MS-UFAL (department wifi network, 802.1x auth)

Network Information System (SISAL NIS): https://is.ms.mff.cuni.cz

Device has to be registrated in the system linked above to be able to connect!

Registrations (for UFAL MFF UK members only): UFAL IT dpt.

Required info:  - name of the device (like surname-mobile, surname-nb)

                         - MAC address of its wifi network interface

                         - your UK employee number / passport number (if you don't have SISAL NIS account already created)


Android & MacOS:

Note for Linux: consult information under Settings->About->Phone Identity (Wi-fi MAC address field) to get a MAC address of the wifi network card

Note for MacOS: consult Network Utility (use Spotlight search to find it) to get a MAC address of the wifi network card

To connect:

  • search for wifi networks available
  • open MS-UFAL
  • fill-in Itentity and Password fields (login and password, which you will receive after the device registration)
  • Done, you should be connected

Windows 7/10:

Auto-configuration:

  1. Search for available wifi networks
  2. Select MS-UFAL (tagg option: connect automatically)
  3. Click on a Connect button
  4. Enter login & pass of your device
  5. Confirm that MS-UFAL network is expected in the location where you currently are

 

Manual configuration:

  • open Network and Sharing Center->Manage Wireless Networks
  • Add -> Manually create a network profile:

          Network name: MS-UFAL

          Security type: WPA-Enterprise /  WPA-Enterprise2

             Encryption type: AES

          EAP method: Protected EAP (PEAP)

  • Next -> Change connection settings:

          Connection tab: - tag "Connect automatically when this network is in range"

                                        - tag "Connect even if the network is not broadcasting its name (SSID)

          Security tab:      - tag "Remember my credentials for this connection..."

                                        - open Settings:

                                                   - untag "Validate server certificate"

                                                   - tag "Enable Fast Reconnect"

                                                   - click on Configure and untag "Automatically use my Windows logon..."

                                         - open Advanced settings:

                                                   - tag "Specify authentication mode"

                                                            - select "User authentication"

                                                            - click on Save credentials

                                                                    - fill-in your 802.1x credentials (laptop IS account credentials)

                                         - Ok

                                         - Ok

  • Close
  • Now you can connect to the MS-UFAL over wifi (if your time is correctly set)
  • You should then download security certificate, install it to the system, enable server certificate validation and tag DIGICERT certificate as the valid one: https://pki.cesnet.cz/cs/ch-tcs-r-digicert-crt-crl.html

 


Linux:

  • open NetworkManager window
  • select 'MS-UFAL' wireless network
    • Wifi Security: WPA & WPA2 Enterprise
    • Authentication: Protected EAP (PEAP)
    • Anonymous identity:
    • CA certificate: (None)
    • PEAP version: Automatic
    • Username: your 802.1x login  (laptop IS account credentials)
    • Password: your 802.1x password (laptop IS account credentials)
  • click on Connect button
  • for now you can tag "Don't warn me again" and Ignore to accept "No CA certificate chosen"
  • Now you can connect to the MS-UFAL over wifi (if your time is correctly set)
  • You should then download security certificate, install it to the system, enable server certificate validation and tag DIGICERT certificate as the valid one: https://pki.cesnet.cz/cs/ch-tcs-r-digicert-crt-crl.html

If your Linux base device can't connect to MS-UFAL:

  • ​open /etc/NetworkManager/system-connections/MS-UFAL
    • ​​remove system-ca-cert=true
    • or change it to false