How to Set a Nokia N95 to use Eduroam WiFi... Eur Ing Brian Tompsett Computer Science

How to Set a Nokia N95 to use Eduroam WiFi network
Eur Ing Brian Tompsett
Computer Science
University of Hull
Introduction
This note is written for users at the University of Hull who wish to use the campus
eduroam wireless network on their Nokia N95 handset. It may also be of value to
users of other similar Nokia handsets that have WiFi capability, and also users of such
devices at other institutions who also advertise the eduroam network SSID on campus.
A brief movie is available that shows the settings on a N95 which permits you to
compare your own settings.
Software Updates
Nokia N95 phone software should be updated by internet download via an internet
connected PC. You are strongly advised to update your phone software to the latest
version before performing the eduroam configuration because a software update will
cause the eduroam settings to be lost. You will need a fast reliable internet connection.
A wired university connection is advised. You will need the appropriate Nokia update
tool installed on your PC which can be obtained from their website. You will also
need the appropriate USB connector for the phone and the phone connected to a
mains adaptor. Battery power for the phone is not suitable for a full software update.
Don’t forget to backup the phone contents using the provided Nokia software before
performing the update, so that files can be restored afterwards.
Obtaining a WLAN Certificate
In March 2010 Eduroam at the University of Hull started to use a certificate authority
that is not installed by default within the Nokia software, even when fully updated.
You need to obtain a copy of the “UTN-USERFirst-HARDWARE” certificate from
the University helpdesk ( [email protected]). * Once the certificate has been obtained
as a file on a PC, this should be transferred to the memory of the phone using the USB
connecting cable. Then the certificate must be installed using the file manager:
*
It is also possible to find a copy of this certificate by searching other internet sites, but it is not
advisable. Also obtainable from http://www.digi-sign.com/downloads/download.php?id=UTNUSERFirst-Hardware.crt
Menu -> Tools -> File Manager
Navigate to where you placed the file, and select the file containing the certificate. It
will then ask you if you wish to save the certificate. Select the SAVE option. The
certificate will now be available for use when configuring the WiFi connection in the
following sections.
Changing Settings
When configuring a N95 for the WiFi we could be at two possible start points. Either
you have already attempted to connect to and use the network and not managed to get
it to work, or you have never attempted to get it to work and are completely new to
WiFi settings.
The first step is to locate the settings for WiFi connections.
Menu -> Tools -> Settings -> Connection -> Access Points
If you have eduroam already in the access point list, then all that is necessary is to
correct the security settings to make it functional. If it is not already there it can be added:
Options -> New Access Point
Wireless Access Point Settings
Once the entry for the eduroam network has
been located or created the process for making
all the necessary settings is identical.
As shown, set the Data Bearer the network
status to public .
Security Settings
Set the WLAN security mode to WPA/WPA2 and now select the security settings.
The WPA/WPA2 mode is set to EAP and now select EAP Plug-in settings.
On this screen select the EAP-PEAP and then make sure you have deselected all the
others (EAP-SIM, EAP-AKA, EAP-TLS, EAP-TTLS).
For PEAP you should select the Authority Certificate for “UTN-USERFirstHARDWARE” which was downloaded earlier.
On the EAP tab for PEAP you should select EAP-MSCHAPv2 and ensure the others
are deselected (EAP-SIM, EAP-AKA, EAP-TLS, EAP-GTC).
On the “Options” button for setting EAP-PEAP and EAP-MSCHAPv2 you should
Use “Raise Priority” to put them at the top of the list.
†
You should set the EAP-MSCHAPv2 (and the EAP-PEAP username) to use your
university of Hull login name followed by “@hull.ac.uk” (Known as the realm identifier).
In the password field use the password. Some people, who have different passwords,
should use their RADIUS or dial-in password.
Proxy Settings
The last part is to set up the university web proxy, which is done under “Advanced
Settings” for the access point eduroam.
You should set the Proxy Server address to slb-webcache.hull.ac.uk
and the Proxy Port number to 3128.
†
Prior to March 2010 this was set to “GTE Cyber Trust Global”, we should now use “UTNUSERFirst-HARDWARE” which has to be downloaded to the phone.
Setup Complete
If all the settings are made correctly, then you should be able to surf the web and
stream video and multimedia content over the wireless network. Note that you need a
strong wireless signal for it to function, as the N95 only has a small antenna unlike a
laptop which can detect and operate with weaker signals.
Ensure, also, that you are not accidentally using your ISP 3G network service and
running up a bill. The connection to the WiFi is shown by a special symbol on the
standby screen of your phone.
There is also a video showing the set-up process at
http://www.hull.ac.uk/php/cssbct/N95/N95eduroam.avi
Accessing Email from Exchange
If you wish to use the Nokia Mail for Exchange client to access university email, you
can install that application from the Nokia website.
