Configuring Linux to Access eduroam Wireless Network

Intended Audience:

This guide is intended to help connect personal computers running a distribution of Linux onto the campus wireless network. This article is for the benefit of the affiliates and guests of the University of Michigan-Flint.


To connect to the campus wireless network, you will need to know your uniqname and current password. The instructions within this guide are designed specifically for Linux-based devices. Linux-based devices may not come pre-installed with root trust certificates like Windows and MAC OS devices do, however, if you have an Internet browser like Mozilla Firefox or Google Chrome installed, you should have the certificates installed as well. You must have the AddTrust External root certificate installed before connecting to eduroam or the connection will fail.

What are all these networks?

  • eduroam
    • The network (SSID) eduroam is a secure, world-wide roaming access service developed for the international research and education community. This allows students, researchers, and staff from participating institutions to obtain a more secure, faster Internet connectivity across campus and when visiting other participating institutions.
  • Setup your Wireless
    • This network is designed to automatically configure the wireless settings of personally-owned laptops (not phones or tablets) to connect to eduroam. Please do not use this utility if your laptop is owned by the university. If you are having difficulty connecting to eduroam with a university-provided laptop please contact the helpdesk.
  • MGuest
    • Visitors to our campus that do not participate or are unfamiliar with eduroam can gain one day access to Internet Wi-Fi (not local UM-Flint resources such as printers). This is also the connection that devices that cannot support connecting to eduroam will utilize such as gaming consoles (Xbox, Play Stations, Wii), video/informational streaming device (Roku, Amazon Echo/DOT/Fire sticks) and Smart TV’s. These devices must be registered before connecting to MGuest, for help on how to register these devices please click here.


If you have an Internet browser installed, chances are that you already have the root trust certificates installed. To see if you have the root trust certificates installed, use the following distribution-specific command that suits your distribution.
Debian and Ubuntu based:
apt search ca-certificates
RHEL, Fedora, and CentOS based:
yum search ca-certificates
Arch based:
pacman -Qi ca-certificates
In the event that the package is not installed, update your repositories, and use the following command related to your distribution.

Debian and Ubuntu based:
apt install ca-certificates
RHEL, Fedora, and CentOS based:
yum install ca-certificates
Arch based:
pacman -S ca-certificates

Connecting to the Wireless Network

The following procedure assumes that your Linux-based computer has a desktop environment installed allowing you to use a graphical user interface. It also assumes that you are using the Network-Manager (nm-applet) utility for managing wireless networks. Your configuration should look similar to the image below.
  1. Click the Network-Manager utility on your toolbar.
  2. Select the eduroam network.
  3. Change the Authentication field to Protected EAP (PEAP)
  4. Click the CA certificate field, it should bring up a file browser.
  5. In the file browser, navigate to /etc/ssl/certs/ and select the certificate named similar to AddTrust_External_Root.pem.
  6. The PEAP version should be set to Automatic.
  7. Change Inner authentication to MSCHAPv2.
  8. Enter your full email address for the username and current password for the password.
  9. Press Connect to complete the setup.



Additional Information

Note: If an error occurs such as shown in the example below, follow the commands instructed. For example, on a CentOS machine, the user is presented with the following window:


  • According to the pop-up the following commands need to be executed from terminal/bash. In order to successfully run these commands, you will typically have to temporarily disable SElinux (Linux security), in addition to the command lines mentioned in the pop-up.
    1. setenforce 0 (temporarily disables all security so following commands will run properly)
    2. ausearch -c 'wpa_supplicant' --raw | audit2allow -M my-wpasupplicant
    3. semodule -i my-wpasupplicant.pp
    4. setenforce 1 (re-enables all security)
  • This should allow the client setup to run, at which point you can continue to connect to eduroam.


If you have any questions or experience any issues with this article, please visit or contact the ITS Helpdesk for assistance.

Location: 206 Murchie Science Building


Phone: (810) 762-3123



Article ID: 5998
Tue 7/20/21 8:15 AM
Mon 8/30/21 11:43 AM