About LAWN
News
Security
Policy

Help
eduroam
GTother
GTvisitor

Quick Links
Wireless Etiquette
Pre-shared Key
Sponsor Guest
Device Login
LAWN Login API
LAWN Debug Page

Services
Bonjour
Classroom Wireless
Device Registration
Printing
Centergy Wireless

Forums


Search
sorted by:
 
Forum Posts
William T. Trotter

Posted:
November 14, 2015, 11:33 pm

 
I'm here at the University of Mississippi and the Eduroam authentication described above certainly did not work for me today. All in all, a very frustrating day, since the University of Mississippi does not have the GaTech equivalent of "sponsored accounts". Tom Trotter, School of Mathematics
John M. Douglass

Posted:
November 16, 2015, 9:58 am

 
Mr. Trotter, I saw a number of successful authentications from your account on the 14th using the EduRoam services. Georgia Tech's authentication services were functioning and returning that you passed authentication. Did you contact the technical support for their wireless services? We have seen cases where authentication was successful, but local network issues prevented network access.
Karen Judy Head

Posted:
February 12, 2018, 10:58 am

 
I've had success logging on in Germany, but I was at Notre Dame this weekend, and when I tried to log in the system kept saying that my credentials were not accepted. As soon as I returned to GT, everything automatically connected again.
John M. Douglass

Posted:
February 12, 2018, 4:09 pm


Modified
February 12, 2018, 4:10 pm

 
Karen, I created a support request (you can contact support@oit.gatech.edu or 404-894-7173 in the future) for you. I did see a number of successful authentications coming from Notre Dame so the GT systems were responding correctly. When traveling and using "eduroam" please remember that the underlying network at any participating campus are managed by that campus and should be your first contact when having issues with Eduroam.
Rebecca Elizabeth Grinter

Posted:
April 18, 2018, 2:59 pm

 
Just looking at the troubleshooting instructions for IOS, and it implies that you want to forget the network eduroam. Surely its GTwifi that should be deleted (there doesn't seem to be a parity between those instructions and the ones for the Mac OS where it is GTwifi that's deleted).
jsmith457

Posted:
April 18, 2018, 3:17 pm

 
Rebecca, when removing old wireless profiles you really want to remove any and all GT networks (eduroam, gtwifi, gtvisitor, etc.) as only one network should be configured at a time, so eduroam and GTwifi are really interchangeable as the process is the same. I just added the troubleshooting guide for iOS yesterday while the other ones were written last year, so that's why they're not consistent. In the future when GTwifi no longer exists, all of the guides will probably be updated to show eduroam being removed instead of GTwifi.
Jerry B. Ray Jr.

Posted:
April 18, 2018, 5:38 pm

 
In the GTRI space on 14th St. (I'm on the 4th floor of 260 14th St., particularly), we can't currently see the eduroam network (but we do see GTwifi). Will eduroam coverage be available in this area before GTwifi is decomissioned?
bhrolenok3

Posted:
April 19, 2018, 7:02 pm

 
Can I ask why the configuration examples for android you link to specifically say to select "Do Not Validate" for the certificate option? Since eduroam is a shared SSID across multiple institutions, how can we be sure we're not connecting to a maliciously configured router? Setting the option to "Use system certificates" and setting the domain to "gatech.edu" seems to work fine, wouldn't this be preferable to trusting any certificate without validation?
alucius6

Posted:
April 23, 2018, 9:49 pm

 
I would also like to protest the Android configuration instructions. Not validating the certificate is not a safe option. We found that using the "use system certificates" setting with the domain "lawn.gatech.edu" seems to work, but "gatech.edu" does not work for me.

