Brookes eduroam wireless setup for Windows XP

How to join the eduroam@brookes wireless service

 

Remember: you must first register for eduroam@brookes in order to connect to it.

Note: To use eduroam@brookes you must have a compatible IEEE 802.11b/802.11g wireless hardware, that supports WPA (preferably WPA2), and the appropriate up to date drivers, installed and working. This hardware is usually fitted as standard on modern laptops but you must ensure that it is working correctly before proceeding with these instructions. Usually this is indicated by Windows being able to detect wireless networks even though it may not be able to connect to them.
Refer to the manufacturer's instructions to ensure that the wireless device conforms to the necessary specifications.

 

You will need the following:

• A wireless enabled PC with compatible hardware.
• (for XP Service Pack 2) A patch from Microsoft to enable WPA2 services (see below).
• A registry file to remove your details at any time (see below).

The following instructions are for Windows XP SP2 or later. Other platforms (e.g. Mac OS X) or software may display different menus and forms but the same information will need to be entered.

 

Preparing your computer

 

Ensure your computer is fully updated with security updates and patches from http://update.microsoft.com and that you have the latest wireless drivers from the manufacturer of your wireless card. We recommend updating to Windows XP Service Pack 3.

You may need to download some files prior to connecting to the wireless service so you will have to carry out these steps using a different network connection than Brookes wireless or on a different computer (and then copy the files across via a disk).

 

 

Connect to eduroam@brookes

 

Before attempting to connect for the first time you must ensure that you are within range of a wireless network point (a node) and that you have good signal strength. You can view maps of the Brookes campuses showing signal coverage.

 

To see if you are in range of an eduroam@brookes access point

1. Make sure your wireless card is enabled.
   
   

2. Right click on the wireless network icon in the system tray and select View available wireless networks.
   
   
   
3. The Wireless Network Connection window will be opened.
   
   
4. The eduroam network should be listed. Check the the green indicator bars on the right show that you have a strong signal strength.
   

Select the ‘eduroam’ SSID and click Connect (this attempted connection will fail, but it will ensure that Windows is aware that the network exists and that it will be listed in Preferred Networks).

 

 

To join the eduroam@brookes network

1. Select Change the order of preferred networks.
   
   
2. Select the Wireless networks tab. You should see 'eduroam' listed as an preferred network.
   
   Note: If Windows says it is unable to manage your wireless connection you may be using a proprietary client wireless application, eg by Belkin, BT or Intel, that came with your wireless card. These may need disabling but that is beyond the scope of this document. You can contact Hardware Support (AG02) for further advice on 01865 483324, or internal extension 3324.
   
   
3. Click the Advanced button.
   
   
4. On the Advanced option dialog ensure that 'Access point (infrastructure) networks only' is selected and 'Automatically connect to non-preferred networks' is not selected.
   
   
   
   
5. Click Close to return to the Wireless Network Connection Properties dialog.
   
   
6. Select the ‘eduroam’ SSID from preferred networks (if 'eduroam' is not listed your driver may not support WPA – refer to your wireless hardware documentation).
   
   
7. Click on Properties, which will open an eduroam properties window and ensure that the Association tab selected.
   
   
   
8. Set Network authentication to WPA2.
   
   
9. Set Data Encryption to AES.
   
   
10. Ensure that 'Key is provided for me automatically' is ticked.
    
    
11. Note: If the above settings are not available set Network Authentication to WPA and Data Encryption to TKIP. This setting is not as secure but is supported by a wider range of hardware. Use WPA2 if possible.
    
    
12. Select the Authentication tab.
    
    
    
13. Ensure that 'Enable IEEE 802.1X authentication for this network' is ticked.
    
    
14. Set the EAP Type to Protected EAP (PEAP).
    
    
15. Deselect 'Authenticate as computer when computer information is available'.
    
    
16. Deselect 'Authenticate as guest when user or computer information is unavailable'.
    
    
17. Click the Properties button below EAP Type.
    
    
18. On the Protected EAP Properties dialog tick Validate server certificate.
    
    
    
19. Set Connect to these servers to eduroam.brookes.ac.uk
    
    
20. At the bottom of this dialog 'Select authentication method' should say 'Secured Password (EAP-MSCHAP v2)'.
    
    
21. Ensure that Enable Fast Reconnect is ticked and that Enable Quarantine checks and Disconnect if server does not prevent cryptobinding TLV are unticked.
    
    
22. Click the Configure button and uncheck 'Automatically use my Windows logon name and password'. Click OK to save this change and close the EAP MSCHAP v2 properties dialog window.
    
    
    
    
23. Click OK to save the changes and close the Protected EAP Properties dialog window.
    
    
24. Click OK to save the changes to Eduroam Properties.
    
    
25. Click OK to save the changes to the Wireless Network Connection Properties.
    
    
26. A dialog balloon associated with the wireless network icon in the systems tray will appear, prompting you to “Click here to select a certificate or other credentials for connection to the network eduroam”. Click on this balloon.
    
    
27. In the resultant Enter Credentials window, enter your Brookes userid (including realm, eg 01234567@brookes.ac.uk) and password (your normal Brookes logon password). Leave the domain field blank.
    
    
    
    
    Please note that your username and password are not transferable and should not be given to, or used by, anyone else. See the Regulations for the use of IT facilities for more information.
    
28. Click OK.
    
29. You may be prompted to Validate Server Certificate. eduroam@brookes uses a UTN-USERFirst-Hardware or Add-Trust certificate. If you view the certificate it will be for 'eduroam.brookes.ac.uk'. Click OK to accept it.
    
    
    
    
30. Your laptop should now authenticate your credentials with Brookes and, if successful, gain network access.

    You should now be connected to eduroam@brookes.

    Note: if you move out of wireless signal range you may need to re-enter your userid and password (see step 27).

 

For help with connection problems contact the Computer Services Centre on 01865 483333, or internal extension 3333, or email eduroam@brookes.ac.uk. For general advice contact the Service Desk on 01865 483311, or internal extension 3311, or email servicedesk@brookes.ac.uk.

 

How to remove your authentication details for the Brookes wireless service

Note: if you only wish to temporarily disable access to eduroam@brookes (eg if you are lending your laptop to someone else) you can do this through the eduroam@brookes registration page (select Update Settings on the left hand menu and set Disable access to eduroam@brookes to 'Yes' and click the Submit button to save). You can reverse this disabled state at any time by setting it to No.

 

You may need to remove the userid and password details that you have saved for the Brookes wireless service. You may wish to do this to stop your computer from automatically connecting to the service or if the computer was borrowed from someone else (note: laptops hired from Computer Services Reception are wiped and reinstalled when they are returned so the wireless details will be deleted anyway).

 

You cannot remove these settings through a normal Windows graphical program. You can remove the Windows Registry key by reading the warning below and then downloading and running this Reg file.

 

Warning: the Reg file above will remove your Brookes credentials form the wireless settings. If you wish to join the network again you will need to go back to step 26 in this document. Removing Registry keys in Windows is not something normal users should have to do and can possibly lead to problems with Windows if something goes wrong. If in any doubt please contact your IT support staff or the Service Desk for further advice. While we have taken every possible care to ensure this works without adverse effects Brookes cannot be held accountable for any problems arising from following this procedure. You do so at your own risk.

 

 

On line resources

General information about Brookes wireless.

Maps of the Brookes campuses showing signal coverage.

---