Eduroam on n900 – TELECOM SudParis
One of the WiFi networks available for students and staff at TELECOM SudParis (France) is Eduroam. Since I’m not always in the office, I need a WiFi connection for occasional email checking/sending. So, I decided to give Eduroam a go on my Nokia n900.
Before the firmware update (version 3.2010.02-8) released on Feb 16th, it was impossible to connect to this network. However, things have changed now.
Prior to today, the connection settings I was using were WPA-EAP with EAP mode: TTLS and EAP method: MSCHAPv2. The output from dmsg on the n900 showed that the authentication was always successful, but I was always getting disconnected by ‘local choice’: wlan0: deauthenticating by local choice (reason=3)
So…I decided to test other EAP methods. For TTLS, the n900 only supports 3 methods: EAP GTC, EAP MSCHAPv2 and MSCHAPv2. Since 2 out of 3 use MSCHAP, I tried EAP GTC. What do you know, it actually worked! I suspect some of the issues were partially caused by the lack of proper certificates. I fixed it by downloading the CA cert of TELECOM SudParis from here, transforming it into standard PEM format, and then importing it into the list of certificates on the n900.
Note: Unless the certificate is in PEM format and has the CA bit set, the certificate manager on the n900 will not provide you with the option to install it! The certificate you download is in standard x509 DER format. In order to export it into PEM, you need to use openssl. Here are the two commands you can use:
openssl x509 -in input.crt -out input.der -outform DER
openssl x509 -in input.der -inform DER -out output.pem -outform PEM
I hope this helps, since it took me a while to get a working connection. 
Andrei~
9 Comments to Eduroam on n900 – TELECOM SudParis
Leave a Reply
Who is Andrei?
Cloud 'o Tags
Recent Comments
andrei on Eduroam on n900 – TELECOM SudParis
Adib on Eduroam on n900 – TELECOM SudParis
Archives
My QR code
Hi Andrei,
This looks pretty much like what I need. Thanks! One question: How do set the “CA bit” in the certificate?
[Reply]
You cannot set it yourself. The CA bit is set when the certificate is first created. Normally, it should have been set by whoever issued the certificate for your school/uni.
[Reply]
hi,
i treid this.. but still not work for me..
i install the cer from my uni TU Berlin.. but it not appear..
any help with this please..
[Reply]
andrei
Reply:
March 10th, 2010 at 10:36 PM
@Adib, Have you followed the instructions to install the certificate? Are you sure it’s the right certificate?
Also, does your university use EAP-TTLS-PAP, or PEAP-MSCHAPv2?
Have you tried creating a network connection through the “Internet connections” dialog in the window, specifying the user name as “tubIT-accountname@win.tu-berlin.de” and, in the “Advanced settings” dialog, on the EAP tab checking the “Use manual user name” (with manual user name the same as earlier) and making sure that “Require client authentication” is not checked?
[Reply]
hello,
thanks for your helps..
the certificate is uncorrect. now i have the right one but i cannt install it..
https://pki.pca.dfn.de/tu-berlin-ca/cgi-bin/pub/pki?cmd=viewCert;dataType=CERTIFICATE;key=206977660;id=1;RA_ID=;menu_item=3;XSEC=20de8f556062c974e5d004812f0fc6f9efab3764b4c5fa2a4429be3337495676
thanks again…
[Reply]
andrei
Reply:
March 11th, 2010 at 10:14 PM
@Adib, I think you’re still trying to use the wrong certificate. You need the CA certificate of your school. I think TUB-CA Zertifikat is the certificate you need: https://pki.pca.dfn.de/tu-berlin-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2&RA_ID=0
[Reply]
@Adib, I think you’re still trying to use the wrong certificate. You need the CA certificate of your school. I think TUB-CA Zertifikat is the certificate you need: https://pki.pca.dfn.de/tu-berlin-ca/pub/cacert/cacert.crt (from the page: https://pki.pca.dfn.de/tu-berlin-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2&RA_ID=0)
[Reply]
thanks..
i try to do the instructures for transform the tub-ca cerificate from crt to pem but still cannt do that i have problem.. but i install this certificate directly and tommorw will try that..
hope thats works
[Reply]
andrei
Reply:
March 11th, 2010 at 11:38 PM
@Adib, You need to do this:
openssl x509 -inform DER -in cacert.crt -out cacert.pem -outform PEM
[Reply]