331 288 2845
Profile