Windows XP: IBM Access Connections

We presume that you already have downloaded and installed the public certificate of your Certificate Authority (CA).

This client is available for all users of IBM ThinkPad laptops. It is far more configurable than the XP SP2 client and offers several additional options. Be sure that you are running the latest version of the IBM Access Connections and driver. For this description, v3.52 and driver v3.1.102.27 was used.

In the first window, choose Manage Location Profiles to make a new profile.

Give the profile an appropriate name. Here we have chosen 'eduroam'

Select the wireless adapter to use.

Use DHCP to obtain an IP address. I.e. leave these settings to default.

Let the DNS settings be as default.

Network Name (SSID) is set to 'eduroam'
Connection Type is 'Access Point'
Wireless Mode is in most cases 'Auto'
Wireless Security Type is set to 'Enabled - Use IEEE 802.1x Authentication'

Make sure that the 'Use Access Connections to configure wireless authentication settings' is chosen.
Access Point authentication is set to 'WPA'
Data Encryption should be 'TKIP' (Or 'AES' if you have access to newer types of access points that support this.)
EAP Type can be 'TTLS' or 'PEAP'. For 'TLS' you have to have a user certificate.
Choose Roaming Identity and enter you identity/user name followed by your domain. In this case '@uninett.no'
Authentication Protocol must be 'MS-CHAP-V2'
Validate Server Certificate must be checked
Certificate Issuer must be your Certificate Authority (CA). In this case it is 'UNINETT Certificate Authority (temporary)'
Server Name is in this case 'uninett.no' (but is strictly not necessary)

After these settings are completed, press Enter user credentials

This dialog let's you choose to prompt for the user name and password every time (safer) or have it stored permanently on the computer (not so safe).

Your user name/identity must be followed by your domain (in this case '@uninett.no').

Follow the configuration wizard and fill out the rest of the configuration options as you se fit.

Back at the main window, select your newly created profile and press Connect

The client will try to connect to the 'eduroam' network.

If everything went well you will get a message saying so.

A typical example of something gone wrong with the authentication process is that the client stops and waits at the Waiting for IP Configuration... Check your configuration and try again a couple of times before checking with your local IT administrator.

If everything is fine the main window will show your signal strength and the IP address you are given.