Eduroam

This has been modified from BYU-Provo KB0029570 v29.

The BYU Office of Information Technology provides wireless internet (WiFi) access to the BYU-H community across campus. Users with wireless-enabled computers or other devices may access the internet using this wireless service.

Topics in this Article

• Connecting to Eduroam
  • Eduroam Features
  • Manual Setup Instructions
  • Wireless Protocols
  • Connecting to Eduroam for iPhone/iPad
  • Connecting to Eduroam for Windows
  • Connecting to Eduroam for Android/Chromebook/Google Pixel
  • Connecting to Eduroam for Mac
    • For manual connection
    • Forgetting Networks
    • Clear Cached Network Data
  • Connecting to Eduroam for Linux
• Eduroam Elevated Troubleshooting
• How to Use Clearpass
  • How to Check IP Address
    • Windows 7, 8 and 10
    • Mac OS X

 

Eduroam 

The Office of Information Technology encourages students, faculty and staff to use the Eduroam network wherever it’s available. Eduroam provides the highest possible level of wireless network encryption and gives users the ability to use the eduroam networks at other participating universities. Eduroam may be used by any current faculty, staff member, or student. To search for participating schools, go to https:cat.eduroam.org/.

Users can connect/reconnect by:

• Going into wifi settings on your device, select Eduroam. Using your "netid@byu.edu" as the username and your BYU password for the password.

 https://youtu.be/m_0oftaXfQc   [“What is Eduroam?” video]

Connecting to Eduroam

See instructions below for your device.

Eduroam Features

• High-speed connection to the Internet
• Data is encrypted using WPA2-Enterprise
• Username and password required
• Provides Internet access to BYU-H and non-BYU-H websites
• Access to other network resources such as printers, network drives, etc

Manual Setup Instructions

1. Select the "eduroam" network on your device
2. It will prompt you for a username, which MUST be formatted as <netID>@byuh.edu. ex: oitbyu@byu.edu
3. Enter your password, which should be your regular BYUH password that you use to sign into all BYUH websites
4. Accept the security certificate.

Note: for device specific instructions, see sections below.

Wireless Protocols

The wireless 802.11ac standard is recommended, 802.11n and 802.11g are supported.  802.11b (typically only found on very old devices such as older gaming consoles and portable devices) is not supported.

Most computers, cell phones and tablets should work with eduroam without issue.

Please note that smart devices are generally unable to connect to the Eduroam network.  Devices such as wireless printers, Chromecasts, smart TVs, AppleTVs, Amazon Echos or other similar products should connect to the BYUH-Secure or BYUH-MAB networks.  Services offered by devices connected to these networks (such as Airplay on Apple TV) are still accessible to users on the eduroam network.

Back to top of page

Connecting to Eduroam for iPhone/iPad

The following is detailed instructions for manually connecting to Eduroam from an iPhone or iPad.

1. Open the "Settings" app.
2. Under "Wi-Fi" select the network called "eduroam".
3. Your device will prompt you for your username and password.
4. The username needs to be formatted as <netid>@byuh.edu.
   
   
5. Your password will be your BYUH password, the same one you use for all BYUH websites.
6. When you get prompted about a security certificate tap the text that says "Trust" at the top of the screen.  Installation of this certificate is required for Eduroam to function.
   At this point you should be connected to Eduroam and should be able to use the internet.                                                       

If you are still having problems after following the above steps, see the Troubleshooting section at the bottom of this page.

Note: There has been an issue recently that only applies to iPhones not being able to connect to Eduroam. This issue is caused by a bug in the code of IOS 14.0 and/or 14.1.  The device needs to be updated to IOS 14.2 to correct the issue. Once updated, the iPhone will connect to Eduroam. If the issue persists after updating the IOS, please contact the OIT Helpdesk at 808-675-3211 for assistance. 
 

Forgetting Eduroam Profile

1. Open the Settings app, and go to the "General" section
2. Click on the "VPN & Device Management" section
3. Click on the eduroam profile there, and then delete it.
    
4. Then forget eduroam from your list of wi-fi networks.
5. You should then be good to re-add the eduroam network, signing in with your netid@byuh.edu account.

Connecting to Eduroam for Windows

The following is detailed instructions for manually connecting to Eduroam from a Windows based system.

1. Click on the wireless icon in your system tray in the lower right corner of your desktop
   
    
   • Users of older versions of Windows can choose Start > Connect To: > Show all connections
2. Select the desired network, eduroam. Your computer will prompt you for a username and password.
3. Username needs to be formatted as <netid>@byu.edu."                

Your password will be your BYU password, the same one you use for all BYU websites.

4. Click "Connect" on the dialogue box that asks if you want to continue connecting.
   
                                                                                                                  
5. At this point, you should be connected to Eduroam and should be able to use it without issue.
6. If you are still having problems after following the above steps, see the Troubleshooting section at the bottom of this page.

Connecting to Eduroam for Android/Chromebook/Google Pixel

The following is detailed instructions for manually connecting to Eduroam for Android based system or Chromebooks.

Android users should use the following setup.

