About LAWN
News & Outages
Security
Policy
Coverage
Help
Getting Started
Configuration Help
LAWN Login API
Quick Links
Wep Key
Sponsor Guest
Manage Guests
FASTPASS
Device Login
Forums
Search
|
GTwpa is an alternative method of authenticating to the LAWN. Instead of using your web browser to authenticate via the LAWN login page, wireless devices capable of performing WPA2 Enterprise with EAP-PEAP network authentication can be configured to authenticate automatically when the device associates with the GTwpa SSID.
WARNING: THIS IS A PILOT SERVICE AND AT TIMES MAY BE UNRELIABLE. Our experience to date with WPA has been mostly favorable; however some problems do exist and can be very frustrating. By using this service you will help us to better evaluate and make improvements before the service goes into production. You may be contacted for feedback as a result of using this service. If you have feedback or suggestsions please use the forum below, or send mail to lawn-feedback@lists.gatech.edu
The network name or SSID needs to be set to GTwpa. Capitalization is important here. This SSID should be visible and available anywhere you can use GTwireless on the Atlanta campus.
Configure the network security as WPA2 Enterprise. If prompted, select PEAP as the EAP type.
GTwpa currently requires a Georgia Tech Active Directory (GTAD) username and password to authenticate. You can reset your GTAD (or make it the same as your GT Account Password) by logging into Passport. If you do not have a GTAD account (no option in Passport to set your GTAD password), this service will not be available for your use, please contact the customer support center for more questions regarding GTAD.
Your device can be configured to remember this username and password so that it can automatically associate and authenticate to GTwpa without the need to enter this information every time. As a result, you should not configure GTwpa on devices where you are not the exclusive user (a public/shared device or friends devices.)
Just like GTwireless, GTwpa uses the Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to network devices. Static Address assignment on LAWN is not supported.
Below are examples of how to setup a device to access the GTwpa for the following operating systems:
Microsoft Windows Vista
Microsoft Windows XP - Service Pack 2
Apple Mac OSX 10.5
Apple iPhone and iPod Touch
If you have feedback or suggestsions please use the forum below, or send mail to lawn-feedback@lists.gatech.edu
Please note that the forums are not
meant as a replacement for the official OIT help system REMEDY (which
can be reached via email ... support@oit.gatech.edu ... or via web at http://remedy.gatech.edu/request.html).
You must Login to LAWN Forums in order to post to this forum (HTTP cookies required).
GTwpa
This forum is to discuss the GTwpa pilot |
|
You are not logged in
|
|
| |
Matthew J. Sanders
|
Blackberry configuration for GTwpa
Blackberry OS 4.5.0.81+
(Device type is irrelevant, other than it having WiFi)
Do this:
Click "Manage Connections" (the pretty antenna icon) near the bottom
on the home screen
Click "Set Up Wi-Fi Network" in the menu
Click Next on the "Welcome to Wi-Fi Setup!" screen, if present
Click "Scan for Networks"
Click "GTwpa"
Type your normal GT login into the "User name" and "User password"
fields
Click the "" on the "CA certificate:" line, then click
"Equifax Secure Certificate Authority"
Click the "Connect" button
After a ten second wait screen, you should see "Connection
Successful!" at the VERY top of the screen
Click the "Next" button
Click "Finish"
Thanks to Thomas Shanks for sending this information. If you have instructions for other platforms please post them.
If you have instructions with pictures/screen shots please send to lawn-feedback at lists.gatech.edu |
afalendysz3
|
Configuration for Windows Mobile 6.1
Tested on a Samsung SCH-i760
Connect your mobile device to your PC using ActiveSync and copy the root certificate (http://ca.gatech.edu/certificates/gt-server-root.crt) to any directory on the device.
IMPORTANT: Change the extension of the certificate to .cer instead of .crt (this must be done on the PC, WM cannot change file extensions that I'm aware of)
Alternatively, you may rename and copy the certificate to a memory card, if your device supports it, and move the file that way.
Next, open up the File Explorer on your device and locate the renamed gt-server-root.cer
"Open" the certificate from within the File Explorer
After a few seconds, a message should pop up indicating that the certificate was installed correctly.
