Eduroam Wireless Configuration For Windows

Note that this applies to systems that use Windows Wireless Zero Configuration. If your system has another vendor's wireless utility application, then for wireless these instructions do not apply exactly, although a similar setup must be done. You must select 802.1x authentication, using PEAP and MSCHAP V2. Some utilities will allow you to use your windows username and password for the login, which you can do if they are both the same as your ADS credentials. Ensure that you include "@uwaterloo.ca" as part of your username.Also ensure that you configure your system to validate the certificate. Configure your system to use WPA encryption.

For Windows Server 2008 you may also have to select "User authentication" (Wireless network properties > Security Tab > Advanced Settings).

*** If you have problems connecting once you have set up the connection using this document, you may need to:

• Update your version of Windows with the most recent updates
  and/or
• Re-install the current WLAN drivers from the maker of your pc/laptop (e.g.: Toshiba, Dell, etc.) ***

Windows Wireless Zero Configuration (WZC)

For Windows 7 see additional instructions.

1. Log onto the computer with the userid and password of a local account.
2. Choose Start/Settings/Network Connections and select your wired or wireless network connection interface in the right-hand pane; click Change Settings of this Connection in the left-hand pane. (or Start/Control Panel/Network Connections/Wireless Network Connection and click the Properties button in the General tab).
   
3. For a wired interface (usually called Local Area Connection), proceed to the Authentication tab (step 5. below).
4. For a wireless interface, click the Wireless Networks tab.
   1. Make sure that Use Windows to configure my wireless network settings is checked.
   2. If the wireless network eduroam is not in the list, click the Add button, and enter eduroam>/strong> in the Network Name (SSID) box on the Association tab and click OK.
   3. Once, the wireless network, eduroam is in the list, select it and click the Properties button.
      
      
      
5. Click the Authentication tab (see image below).
   1. Check the Enable IEEE 802.1x authentication box
   2. Select Protected EAP (PEAP) in the EAP type pull-down menu.
   3. Ensure that Authenticate as computer when computer information is available and Authenticate as guest when user or computer information is unavailable are NOT checked.
   4. Click on the Properties button.
      
      
      
6. In the Protected EAP Properties window (see below):
   1. Ensure that the Validate server certificate box is checked.
   2. You can optionally check the boxes next to GlobalSign and GlobalSign Root CA (scroll down to see this in the Trusted Root Certification Authorities: list). If you do not check this, you will be prompted following your first authentication to accept this certificate authority. Either way works fine.
   3. Select Secured password (EAP-MSCHAP v2) in the Select Authentication Method pull-down, and click on the Configure button.
      
      
7. In the EAP MSCHAPv2 Properties window:
   1. Ensure that the Automatically use my Windows logon name and password (and domain if any) box is unchecked and click the OK button.
      
8. Click OK to close the Protected EAP Properties window; click OK again to close the uw-secure Properties window.
9. In the Wireless Network Connection Properties window, make sure eduroam is near the top of the list, but below uw-secure if configured.
   1. If not, select it and click Move Up until it is.
10. Click OK.
11. Click Close.
12. When you next connect to the network you just configured (Start/Connect to/Wireless Network Connection), you will see an authentication dialogue box (see below).
    *** If this does not happen, you may need to update your version of Windows with the most recent updates and/or re-install the current WLAN drivers from the maker of your pc/laptop (e.g.: Toshiba, Dell, etc.). ***
    Enter your ADS/UWdir username"@uwaterloo.ca" and password, leaving the domain field blank, and click the OK button to login.
    
    
    
13. If you did not click the Thawte box in a previous step, you will see the following:
    
    
    
14. Click inside this yellow Wireless Network Connection bubble (above) and then click the OK button (see below) to accept this certificate.
    
    
    
15. If you have problems:
    1. 1. Right click on an existing wireless icon in the bottom right corner of your windows screen.
       2. Choose View Available Wireless Networks
       3. Select eduroamand click Connect
    2. You may have to delete other wireless configurations.
    3. Also, make sure the latest Window XP patches/updates have been installed on your computer.

    You will now be logged in.

    • Because Windows will cache and re-use your login credentials, it's probable that you will not have to use the authentication dialogue again.
    • If you change your ADS/UWdir password, you will be re-prompted to enter the new one.
    • If you want to use another username, or want to see the login process again for some other reason, you will have to remove this wireless network connection (in Wireless Network Connection Properties above), and re-configure from the start, as described above.

    (NOTE: To remove cached credentials for a wired connection, a Registry edit is required.)