Mac OS X instructions for joining the staff CNE wireless network
As of fall 2006, the GSFC Center Network Environment (CNE) now offers a
wireless network for on-site staff that is eqiuvalent to being on the wired CNE
network.
Prerequisites
- A laptop or other wireless device capable of WPA2
encryption. Apple Airport
Extreme cards qualify, original Airport cards do not (to my knowledge). You
can determine what kind of card you have from the Apple System Profiler (in
/Applications/Utilities or click on "More Info" from "About this Mac").
Aluminum PowerBooks and all MacBook/MacBook Pro models should be fine.
- Active Directory account
Try this first
In theory, you should be able to simply connect by selecting the desired
network name ("SSID") from the Airport menu. You will then get an
authentication window in which you can type one of the above username/password
pairs.
The CNE's own configuation guide can be found
here.
Internet Connect setup
For some users (particularly those with already established AirEUD 802.1x
accounts), sometimes the simple method above does not work. With a few extra
steps of setup, you can still make things work.
Background
The CNE, we have been told, uses the authentication protocols PEAP and EAP-FAST.
However, EAP-FAST is not
supported by Windows XP and doesn't appear to work properly with OS X. Thus, we
need to create a profile which explicitly excludes it.
Setup
- Open "Internet Connect" (either from the bottom of the Airport menu or from
/Applications).
- If you do not already have an 802.1x icon, select "New 802.1x Connection"
from the File menu.
- Click on the 802.1x icon.
- Next to "Configuration:" is a pop-up menu. Select "Edit Configurations"
from that pop-up.
- Click on the "+" in the lower left of the window to create a new
configuration.
- Fill in the following fields:
- Description: "staff CNE wireless" or whatever you like
(without the quotes)
- User Name and Password
This is your Active Directory username ("gsfc\flastnam")
and password.
- Wireless Network "CNE" (without the quotes)
- Authentication Uncheck everything except PEAP.
- Click [OK] to dismiss this window. (You may have to type your Keychain
password (often the same as your login password) after this.)
First Time Connection
- Open Internet Connect and click on 802.1x icon.
- Click [Connect] in Internet Connect
- A "Verify Certificate" window should now appear.
Click [Show Certificate] button.
- Select "Always trust these certificates" checkbox just above the
"vpn-acs1" certificate. (Note that the certificate expires in November
2007.)
- Click [Continue]
Type your Keychain password (if requested) in the Authenticate window.
Subsequent connections to staff CNE wireless
You should be able to simply select it from the Airport menu.
Alternatively,
you can open Internet Connect, click on the 802.1x icon, and click [Connect].
How do I know I am connected?
When you are properly connected to the staff CNE wireless,
- The Internet Connect 802.1x window
will show "Status: Connected via PEAP (Inner Protocol MSCHAPv2)" with a running
clock.
- The Network System Preference should show an IP address in the 128.154 range.
- There should also be a checkmark next to "CNE" in the Airport menu, of
course.
Document by David Friedlander
29 May 2007, updated 6 March 2008
|
