Gemeinsame Systemgruppe IfI/b-it

You are here: aktuelles » en » wifistd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
en:wifistd [2018-05-17 15:47] Thomas Thielen:wifistd [2024-03-27 08:38] (current) Thomas Thiel
Line 1: Line 1:
 ==== WiFi Access ==== ==== WiFi Access ====
  
-Everyone who is in posession of valid login credentials to central systems of the c.s. dept. or the b-it has the opportunity to use our wifi networks to access the local ressources and of course the internet. Please follow these instructions to gain access to the wifi network.+Everyone who is in possession of valid login credentials to central systems of the c.s. dept. or the b-it has the opportunity to use our wifi networks to access the local resources and of course the internet. Please follow the instructions provided here to gain access to the wifi network. 
 + 
 +If you intend to connect to the WiFi services provided by us, please make sure that you are running only recent software and operating systems that are receiving security patches. **You are not allowed to connect to our networks without making sure that you have the most recent security updates applied to your device, so please keep your systems safe!**
  
 We secured our WiFi Network mainly via TTLS, so make sure you have the necessary root certificate installed and do not forget to check the fingerprints of the used Certificates. Here are the current fingerprints: We secured our WiFi Network mainly via TTLS, so make sure you have the necessary root certificate installed and do not forget to check the fingerprints of the used Certificates. Here are the current fingerprints:
 +
 +Current Certificates:
 +
 +ise0.informatik.uni-bonn.de:
  
 ^ Hashtype ^ Fingerprint ^ ^ Hashtype ^ Fingerprint ^
-| MD5     DC:B5:69:1A:6D:B0:E7:8E:01:84:8A:6E:51:C1:AC:E3 +| MD5     71:90:A7:2A:B3:51:4B:0A:1F:31:37:45:BE:3D:0E:00 
-| SHA1    | 55:9F:C9:EA:AF:E7:9D:0C:99:C4:C5:2B:B5:68:68:EA:3E:0B:FA:F3 +| SHA1    | 50:1A:A7:0A:22:66:BB:39:DA:4C:5D:6B:5B:16:BE:D3:F3:CD:4E:E8 | 
-| SHA256  20:A4:71:92:93:F7:43:A5:AD:81:77:5C:D3:70:52:2F:8C:F2:BB:... ...AA:60:D5:68:5E:0A:16:81:76:AC:8C:E1:26 |+| SHA256  | 78:1A:00:C3:E5:19:E5:75:B6:DF:F9:73:2A:E5:9D:D0:F5:48:D8:C0:7D:B2:88:DE:F5:16:26:89:71:0C:8D:CD | 
 +\\ 
 + 
 +ise1.informatik.uni-bonn.de: 
 + 
 +^ Hashtype ^ Fingerprint ^ 
 +| MD5    | 57:0F:64:CA:E3:44:C4:BB:6D:C2:78:C9:55:14:46:4D | 
 +| SHA1   | 03:8E:CB:86:32:B4:1E:73:61:2E:46:E7:EE:34:07:4B:D1:DD:96:78 
 +| SHA256 | D1:F3:65:8B:1C:51:4D:1C:18:51:EB:39:93:F4:42:05:C3:9F:DB:EE:85:16:62:19:BD:60:A2:87:69:BC:EE:43 | 
 +\\ 
 + 
 +ise2.informatik.uni-bonn.de: 
 + 
 +^ Hashtype ^ Fingerprint ^ 
 +| MD5    | 19:8D:22:5C:58:26:7D:11:26:73:F3:4D:9B:75:C6:F9 | 
 +| SHA1   | 7C:F9:70:F6:3F:6E:8A:79:03:FD:AF:09:D3:79:29:89:42:3F:30:5E 
 +| SHA256 | E9:F0:1A:0D:28:BA:9B:BF:0F:D5:E6:B4:64:85:15:E4:2D:C7:63:53:8D:9C:82:37:2F:EE:90:CB:46:62:97:7D | 
 +\\ 
 + 
 +All certificates are signed by "GEANT OV RSA CA 4", GEANT Vereniging, NL.
  
