You are here: Home Services Internet and Network Access Instructions Instruction Linux Eduroam under Linux

Eduroam under Linux

Recommended: With the "eduroam Configuration Assistant Tool (CAT)"

For the login to eduroam, the login [Email protection active, please enable JavaScript.] (please enter all details and not just the Uni-ID alone).

The Cat tool provides you with a shell script that you can use to set up eduroam.

to the eduroam Configuration Assistant Tool 

Preview Image 

Manually with Generic Settings 

Connect to the eduroam radio network by entering the generic settings.

Generic settings 

Security note 1: For secure authentication, the root certificate for the connection must be entered and the name (CN in the SSL certificate) of the Radius server must be checked! Otherwise, there is no guarantee that you are connected to an authorized access point.

Security Note 2: To prevent password fishing it is necessary to edit the file /etc/NetworkManager/system-connections/eduroam (the file is created by the NetworkManager, editing is only possible after the configuration described below). In section [802-1x] the line "subject-match=rhrz.uni-bonn.d" or from Ubuntu 16.04 "" must be added. 

Attention: Currently these lines have to be added again after each editing by the Network Manager!

These parameters apply to members of the University of Bonn:

SSID eduroam
WPA type WPA2 Enterprise
EAP method TTLS
Key type AES

Authentication type (Phase 2 Authentication)

Root certificate

Telekom Root CA 2

valid CN (Common Name) Radius server certificates

eduroam1, eduroam2

Anonymous identity (external identity)

[Email protection active, please enable JavaScript.]
Identity <Uni-ID>
Authentication Server


Important: The identity may look like a mail address, but it is not! Please use your "Uni-ID", no mail alias.

The root certificate is usually pre-installed under Linux. You can find it at /etc/ssl/certs/Deutsche_Telekom_Root_CA_2. pem

Document Actions