Connection info:
Exchange server: exfs.adir.hull.ac.uk
Secure: yes
Access Point: Internet
Use default port: yes
Credentials
Username: campus username
Password: campus password
Domain: none
However, whilst on campus (accessing through Eduroam) you should REMOVE
the PROXY server information from the eduroam, options, advanced
settings
As it is not currently possible to access this through the proxy.
You could keep TWO eduroam profiles - one with the proxy, one without, and
toggle the names (eduroamprx, exuroamnoprx with eduroam) depending if you
wanted to use eduroam to access emails and diary, OR to access the
Internet. 3
Other Models of SmartPhone
This description is based on the Nokia N95 but it also applies to related models such
as the N96. It is likely to be applicable to other similar models, such as the Nokia N82,
but has not been tested by the author. A guide for the E70 can be found here:
http://www.eduroam.no/klient/nokia.html
The Nokia Internet Tablets 4(such as the N810) are slightly different to set up.
3
(Information courtesy of Neil Gordon).
4
(courtesy University of Victoria, BC, Canada)
1) Obtain the “UTN-USERFirst-HARDWARE” certificate as described earlier.
2) Import it via the Certificate Manager in the n810 control panel and ensure that
the trust on the cert is set for WLAN (set in the certificate details).
3) The actual setup must be done through the control panel "Connectivity"
applet and not on other WLAN set up menus, or you will not have access to
the “Advanced” options.
4) Double-click on "Connectivity" and tap the "Connections" button.
5) Tap the "New" button to start the Connection setup wizard.
6) Tap "Next" and give the connection a name (doesn't matter what)
7) Tap "Next" and you will be asked if you want to scan for available WLAN
networks. Answer "Yes".
8) When it finds Eduroam, tap "Next"
9) Choose "PEAP" on the next screen when it asks for the EAP type. Tap "Next".
10) When asked to "Select certificate" you will not have a choice (it will display
"None"). For "EAP method" choose "EAP MSCHAPv2". Tap "Next".
11) For "User name" and "Password" use your [email protected] (include the
@hull.ac.uk part) and your password. Apparently you are best served by
having it store your password rather than choosing "Prompt password at every
login" (it appears as though there is an unresolved bug associated with this
feature). Tap "Next".
12) At the next screen tap on the "Advanced" button to access a panel with a tab
titled "EAP". Tap that tab and fill in the "Use manual user name" field with
your [email protected] info again. The connection will fail if you don't do
this.
13) You will also need to set the Web Proxy. Set it to automatic and the script
URL to http://www.config.hull.ac.uk/scache.jsp
Apple iPhone and iTouch
The June 2008 software update for iPhones or iPod Touch is required. If you have a
recent model it is likely to have the new software, but it is always advisable to
connect the device to iTunes and perform a software update prior to connecting to
eduroam. (However you do not need any of the chargeable updates, such as iPod
Touch 3.0 and above.) The setup is fairly easy, just supply the [email protected]
information in the username field and the associated password. Remember to set the
proxy information ( Settings -> Wi-Fi Networks -> eduroam ) and
scroll the screen upwards. Select auto using the URL
http://www.config.hull.ac.uk/scache.jsp
These devices have Microsoft Exchange Clients built in if you wish to get university
mail and calendar.
HTC Phones
Recent HTC Phones, such as HTC P3300, HTC TouchCruise and XDA Orbit2, are
able to use Eduroam with no difficulty. Just use the username, realm and password
information as shown in the other phone examples.
There will be problems with older HTC phones because of an old version of Windows
CE (it must be 6 or greater) or the version of the “Radio ROMs” which required a
hardware upgrade.
Android Phones are believed to work very well (example for HTC Hero), but this
has not been tested:
1.
2.
3.
4.
5.
Press the menu button
Touch [Settings] - touch [Wireless controls]- touch [Wi-Fi settings]
A list of available wireless networks will show up. Touch [eduroam]
Touch [EAP Type] - select PEAP - choose sub-type PEAPv0/MSCHAPv2
In Username field, fill in your Hull.ac.uk name including @hull.ac.uk (e.g.
[email protected])
6. In Password field, fill in your password
7. Touch [Connect] - After a few moments you should be connected to eduroam
HP IPAQ
Older HP IPAQs do not seem to have the necessary software installed in Windows CE
as they seem to be using version 5. I have not tried on a more modern version.
Users from other Institutions
It is believed, but not tested, that these instructions will also be applicable to eduroam
at other institutions, or how else could the device roam! If you are a user from
elsewhere then the user name and password used in the authentication must be
validatable from your home RADIUS server at the realm used. The realm should be
appended after your user name, and is probably the Janet domain address for the
university or college in the XXX.ac.uk form.
A useful guide for users on the Janet academic network can be found here:
http://www.ja.net/services/authentication-and-authorisation/janet-roaming/usingjanet-roaming.html
and in this document:
http://www.ja.net/documents/services/janet-roaming/connectionguide.pdf
History
V2.0 24th March 2010 significant upgrade to information
V1.3 21st May 2008
V1.2 12th May 2008
V1.1 12th May 2008
V1.0 25th April 2008