Open the Wireless Manager
Click "Menu"
Click "Wi-fi Settings"
Click "GTwpa"
Click "Next"
Ensure Authentication is set to WPA2 and Data Encryption is set to AES
Click "Next"
Set EAP Type to "PEAP"
Click "Finish"
Click "Connect"
Enter your gt login name and password, leave the Domain field blank.
Check the "Save Password" box
Click "OK"
After a short delay, the GTwpa network should show as "Connected" |
gth743d
|
Ubuntu 8.10 (Intrepid Ibex):
Left click on the network manager
Click GTwpa
When the authentication information window pops up, enter the following:
Authentication: PEAP
Anonamous Identity:
CA Certificate: /etc/ssl/certs/Equifax_Secure_CA.pem
PEAP Version: Version 0
Inner Authentication: MSCHAPv2
Enter your User Name and Password
Press Connect |
gth834q
|
Does anyone know wheteher the GTWwpa is available at Georgia Tech Savannah campus?
I followed the steps to configure it, but cannot see it on my list of available networks. |
David Byron Hilley
|
For people using wpa_supplicant directly, here is an example config:
# gtwpa.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=1
ap_scan=1
fast_reauth=0
network={
ssid="GTwpa"
key_mgmt=WPA-EAP
eap=PEAP
scan_ssid=1
identity="..."
password="..."
ca_cert="/etc/ssl/certs/Equifax_Secure_CA.pem"
phase1="peapver=0"
phase2="auth=MSCHAPV2"
}
#
Obviously you'll want to modify ctrl_interface and ctrl_interface_group to match your system (as well as ca_cert). And of course set your username (identity) and password. |
dmoroniti3
|
Windows 7
Click the Wireless Internet Access Icon.
Select GTwpa.
Enter GTlogin name and password.
You might get a message about the security certificate is invalid, I hope this will be fixed, but click connect.
Done.
I had an issue on one computer where it was unable to connect. Right-click the GTwpa network and go to properties. Make sure that all the settings match, which for me it did (even though it had not connected), and click ok. |
Matthew J. Sanders
|
On MacOS X, if wpa stops working after you change your password, try this:
go to Network Preferences->Airport->Advanced->802.1X->User Profiles->WPA:GTwpa
If there are multiple profiles for GTwpa, get rid of all but one and make sure it's got "GTwpa" as the named "Wireless Network". Update your password for the profile and hit ok. Turn the Airport Off/On to make sure it re-negotiates properly.
If that does not work, turn off the airport, delete the User profile mentioned above, delete the GTwpa related items in your keychain, and setup GTwpa again by selecting it from the visible networks. |
tengland3
|
Window 7 RC
If you're unable to reach the internet even after clicking "Connect" at the prompts.
Click the Wireless Internet Access Icon
Right-Click "GTwpa"
Click "Properties"
Click the "Security" tab
Click the "Settings" button
Look under the "Trusted Root Certification Authorities:" list
Make sure "Equifax Secure Global eBusiness CA-1" box is checked
I could not reach the internet without this change. |
gth847y
|
Use has been hit-or-miss lately. Not sure if it was that I had to change my password on Passport or if it was the updated iPhone OS 3. Did reinstall profiles after deleting them, but WPA is still being unreliable at best. |
rhoffman3
|
Has anyone else noted flaky service lately? Strangely, my iPhone's WPA connectivity has been rock-solid (with 3.0 OS update) but neither of my laptops has been able to use it at all... any thoughts? |
eriedy3
|
For Debian (and related distros), the Equifax cert in the ca-certificates package works, and it's at /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt . |
snowlan3
|
For Nokia E71x (AT&T running Symbian S60)
1) Go to Menu --> Settings --> Conn. mgr. --> Available WLAN networks.
2) Highlight GTwpa, go to Options --> Define access point,click "Yes", highlight "Internet" and click Select.
3) Go back to Menu --> Settings --> Config. --> Connection --> Destinations --> Internet.
4) Highlight and click on "GTwpa". Make sure to select the following settings:
Connection name: GTwpa
Data bearer: Wireless LAN
WLAN network name: GTwpa
Network status: Public
WLAN network mode: Infrastructure
WLAN security mode: WPA/WPA2
Homepage: None
Use access point: After confirmation
(You might be able to change the last 2...)
5) Highlight and click "WLAN security config." Use the following settings:
WPA/WPA2: EAP
WPA2 only mode: Off
6) Highlight and click "EAP plug-in settings". Enable "EAP-PEAP", make it highest priority, and disable all others.