 === Generic Parameters === === Generic Parameters ===
Line 20: Line 45:
 | Keytype                                            | AES                                                        |  | Keytype                                            | AES                                                        | 
 | Phase 2 Authentification                           | PAP                                                        | | Phase 2 Authentification                           | PAP                                                        |
-Root Certificate                                   | [[https://pki.pca.dfn.de/uni-bonn-ca/pub/cacert/rootcert.crt|Telekom Root CA 2]]                                          |+CA Certificate                                     use system certificates (or [[https://gsg.cs.uni-bonn.de/files/chainGEANT.crt|GEANT OV RSA CA 4]] if this does not work for you) |
 | valid CN (Common Name) Radius-Server Certificates  | ise0.informatik.uni-bonn.de                                | | valid CN (Common Name) Radius-Server Certificates  | ise0.informatik.uni-bonn.de                                |
-| Anonymous Identity                                 | anonymous@(bit%%|%%informatik)((only use your domain here, i.e anonymous@bit.uni-bonn.de for b-it accounts or anonymous@informatik.uni-bonn.de for C.S. Dept. Accounts)).uni-bonn.de                    | +| Anonymous Identity                                 | anonymous@(bit%%|%%informatik)((only use your domain here, i.e anonymous@bit.uni-bonn.de for b-it accounts or anonymous@informatik.uni-bonn.de for C.S. Dept. Accounts. Use anonymous@wlan.informatik.uni-bonn.de for the [[en:wifialt|alternative wifi password]].)).uni-bonn.de                    | 
-| Identity                                           | username@(bit%%|%%informatik)((only use your domain here, i.e username@bit.uni-bonn.de for b-it accounts or username@informatik.uni-bonn.de for C.S. Dept. Accounts, and do not forget to substitute username with YOUR username!)).uni-bonn.de                     |+| Identity                                           | username@(bit%%|%%informatik)((only use your domain here, i.e username@bit.uni-bonn.de for b-it accounts or username@informatik.uni-bonn.de for C.S. Dept. Accounts. Use username@wlan.informatik.uni-bonn.de for the [[en:wifialt|alternative wifi password]]. Please do not forget to substitute username with YOUR username!)).uni-bonn.de                     
 +| Domain (Android 11)                                | ise0.informatik.uni-bonn.de |
 | Authentification Server                            | ise0.informatik.uni-bonn.de, radius.informatik.uni-bonn.de | | Authentification Server                            | ise0.informatik.uni-bonn.de, radius.informatik.uni-bonn.de |
  
-=== Windows Vista and above ===+=== Windows 10 and above ===
  
-If you want to use our wifi network on your Windows System (for all releases starting with Windows Vista), we provide a [[http://gsg.bit.uni-bonn.de/files/add-802.1X.zip|helper script]] to assist you in this endeavour. Just download it, extract the compressed directory, and start the file add-wifi.bat within with a doubleclick or by using a command prompt. This script will install the wifi profile bitinf.xml, so that you will see the network "Informatik/b-it (802.1X)" in your network list afterwards.+If you want to use our wifi network on your Windows System (for all releases starting with Windows Vista), we provide a  
 +[[https://gsg.bit.uni-bonn.de/files/add-802.1X.zip|helper script]] to assist you in this endeavor. Just download it, extract the compressed directory, and start the file add-wifi.bat within with a double click or by using a command prompt. This script will install the wifi profile bitinf.xml, so that you will see the network "Informatik/b-it (802.1X)"​ in your network list afterwards. 
  
