Linux Wireless Connection Issues with Eduroam and MoobilenetX

A frequent error users have been experiencing when using Linux systems to connect to campus wireless is a "Choose CA Certificate" box that will not go away. Instructions on correcting this error (which appears to be a bug) are contained here.

Note for Mac and Windows Users

This article applies to Linux computers (since as of this writing Campus does not have instructions for connecting to the UCD wireless networks from a Linux computer). If you use a Mac or Windows computer, please refer to the campus knowledge base articles for Mac and Windows.

Start Using Eduroam

As of May 5th, 2015, Moobilenet is no longer available. A new network, ucd-guest has replaced Moobilenet. Additionally, moobilenetx will soon be going away. Please start using Eduroam, as it will become the standard later in 2015.

An error that some Linux users have been seeing when trying to connect to MoobilenetX or Eduroam. Often, clicking "Choose CA Certificate" does nothing, and you get stuck in a loop. This appears to be a bug.

Based on our experience in the Physics Department, Linux machines don't always automatically detect the settings needed in order to connect to MoobilenetX/Eduroam. We've found the best way to connect it to do the following:

  1. Access your Network Connection (it's called different things on different Linux distros, but in general, go to Settings -> Network Connections)
  2. ADD or EDIT the eduroam connection
    • If eduroam is NOT on the list, click ADD.
    • If eduroam IS on the list, highlight it and click EDIT (note, if after following all steps it still doesn't work, some users have had to highlight eduroam, click Delete, and then add the network again, to wipe out all the settings and start from scratch)
  3. If asked, choose Wi-fi or Wireless as the connection type.
  4. Use the following settings (they may be in a different order/ in different places depending on your Linux distro and desktop environment):
    • Under Wi-fi Settings (or similar section):
      • Network Name/SSID: Either moobilenetx or eduroam.
      • Security/Encryption: WPA2 Enterprise
      • Authentication/EAP Type: Protected EAP (PEAP)
      • Anonymous Identity: Leave blank unless you're having trouble connecting. Then, for Eduroam try: anonymous@ucdavis.edu or @ucdavis.edu. For MoobilenetX you can try anonymousbut this may have no effect.
      • CA Certificate*: Click the browse button and navigate to/etc/ssl/certs/AddTrust_External_Root.crt
        • NOTE: You'll have to navigate to this file using the file browser, which looks and acts differently in each Linux distribution, but the basic functions are the same. You may need to click "Computer" or "/" before you then navigate to /etc/, etc. If there is an address bar you can type into, just copy and paste the above location.
      • PEAP Version: Automatic
      • Inner Authentication: MSCHAPv2
    • When prompted for your username and password, use the following:
      • On MoobilenetX: Username: [yourKerberosID]. Password: Your campus Kerberos passphrase.
        • Replace [yourKerberosID] with your actual Kerberos ID, so for example if your Kerberos ID is jsmith, you'd type in jsmith
      • On Eduroam: Username: [yourKerberosID]@UCDAVIS.EDU. Password: Your campus Kerberos passphrase.
        • Note: This looks like an email address but it isn't! It's your Login ID with '@UCDAVIS.EDU' after it. So if your kerberos ID is jsmith, your Eduroam username jsmith@UCDAVIS.EDU (even if your email is something else, like jonsmith@ucdavis.edu)
        • The reason for the @UCDAVIS.EDU is because Eduroam can be used at many universities and other locations worldwide! Visit the Eduroam website for a list of all locations.

*Note about Certificates: this specific example has been tested on Ubuntu 12.04 and 14.04. Other versions and distributions may have different locations for CA certificates.



Matt Lawson added the following comments:


if you are using Wicd as your wireless manager:



For EduRoam:
check the following boxes:
"Use these setting for all networks sharing this essid"
"Use Encryption"
choose PEAP with GTC as the encryption method
Identity: your UCD Kerberos ID@ucdavis.edu
Password: Your UCD Kerberos password



For Moobilenetx:
check the following boxes:
"Use these setting for all networks sharing this essid"
"Use Encryption"
choose PEAP with GTC as the encryption method
Identity: your UCD Kerberos ID
Password: Your UCD Kerberos password