The flaw with this method, of course, is that the connection will not work at other institutions without changing the domain settings to whatever is appropriate there. However, this is not a good reason to dismiss proper security practices. I shall be submitting a ticket on this matter.
alucius6

Posted:
April 24, 2018, 1:57 pm

 
The instructions for Linux are flawed in the same way, since they include bypassing the CA certificate check. The instructions for Windows, Mac, and iOS are better due to the fact that these OSes handle the situation by offering to display the certificate to the user so that its authenticity can be verified. However, it would be better if the instructions were updated with information on how to verify that it is the correct certificate.
jsmith457

Posted:
April 27, 2018, 8:22 am

 
@bhrolenok3 and @alucius6 - Yes, blindly accepting the RADIUS server certificate is not a very secure practice as this could allow a device to connect to a “rogue” eduroam network. However, we changed the configuration examples to reflect this because we were having trouble with certain Android devices and Linux NetworkManager validating the LAWN RADIUS server certificate. Since these devices just silently fail to connect if they aren’t able to validate the certificate, we found it was better just to advise less technically-savvy people to not validate the certificate. However, the security points the both of you have made are still valid. I have added a section to the Security page that discusses how authentications to eduroam/GTwifi are secured with TLS, and how you can manually verify the validity of the RADIUS server certificate presented by checking the SHA-1 and SHA-256 fingerprints to make sure they match. Also, the LAWN team has just added support for the eduroam Configuration Assistant Tool (CAT) which will mitigate this issue as it contains a copy of the correct certificate and will make sure devices are only joining the correct network. I have added some generic info about the CAT tool above, on this page. I will be adding some device specific documentation later on. The CAT tool has worked well for me on the Android devices I’ve tested, so this will probably be our recommended method for configuring most devices going forward as it’s both simple and secure.
gth847y

Posted:
April 28, 2018, 2:06 pm

 
Hello,

I am a remote student who has had success in the past logging into EduRoam on the University of Washington-Seattle/Main campus. Today, I'm unable to connect. I have completed the troubleshooting steps (forgetting the network, checking my wireless adapter's IP/DNS settings, and resetting from the command line followed by a restart) to no avail. I frequently do schoolwork from UW, so it's important that I can use eduroam here. Do you see my authentication attempts?
ejones33

Posted:
June 28, 2018, 1:12 pm

 
Another GTRI employee, but on 10th St. in Centennial Research Building. I can not see any eduroam network. I have manually configured the network but am concerned that we will lose access upon decommissioning of GTwifi.
aharper8

Posted:
August 16, 2018, 11:03 am

 
I have tried using both manual setup and the automatic installer script on my Linux machine and neither works. It keeps asking me for my credentials. Please advise!
Alicia Ann Richhart

Posted:
September 17, 2018, 10:29 am

 
I am hosting a guest account at Georgia Tech and they are unable to access gmail.com. Is this an eduroam security feature?
jsmith457

Posted:
September 17, 2018, 12:26 pm

 
Alicia,

There aren't any website blocks unique to LAWN. If you can get to a website from a regular campus network, then there shouldn't be any difference on eduroam, and I can guarantee you that gmail.com is not blocked.

I sent you an email directly so that you can provide me with some more user-specific info. With that I can look just to make sure there aren't any other LAWN-specific issues with this user.
jsantillo3

Posted:
November 20, 2018, 11:33 am

 
Is there any way to make servers I host here available publicly, i.e., off of the GT/eduroam networks?
jsmith457

Posted:
November 20, 2018, 12:43 pm

 
@jsantillo3 LAWN offers an 'ISS Disabled' option that will not place your devices behind a stateful firewall. This would allow anyone on the internet to reach your devices. On eduroam, your device's ISS preference can only be modified by a member of the LAWN team, so you'll need to open a support request with OIT in order to have this setting modified. For other networks such as Wired LAWN and GTother, ISS preference is configurable on device login. Please see the ISS section of the Security page on this website for more info: http://lawn.gatech.edu/security/index.html#iss


 
   

This service is provided to authorized clients only.
Unauthorized access to this service is prohibited.

This page last modified: Jul 24, 2017 at 02:58 PM EDT
Disclaimer || Contact:



  -->