Configuration

To configure your device safely, we suggest you do it by using eduroam CAT automatic installer. The prerequisite for this is that you first have to _somehow_ download it to your device: if you have a mobile device, then you should do the bootstrapping by temporarily connecting to an Internet using your data connection and download the „eduroam CAT“ tool from your mobile device’s webstore (preferred way in case of mobile devices). Once downloaded, you’ll need to run it, select the profile of the „University of defence“ or „Univerzita obrany“, let the CAT to install that profile, fill in your identity & password, and you’re done.
Note: In case of Android-based mobile devices, the eduroam CAT installer app is available in the Google Play store. In case of mobile devices from Apple, you’ll need to download the eduroam CAT installer app from cat.eduroam.org pages via your Safari browser, and once downloaded, you’ll need to run it and follow its instructions.
Alternatively, you would first need to connect to the Internet using different means (such as via wifi in an cofee shop, or wired ethernet connection, or even manually temporarilly – insecure! – configuring your eduroam connection, if you are in reach). Once this condition is satisfied, the process is really simple: in case you use a PC or a laptop, all you need to do is to run the installer from the cat.eduroam.org and follow the instructions.

The caveats while using eduroam CAT we’ve observed so far are these: before proceeding, it will 1) request to activate the screen locker (unless you already have it active – by using gesture or password – doesnt matter), and 2) request you first remove the prior (manually configured) eduroam profile, should it find one.

Only if you cannot use the eduroam CAT tool, you may attempt (not recommended at all – this is not secure) to configure your device manually using the following instructions. The basic configuration items required (for successfully configuring your internet access through the University of Defence eduroam infrastructure) are:

  • login@domain + password (Univ. of Defence-originating identities will have
      „domain“ part equal to „unob.cz“)
  • access using wifi connection in the 2.4GHz and 5GHz ISM bands (for details please see the eduroam marks in the coverage map on www.eduroam.cz)​
  • ESSID: eduroam
  • authentication mode: 802.1X (in Windows „WPA2-Enterprise„)
  • encapsulation protocol: PEAPv0
  • authentication protocol: MSCHAPv2
  • root certificate (for verifying authenticity of the RADIUS servers): USERTrust RSA Certification Authority
  • RADIUS server name: radius1.unob.cz

For configuration of your computer or mobile device, you may try to follow the instructions here (click on your system name below the „Instructions:“ header). Note that these instructions originate from another university, so please pay attention to:

  • disregard all references to VŠB TUO (Technical University of Ostrava) information system resources unless you have your identity assigned by that university
  • use your own identity (such as „mylogin@unob.cz“) + password
  • use the name of the abovementioned RADIUS server instead of the server names given in the instructions, and use the abovementioned root certificate in place of „AAA Certificate Services“ root certificate shown in the instructions. By all means, be sure to (in Windows) check the option „Do not prompt user to authorize new servers or trusted certification authorities“! If you observe that your Windows successfully authenticates only when that option is unchecked, then you need to upgrade to latest bugfixes to stay on a safe side.

Please note that by using the EDUROAM connection at University of Defence you are legally bound to comply with the laws of Czech Republic, the Access Policy and Acceptable User Policy (AUP) of the CESNET Large infrastructure, as well as the Acceptable User Policy of the organization you have received your authorization credentials from.

The author of this temporary page would like to express his sincere thanks to the IT staff at VŠB TUO for the permission to use references to their instructions on these pages.