7) Highlight "EAP-PEAP" and select to view "Settings" tab. Use the following settings:
Personal certificate: Not defined
Authority certificate: Equifax Secure Certificate Authority
User name in use: User defined
User name: (your GT login)
Realm in use: User defined
Realm: (leave blank)
TLS privacy: Off
Allow PEAPv0: Yes
Allow PEAPv1: Yes
Allow PEAPv2: Yes
8) Click right on d-pad to view "EAPs" tab. Enable EAP-MSCHAPv2, make it highest priority, and disable all others.
9) Highlight "EAP-MSCHAPv2" and click to configure it. Use the following settings:
User name: (your GT login)
Prompt password: No (choose yes if you want to re-enter password every time you connect)
Password: (your GT password)
10) Hit "Back" once to return to "EAPs" tab. Go right on d-pad to view "Cipher" tab. Enable the following:
RSA, AES, SHA
DHE-RSA, AES, SHA
DHE-DSS, AES, SHA
Disable the rest.
11) That should do the trick. Enjoy!! |
Rebecca Elizabeth Grinter
|
Hi,
Connecting a Mac, went through all the set up steps, but then got another window asking me for my password afterwards... typed it in and it seems to be working now, but the instructions did not contain information about the last box.
|
kdeo3
|
Hi,
Has anyone tried to connect using the Android developer phone? |
eriedy3
|
One "problem": The handshaking takes long enough that streaming media is interrupted or paused. Makes it difficult to listen to the radio, but it's not a serious issue... |
pwhite6
|
test message. |
mstyczynski6
|
I've been using GTwpa for the past three or four weeks and have found it to be very unreliable. Using it on a Macbook Pro w/ Leopard and on an iPod touch. I'm pretty sure I've followed configuration instructions well; I am able to connect on occasion, but would put my hit rate at somewhere below 50%. |
snihalani3
|
Dear Snowlan ,
Thanks for the trick for e71x but it says WPA authentication failed ..
What To Do ?? |
aboyd30
|
Same here snihalani... |
John M. Douglass
|
There were some issues this weekend (just fixed them at 10:00AM). Give it one more try those that had issues weekend of August 22-23, 2009. |
aboyd30
|
Thanks snowlan3! The network was just having problems when I was trying... |
John M. Trostel
|
Setting up a Palm Pre:
1. Select Wi-Fi / Turn on Wi-Fi
2. You will see GTwpa - Do NOT Select it
3. Go to Wi-Fi Preferences
4. Select '+ Join Network'
5. Enter 'GTwpa' for Network Name
6.Enter 'Enterprise' for Security type
7. click on 'Connect'
8. Enter your username and password
9. click on 'Connect'
My first try failed on the password, but re-entering it allowed it to connect just fine to GTwpa. Go figure...
6. |
candrew3
|
Hey guys, I just got a Zune HD, and was having troubles connecting to the GTWireless network. Anyone else got one and know any way to get the zune on the lawn without using the Device login? For some reason, I can't just connect to GTWireless and then enter my login info into the browser. |
mstyczynski6
|
Hi,
I just wanted to say that since my previous post a month ago, things have been pretty good. In the past two weeks, I've been consistently logging in to GTwpa from both my Macbook Pro and iPod Touch pretty much worry-free. Thanks for the tweaks, and keep up the great work! |
John M. Douglass
|
@mstyczynski6 - Thanks so much for the feedback! We are very glad to hear that your experience has been positive!
@candrew3 - Zune HD - From what I have read in the blogs, Zune HD does not support WPA-Enterprise (which is what we do on the GTwpa pilot network). You might try using its built in web browser, selecting "Remember Me" to set a cookie that will help. Unfortunately you will still have to open to the browser to the authentication page. It's unfortunate, but until Microsoft upgrades their device firmware to support WPA-Enterprise (if ever) you're out of luck. That or continue using device login. |
candrew3
|
@John M. Douglass - Do you think there is a way to get the Zune on the GTwireless network? On the iTouch you have can connect to the network and then bring up the browser to login to LAWN, but on the HD you can't even connect to the GTWireless network. This is very strange because I can connect to Fastpass or GTVisitor and then bring up the browser and get to their respective login screens. Are those two networks configured differently than GTWireless? |
John M. Douglass
|
@candrew3 - Actually on the iTouch you can use the pilot network GTwpa (which will do autologin because the iTouch supports WPA-Enterprise).
