Starting after 2022 commencement RIT became part of a larger, multi-university 'eduroam' system of campus networks.
This changes some things about authentication with the network and can lead to some confusion, especially for anyone not running MacOS or Windows, or for those who like to tinker with the in-dept technical details of their systems.
To learn more about what eduroam is and how it works, see the What is Eduroam? section of this page.
Purpose of this Guide
This guide, first and foremost, aims to provide Linux users at RIT with alternatives to the official RIT ITS Helpdesk guidance and SecureW2 client. These guides are intended for linux users who are comfortable managing their own system and want more control and ability to tinker with their setup.
These guides are not official and ITS most likely won't provide support for the configurations and clients listed below. If you are looking to talk to someone about these instructions, the RIT Linux Users Group is the best place to reach out.
The next section of this page contains links to specific instructions for a variety of different networking clients. Most of these guides follow very similar high-level steps. This outline may be useful for anyone looking to understand the general process or create new guides for other clients.
- Generate a personal certificate (and a password to secure it)
- Configure your network manager with the following settings.
- SSID/Network Name: eduroam
- Key Management: WPA-EAP
- EAP method: TLS
- Anonymous Identity: firstname.lastname@example.org
- Domain: radius.rit.edu
- Phase2/Inner Identity/"Identity": email@example.com
- Location of the CACert
- Location of the personal certificate and/or key
- Certificate Password: created previously
Network Management Options
If you are using a specific piece of client software on your linux machine, you may find one of these specific guides to be more useful.
Alternate - RIT-WiFi
If you are in RIT housing that is serviced by RESNet (mainly dorms, unknown if other housing has this option available) and are unable to connect using certificates, you can follow the ITS RESNet manual registration instructions to get connected.
What is Eduroam?
Eduroam (https://eduroam.org/) is simply an authentication proxy on top of the existing RIT network that allows students from other universities to use the RIT network after securely authenticating with their home institution. Eduroam originated in Europe but has since expanded throughout the international research/academic community.
Essentially all eduroam does when you're trying to connect to a network at some institution (say Intitution B) is proxy your authentication request to the correct authentication server from your home institution. This request essentially says "I'm firstname.lastname@example.org", eduroam's auth proxies say "I know where rit.edu's auth servers are" and forwards/proxies your login attempt to RIT's auth servers. RIT's auth servers then give an "approved" or "denied" response that determines whether Intitution B's network should allow you access.
You can think of this process as being similar to the RIT single-sign-on login portal. When you go to a non-RIT website such as Zoom or Gmail you're connecting to servers owned by a third party. But when you tell that service "I'm from RIT" (by logging in with your RIT account) you get sent to the RIT login page.
After logging in through the RIT login page, you get sent back to the service you came from. The service gets some data that indicates whether or not the login was successful in order to let you in, and from that point you are communicating directly with the service again.
Eduroam is essentially the same concept but for wifi networks. When trying to log in to Institution B's network with RIT credentials, your login request will get securely sent to RIT to confirm you are allowed to access the network, but once authenticated, you will be communicating directly with Institution B's network and eduroam will no longer be involved in that communication.