Wireless Client Configuration Instructions

Note: Use of the uconnect network is now available through Protected Extensible Authentication Protocol (PEAP). See the uconnect Clientless Authentication page for information on how to configure your Mac for uconnect-PEAP.

Panther Built-in 802.1x Client configuration for Mac OS X (EAP-TTLS authentication)

Note: These instructions are for Mac OS X Airport only, as Panther's 802.1x client will only work with Airport cards.

You'll need to first install the network card. If necessary, refer to your Airport manual for instructions on how to do this. The instructions below will show you how to setup TCP/IP for DHCP in the Airport settings, and configure the Panther 802.1x client.

Setup TCP/IP for DHCP

You will need administration access to do this step. (The first account created will have administrator rights.)

From the desktop click on the Apple menu.

Choose 'System Preferences...'
You should see a window that looks similar to this:

Click on the 'Network' icon. If you are not logged in as a system administrator, click on the lock at the bottom left hand corner of the window, and login.
We recommend creating a new location. To do this, click on the "Location: " drop-down menu and select "New Location..." and give it a name you'll recognize.
Select "Airport" from the Network panel's "Show: " drop-down menu as the interface to configure.
Under the TCP/IP Tab, Set "Configure IPv4:" to "Using DHCP" and make sure that the "DNS Servers (Optional)" is blank. Everything else should be blank as well. Your window should look similar to this:

Client Configuration for uconnect.utah.edu SSID (network)

Select "System" in the Keychain pull-down menu from the window that pops up. Click OK.
Click on the Airport icon in the OS X menu bar's top right hand corner, turn Airport on if it isn't already, and select "Open Internet Connect..." at the bottom.
Go into the File menu and select "New 802.1X connection" (or use the Shift-Command-X shortcut).
Under the 802.1X selection, select "Edit Configurations..." from the Configuration pull-down menu.
Fill in the User Name with your uNID (your student number with the "u" replacing the leading zero, like "u0123456"). For maximum use on campus, you should use uNID@utah.edu in the username field. Other organizations may not allow a bare uNID for authentication, so adding '@utah.edu' instructs their authentication servers that you want to authenticate off of a campus account.

Users from other colleges that wish to use a non-uNID account must use a domain-style format: username@domain, for instance: (user42@eng.utah.edu) or authentication will fail.
Put the password you use to register for classes in the Password field.
Type "uconnect.utah.edu" into the Wireless Network box.
Make sure that "TTLS" is the ONLY active authentication type.
Select TTLS and click the "Configure..." button.
Select "PAP" from the TTLS Inner Authentication pull-down menu.
Click OK, the TTLS config window closes.
Click OK in the 802.1X configuration window to save the settings and close it.
Click "Connect" in the Internet Connect window. If you don't connect or authenticate, see the second Note, below.
A window opens saying that "Authentication failed because the server certificate" etc. Click "Accept all" at the bottom of the window to accept and close the window.
(This first attempt at authentication may fail, if so, click the "Disconnect" button in the Internet Connect window. This changes back to the "Connect" button; click it to try to reconnect.)

Note: If you have configured your client for other wireless networks that use a different encryption protocol, you will need to follow these steps to set it for uconnect and the correct encryption method.

Note: It may be the case that you will get prompted for multiple servers depending on where you are on campus. This has to do with the way the authentication system is organized and how Panther handles 802.1x. However, pay attention to the certificates that are presented. If you feel that you are being presented with a fake certificate, do not accept it and contact the Campus Help Desk at 581-4000 option 1 about your concerns with as much information as possible.

Known Issues

Client doesn't auto-connect on boot or login.

Panther (10.3) contains a bug where the operating system fails to authenticate to 802.1x enabled networks on login, including bootup. What's worse is that the Airport menu item will associate to the network, so the Airport Menu Item shows association. One thing that users should be aware of is that association does not indicate network connectivity. To ensure that an 802.1x authentication has succeeded, open Internet Connect and click on the 802.1x icon.

After login, if a network is chosen from the Airport Menu Item, networks will be authenticated to automatically, which is the desired behavior upon login as well. The login bug has been reported to Apple. In the mean time, use Internet Connect if you suspect that you are not authenticated to the network.
Misconfiguration can occur due to a bug in the 802.1x client.

If the Panther 802.1x client is not configured properly for TTLS->PAP, or if settings are changed in a certain way it is possible to reset the TTLS inner authentication type to MSCHAPv2. This is a bug, and it has been reported to Apple. To ensure that your configuration does not get reset, please only configure 802.1x settings from the Edit Configuration sheet. If you edit any of the settings in the 802.1x authentication window, such as your username, password, or network name, and then tell Internet Connect to save your configuration, the TTLS inner type will reset to MSCHAPv2.