1. EAP Method: Protected EAP or PEAP
2. Phase 2 Authentication: choose MSCHAPv2
3. Server CA certificate: Select "Do not validate" or "Do not check" from drop-down menu. If using a Motorola phone, select "Use system certificates"
4. Domain Suffix Match: Leave blank (if you selected "Use System Certificates", the domain is byuh.edu)
5. Username/Identity: <netid>@byuh.edu
6. Anonymous identity: Leave blank
7. All other fields: Leave blank 

 It has been found that the above setup may not always work for all Chromebooks or Androids. If this is the case, try this setup, as well.

1. EAP Method: Protected EAP or PEAP
2. Phase 2 Authentication: Automatic
3. Server CA certificate: Default
4. Domain Suffix Match: byuh.edu
5. Username/Identity: <netid>@byuh.edu
6. Anonymous identity: Leave blank
7. All other fields: leave blank 

For some Google Pixel owners, they will not be able to connect until they set their Server CA Certificates to trust on first connection.

 Please Note that the SSID is "eduroam". 

Connecting to Eduroam for Mac

The following is detailed instructions for manually connecting to Eduroam from Mac systems.

For manual connection

1. Make sure that you are running 10.9.5 or later on your computer
2. Click on the wireless icon in the upper right corner of your desktop.
3. Select the desired network eduroam. Your computer will prompt you for a username and password.
4. Username needs to be formatted as (netid@byuh.edu).
5. Your password will be your BYUH password, the same one you use for all BYUH websites.
6. Click "Join" to join the network.
7. Click "Continue" when prompted to accept the security certificate.
8. A computer administrator name and password will be required to install the certificate - this is a username and password on the computer, not one that is provided by or associated with BYUH. It will be the same username and password that you normally use to install software on the device.
9. If you are still having problems after following the above steps, see the Troubleshooting section at the bottom of this page.

Forgetting Networks

1. Open the "System settings..."
2.  On the left side, select "Privacy & Security" and select "eduroam" on the right side under "Profiles". You can now delete the profile by clicking the minus button.

Note: If there is no Profile button, there is no old Eduroam profile stored, you can proceed to step 4.

3.  Step 3: Delete eduroam profile. Please confirm the deletion of the profile by clicking "Remove".
   
4.  Click the "Wi-Fi icon" at the top of the title bar and select "Wi-Fi settings".
5.  Click on "Advanced" in the window. 
   
6.  In the list of known networks, select "eduroam" if available, click on the circle with 3 dots and select "Remove From List". 
   
7. You should now be good to set up eduroam again.

For some older versions of Mac OSX, these steps will not appear. You can also try these steps:

1. From any Finder window, hit Command+Shift+G to bring up the “Go To Folder” field. Then enter the following path: 
     
2. Delete the com.apple.network.eapolclient.configuration.plist file which will prompt for local admin credentials. Then restart the laptop or iMac and connect to eduroam.

Clear Cached Network Data

It seems that sometimes the Mac will still keep some information about the Eduroam network within it's configuration files. Deleting the config file by:

1. Open Finder and click on "Go" at the top of the screen next to window "View" and "Window".
2. Click on "Go to Folder" near the bottom of the dropdown menu.
3. Type/paste in: /Library/Preferences/SystemConfiguration
4. Delete com.apple.network.eapolclient.configuration.plist
5. Restart the computer.
6. Try connecting to Eduroam again.

Connecting to Eduroam for Linux

Download the Configuration Utility to automatically set up your connection to the BYUH Eduroam network. NOTE: We recommend Android users follow the manual setup instructions below.

Most computers, cell phones and tablets should work with eduroam without issue.  Devices without web browsers should use the BYUH-Secure network. Services offered by devices connected to BYUH-Secure (such as Airplay on Apple TV) are accessible to users on the eduroam network.

Wireless Protocols

The wireless 802.11ac standard is recommended, 802.11n and 802.11g are supported.  802.11b (typically only found on very old devices such as older gaming consoles and portable devices) is not supported.

Manual Setup Instructions

• Select the "eduroam" network on your device.
• When prompted enter netid@byuh.edu for the username.
• Accept the security certificate.
• Please note that smart devices are generally unable to connect to the Eduroam network.  Devices such as wireless printers, Chromecasts, smart TVs, AppleTVs, Amazon Echos or other similar products should connect to the BYUH-Secure network

Detailed Instructions

Wi-Fi security: WPA & WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity: (leave blank)
CA certificate: ca-certificates.crt (found at /etc/ssl/certs/ca-certificates.crt)
PEAP version: Automatic
Inner authentication: MSCHAPv2
Username: netid@byuh.edu
Password: ************

For a graphical walkthrough, follow the Ubuntu setup instructions here, using the information provided above.

1. Gather Information

• Find out what the customer has done so far:
   
  • If the customer has NOT done any troubleshooting, begin with the steps in KB0030901.
  • If the customer has done SOME troubleshooting, pick up where they off.
  • If the customer has done ALL of the troubleshooting, continue troubleshooting with the information below.
  • If the customer is a member of a YSA bishopric, stake presidency, high counsel, or a YSA Stake Relief Society, follow the instructions in KB0025782 to grant rights to connect to Eduroam.
• Find out FOR SURE which network the customer is attempting to use.  Customers will often refer to issues using "BYU-Secure" but are actually talking about eduroam.
• Ask the user if they are in a coverage area (bathrooms, stairwells, mechanical spaces are the only areas not covered)
• Be sure to enter the following information in the ticket: Room, Building, Time(s) the issue occurs, IP address, MAC address of their wifi adapter, etc. 
• Useful questions to ask the user: Does this occur in other buildings? Are others experiencing the same issue?