-After the installation you just have to issue your username (including the correct domain, i.e. username@informatik.uni-bonn.de for the c.s. dept. or username@bit.uni-bonn.de) and of course your password.+After the installation you just have to issue your username (including the correct domain, i.e. username@informatik.uni-bonn.de for the c.s. dept. or username@bit.uni-bonn.de. Please use username@wlan.informatik.uni-bonn.de for the [[en:wifialt|alternative wlan password]].) and of course your password. Please verify the server certificate against the fingerprints issued on the top of this page.
  
 === Windows 7 === === Windows 7 ===
  
-All users of Windows 7 do not have the possibility to use TTLS natively. But an external supplicant is available; you just have to install the [[https://cat.eduroam.de/|eduroam CAT tool]] which includes the GEANTLink supplicant automaticallyWith this external supplicant you will be able to select Geant-TTLS as your EAP MethodThe rest of the parameters will be as documented above.+Users of windows 7 do not have the luxury of native TTLS Support, so it has to be provided by an external supplicant. One of these supplicants is GEANTLink, which is part of the [[https://cat.eduroam.org/|eduroam CAT Tool]]which is used to prepare your system for eduroam usage. If you do not want to use eduroam at all, you can install a standalone version of GEANTLink by downloading one of their official binaries from [[https://github.com/Amebis/GEANTLink/releases|here]].  
 + 
 +After the installation of GEANTLink using one of the methods specified above, we provide a [[https://gsg.bit.uni-bonn.de/files/add-802.1X-windows7.zip|helper script]] to assist you in configure the 802.1X wifi-profile. Just download it, extract the compressed directory, and start the file add-wifi-windows7.bat within with a doubleclick or by using a command prompt. This script will install the wifi profile bitinf-windows7.xml, so that you will see the network "Informatik/b-it (802.1X)" in your network list afterwards. 
 + 
 +After the installation you just have to issue your username (including the correct domain, i.e. username@informatik.uni-bonn.de for the c.s. dept. or username@bit.uni-bonn.de. Please use username@wlan.informatik.uni-bonn.de for the [[en:wifialt|alternative wlan password]].) and of course your password.
  
 === Android === === Android ===
 +
 +{{ :de:android12.jpg?direct&300| }}
  
 For recent Android versions (>4.0), the configuration of wifi at the computer science dept. is rather simple. Just connect to the SSID “802.1X” and fill in the configuration dialog with the Values from the table [[#Generic Parameters|above]] (-> Generic Parameters). For recent Android versions (>4.0), the configuration of wifi at the computer science dept. is rather simple. Just connect to the SSID “802.1X” and fill in the configuration dialog with the Values from the table [[#Generic Parameters|above]] (-> Generic Parameters).
  
-If your system cannot use the root certificates installed to verify the wifi certificate, you have to download the necessary [[https://pki.pca.dfn.de/uni-bonn-ca/pub/cacert/rootcert.crt|root certificate]] via mobile network and install it as a wifi Certificate. Do not install it as a VPN certificate, it will not be available to you for wifi configuration!+If your system cannot use the root certificates installed to verify the wifi certificate, you have to download the necessary root certificate via mobile network and install it as a wifi Certificate. Do not install it as a VPN certificate, it will not be available to you for wifi configuration!
  
 === MacOS/IOS === === MacOS/IOS ===
 +[[ :en:macos8021xstepbystep|Click here for a step-by-step installation guide for MacOS ]]  \\  
 +[[ :en:ios8021xstepbystep|Click here for a step-by-step installation guide for iOS ]]  
 +\\
 For all Apple products which do not support configuring wifi connection parameters manually, we provide a connection-profile for your convenience: For all Apple products which do not support configuring wifi connection parameters manually, we provide a connection-profile for your convenience:
  
-^ Apple Mobile config Profile: | [[https://gsg.cs.uni-bonn.de/files/bitinf.mobileconfig|bitinf.mobileconfig]] |+^ Apple Mobile config Profile: | [[https://gsg.cs.uni-bonn.de/files/bitinf.mobileconfig|bitinf.mobileconfig]] |\\ 
 +\\