All devices have different configuration interfaces and options, so maintaining a universal step-by-step configuration guide is impractical. Please contact your device vendor for detailed step-by-step instructions.
Regardless of device type, the following parameters need to be set properly to perform network authentication at Mason for networks such as eduroam. Some devices (Mac, iOS), will automatically detect network configuration without additional user intervention. If that’s the case, please skip to the Identity and Password section.
Specify 802.1x as the authentication method
802.1x configuration parameters are generally tied to a physical interface for wired network access or a specific wireless network (such as eduroam) for wireless access. When configuring your interface or wireless network, look for keywords “802.1x,” “802.1x EAP,” “IEEE 802.1x,” “WPA2 Enterprise” or “WPA2 Enterprise with 802.1x” to access and set the appropriate configuration options.
EAP method: PEAP
You will be asked to specify an “EAP method,” “outer authentication method,” “primary authentication method,” or “phase 1 authentication method.” To operate with Mason’s network authentication system, choose “Protected EAP” or “PEAP.”
Inner authentication method: MSCHAPV2
You will also be asked to specify an “inner authentication method,” “secondary authentication method,” or “phase 2 authentication method.” To operate with Mason’s network authentication system, choose “MSCHAPV2” or “MSCHAP-V2.”
Not all devices require this, but to verify Mason’s authentication system, you’ll need to trust its digital certificate by accepting and installing the un-verified certificate when presented. The certificate is presented by Mason’s network authentication system, clearpass.net.gmu.edu, and signed by InCommon.
Identity and Password: NetID and Patriot Pass Password
The final pieces you need to authenticate are your identity. You need to provide your fully-scoped Mason email address (firstname.lastname@example.org) and your Patriot Pass Password. Some systems will also offer an anonymous identity. The anonymous identity should be left empty.
The configuration and credentials are generally stored on your device, though some devices offer the option of requiring the password each time you connect to the network. Be sure to safeguard this information by using a login or unlock mechanism on your device. Patriot Pass Passwords expire every 180 days. When you change your password through the Patriot Pass process, you will also need to update your password on all of your devices. Some devices have an easy modify option, while others require that you “forget” the configuration and start over. Please see your device vendor’s documentation for details.