2. Check Clearpass error logs - Clearpass is the login system for any BYUH wireless network and Eduroam

• Login to Clearpass (see KB0029648) and see what alerts (if any) show up for the users's login attempts
• An LDAP error from the BYU-Secure login page (user-facing) indicates either no active user role or a bad password
• Check to see if there is a 'space' character after their NetID@byuh.edu. If there is, have them eliminate that and try again.

3. Check IP Address

• Check to make sure that the customer is getting a valid IP address. They should have this information, but if not, you may need to help them find it. 
• Use KB0023419 to find the IP address and see if it is valid. 

 

4. Check to make sure that their Active Directory Account is not locked out / is not being continually locked out by a device with an old or recently changed password

• Having their Active Directory account locked out can prevent new device leases from being created, especially with the eduroam network.
• A device with an old password saved for the eduroam network can also lock their active directory account until that network is forgotten, causing all new devices to fail authentication, but some devices that are already connected may still be working properly. 
• Instructions for unlocking an Active Directory Account can be found in KB0026069. 

 

6. Does the customer connect to WiFi, but is unable to load webpages?

• Follow the DNS troubleshooting KB (KB0030084) and see if that resolves the issue.

7. Please put the following information in one work log comment and assign to ITI (if the KB has not been followed the incident will be sent back to OIT Helpdesk):

• What type of device do they have (ie iPhone, Dell laptop)?
• What Operating System do they have?
• What is the MAC address of the wireless NIC?
• Do they connect to an access point (even if they don't receive an IP address)? If so, which one (check Clearpass KB0029648)?
• Do they get a valid network connection on non-BYUH Wifi such as their home WiFi?
• What IP address do they get (if any)?
• Verify their Active Directory Account is not locked out or being locked out automatically
• Can they ping google.com?
  • Can they ping IP address of 81818? (this is one of Google's servers).
• Can they access campus websites?
  • Get examples and specifics if they cannot get to them. 
• Get location information such as rooms and buildings where they are experiencing trouble.
• What specific times of day does the issue occur? (Engineers need specific times the person has experienced the issue when looking at logs)
• Do others around the person experience the same issue?

How to Use Clearpass

All error codes found at: KB0029648.

To access Clearpass, go to onboard.byu.edu and select the box in the top left that says "Clearpass Policy Manager.". For the service desk, the credentials are saved in Lastpass.

How to Check IP Address

This section covers how to check for a valid IP address and release and renew the IP address while troubleshooting wired/wireless network access problems.

Windows 7, 8 and 10

1. Click the Start button.
2. There will be a search bar at the bottom that says Start Search.
3. Type command or cmd in the search bar and press enter.
4. The Dos Prompt window should open.
5. Type ipconfig at the prompt.
6. Check for a valid IP address (listed as IPv4 Address).
7. Type ipconfig /release and press enter.
    
   • An error may come up that says "The requested operation requires elevation."  This means that only the administrator can release the IP address.
   • Have the user click Start.
   • Click All Programs.
   • Click Accessories.
   • Right Click, Command Prompt.
   • Click Run as Administrator.
   • A box will come up asking for permissions, click Yes.
   • Type ipconfig /release again at the prompt and press Enter.
8. Type ipconfig /renew and press Enter.
9. Check for a valid IP address.
    
   • If the user gets the error "The operation failed as no adapter is in the state permissible for this operation", it means they have a static IP address. Check their TCP/IP settings.

Note: If this method for finding an IP address does not work, use this optional method:

1. Go to Control Panel, then Network and Internet, and then Network and Sharing Center.
2. On the left side menu select Change Adapter Settings.
3. Right Click on Local Area Connection or Wireless Area Connection and select Status.
4. Click on the Details button.

Mac OS X

1. Click the Apple button.
2. Click on System Preferences.
3. Click the Network icon (Under the Internet and Network subtitle).
4. Select Ethernet from the options in the menu on the left side of the window, or for wireless problems, select Airport or Wi-Fi from the same list on the left.
5. Click on the TCP/IP tab (on Mac OS 10.4 and older) or Advanced button (on Mac OS 10.5 and newer).
6. Select Using DHCP in the Configure IPv4 field.
7. Check for a valid IP Address.
8. Click Renew DHCP Lease to get a new address.
9. If the boxes are grayed out and will not allow changes, check in the bottom left of the window to see if they have been locked. To unlock this, click on the lock and it may have the user re-enter their computer user name/password.

Note: If problems continue:

• While looking at the Network preferences (under System Preferences), remove the offending network (Airport, Ethernet, etc.) by pressing the minus (-) button in the left pane and press apply, then re-add the network and check for a valid IP Address.

 Back to top of page