For starters, doublecheck that you have the correct WEP key (https://auth.lawn.gatech.edu/ssid_wep.php). Barring that, I would drop by the OIT Technology Support Center on the first floor of the library. They should be able to assist. |
aboyd30
|
I am running Mandriva 1.2009 and I can't seem to locate the /etc/ssl/certs/Equifax_Secure_CA.pem If anyone has any suggestions for connecting please post.
|
John M. Douglass
|
I believe you can download the root manually at this location:
http://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.cer
Just name it that same file if that is where your supplicant is looking for it. |
gth757k
|
Anyone try this on the g1 or my touch 3 g |
John M. Douglass
|
@gth757k
I did a little googling that may be of interest:
http://cwshep.blogspot.com/2009/04/wpa-enterprise-on-android-htc-g1-dream.html
And the setup for the iTouch? Should be the same as the iphone. |
gth653p
|
I've done some research on the Android platform and it looks like we have to go through a whole lot of convoluted steps, including "rooting" (unlocking) the phone, to get this to work. I'm not willing to do that, but I'm also not entirely sure this is required. Could we get step-by-step instructions for setting this up on the Google Phone? |
John M. Douglass
|
@gth653p - I did the same research before regarding Android platform and WPA-Enterprise. From what I can tell, there is no GUI method available (yet) and unfortunately, I do believe that "rooting" is the only way to configure it at this time. This is a device limitation.
I did however find a number of interesting posts that may help.
Comment 34 by keithamus, May 11, 2009
"There is now an application in the market named 'wifi helper' by 'fan zhang' which allows you to access these networks from a friendly gui. It still requires a rooted phone, but may alleviate the situation for some, like me, who aren't prepared to edit files on their phone.
http://web.ics.purdue.edu/%7Ezhang42/wifiHelper.apk
"
From: http://code.google.com/p/android/issues/detail?id=1386
There are a number of posts there that talk about different ways of configuring Andriod for WPA-Enterprise.
A particular interesting post "Comment 54 by prakashr82, Jun 02, 2009" had a configuration that if you tweak it for "GTwpa" may work. Just write down what you do because when you change your password (at least until the OS supports it) you will need to do it again.
I do not have an Android device so cannot advise you any more. If you want a "officially supported" way to configure WPA-Enterprise on the Android, you're going to have to wait for it. |
Thomas Albert Shanks III
|
My iPod Touch was working for months automatically, and now it doesn't. It provides a "wrong password" error when attempting auth now. Anyone else running Mobile OS X (iPhone, iPod) v 3.0 or 3.1 having trouble? |
gyuchi3
|
Thomas, I tried what John suggested earlier, but it works for my iphone as well
1. Settings
2. Wi-Fi
3. Press other
4. Enter 'GTwpa' for Network Name
5. Select 'Wpa Enterprise' for Security type
7. click other network to go back
8. Enter your username and password
9. Press 'Join'
|
John M. Douglass
|
There were issues with the LAWN WPA Radius server this past weekend (Oct 17-18, 2009) which could have resulted in failed authentications. Should be fine now and we are looking at ways to avoid this particular problem in the future. Thanks! |
Jeannie Su Ann Lee
|
Configuration for HTC Magic (T-Mobile MyTouch 3G) and/or HTC Dream (T-Mobile G1) running Donut 1.6:
Under
Settings->Wireless Controls-> Wi-Fi Settings
Choose "GTwpa" from the list of available wifi networks
Plug in the following values:
EAP Method: PEAP
Phase 2 Authentication: MSCHAP2
Private Key Password: (the usual gt 10 hex digit web key)
Identity: (your gt userid)
Anonymous Identity: (leave this blank)
Wireless Password: (your password)
Disclaimer: This is from trial and error. I own the above mentioned 2 devices for development, and I have root on them.
|
kkeppler3
|
On a motorola droid with android 2 gtwpa works. Settings:
EAP Method: PEAP
Phase 2 Authentication: none
Identity: (your gt userid)
Anonymous Identity: (leave this blank)
Wireless Password: (your password) |
|
