Configure Apple Mac OS 10.5 to connect to "PSU Secure" wireless networks

Description:

This article describes how to configure the Mac operating system 10.5 (also known as Leopard) to connect to the secure wireless networks available on the PSU campus. For more information and directions for other operating systems and devices, please see this article.

Requirements:

• Macintosh computer running Mac OS X 10.5
• Wireless network card, usually an Airport or Airport Extreme card (standard on all newer Macintoshes) that supports Wireless Protected Access (WPA) encryption. See this Apple article for more information on Apple's support and updates to these cards.
• Access to the PSU wireless networks (i.e. you need to be on campus)
• A PSU computer account:
  • Odin account - the primary student, faculty or staff computer accounts used on campus.
  • Sponsored account - for long-term guests, lecturers, contractors, etc to offer temporary access to PSU computing resources.
  • Guest wireless account - a short-term, wireless-access only account.

Steps:

1. Make sure AirPort is turned on by clicking the AirPort menu icon in the upper-right corner of the screen and choosing Turn AirPort On.
   
   • If there is no icon in the upper-right, enable it by going to the Apple menu (upper-left corner), System Preferences, choose Network, then check the box that says Show AirPort Status in the menu bar. The icon will now appear in the upper-right.
2. From the Airport menu, choose PSU Secure.
   

NOTE: Steps 3 and 4 are not order-dependent and you may get step 4, then 3, or vice versa. Do whichever comes up first (look at the screenshots), but you must do both.

3. You will be prompted to enter your username and password, supply your Odin account and password. Click OK.
   
4. A request to accept a certificate will pop up. Click Continue.
   
5. You should now be connected to the secure wireless network and be able to browse access the internet. From now on, authentication with your Odin credentials will occur in the background and you will not be required to visit a web page before having access like the old PSU General network, or the new PSU network. This configuration will automatically join the network and automatically authenticate.

Troubleshooting:

• If you take too long typing in your credentials, you may receive a Connection timeout error message. Just click OK a second time and it will try again. If this fails, turn AirPort off, wait 10 seconds, turn AirPort back on (from the AirPort menu icon) and start over at Step 2 above.
• On some machines, the certificate will not be automatically trusted and each time you connect to the network (such as when you u your laptop in a different part of campus), you will join the network but be prompted to "Accept" the certificate again. To avoid this prompt each time, instead of hitting the Continue button, choose Show Certificate, check the box next to Always trust "radius1.oit.pdx.edu" and click Continue. It will popup a Username/Password prompt, this is for the account you use on your Mac, NOT your Odin account, type these in and click OK. You will not see this prompt any longer.
  
• If for some reason you are having problems connecting, you will need to get rid of all the stored connection settings and start over. Unfortunately, these are in several different places. The following directions describe how to remove all certificates and wireless profiles associated with these networks. If you are uncomfortable with these directions, we recommend you bring the machine to the Help Desk.

Steps:

1. Turn off AirPort by clicking on the AirPort menu and choosing "Turn AirPort Off."
2. Remove Preferred networks and 802.1x Profile:
   
   1. Go to the Apple menu (upper-left corner) and click System Preferences, then choose Network once the window loads.
      
   2. If the padlock symbol in the lower-left corner is in the "locked" position, click it, type in the password you use for your Mac, hit OK.
   3. Click "Airport" from the list on the left so it is highlighted, then click "Advanced."
   4. Under the "Airport" tab is the "Preferred Network" list. Highlight "PSU Secure" by clicking on it, and hit the "-" (negative) button to remove it from the list. You will want to remove any PSU networks from this list; it is best to only have one Preferred Network from campus listed so they do not conflict.
   5. Now click the "802.1x" tab and next to "User Profiles" click the little arrow so the arrow is pointing down and the profiles are listed.
      
   6. Click on any profile listed and hit the "-" (negative) button to remove it from the list, repeat until the list is empty.
   7. Once all profiles are removed Hit OK, you will be at the "Network" preference-pane, click the "Apply" button in the lower-right.
3. Remove related certificates and stored passwords:
   
   1. Double click on the Macintosh HD on the desktop to bring up a Finder window.
   2. Click on Applications, then the Utilities folder.
   3. Launch "Keychain Access" and authenticate if prompted (your Mac password, NOT Odin).
      
   4. Under "Category" click the arrow so that it points down, then choose "Application."
      
   5. Highlight any item that says "WPA: <PSU Network>" where <PSU network> is a network you've used at PSU and then hit the Delete (Backspace) key on your keyboard. It will prompt for a password to delete this entry on your first item, use your Mac's credentials. Also remove any Odin login listed, the "Kind" column will show "Internet Connect."
   6. Quit Keychain Access and start over at Step 1 above.

Additional Information:

• Configuring this network will store your Odin credentials on your Macintosh in a secure manner (the Mac OS uses a device called the Keychain to store passwords), however, anyone who uses your computer to access the PSU network–and hence the internet (from campus)–will be authenticated as you. If you or someone else using your computer does something illegal or against the PSU Acceptable Use Policy while authenticated under your credentials, our records will only show the Odin account used in the steps above as the perpetrator. This is not really any different than using PSU (formerly PSU General) if you had already logged into the Web Authentication system. Please be aware that all of our wireless networks are logged to a user in some manner and you are ultimately responsible for what happens on the connection from your machine to the PSU network.
• We recently changed the names of our wireless networks along with adding this upgraded network as an option. See this article for more details on these changes.
• Both versions (PSU Secure and PSU Secure Facstaff) of the "Secure" networks use 802.1x-based authentication and encryption techniques. Specifically, these networks authenticate using PEAP and encrypt your communications using WPA2 Enterprise(by default). Using this network secures data sent "over-the-air" so that people in your same vicinity can not avesdrop on your communications. This DOES NOT protect you from malicious websites you may visit, virus infections, or direct attacks against your computer, it makes it difficult to "read" what you are sending and receiving by other wireless users in your immediate physical location. Once your communication "hits-the-wire" and goes out on the Internet, it is no longer encrypted. One of the biggest advantages of this network is the reduction of potential attack "vectors" a hacker can use to compromise your computer.

Further Assistance:

If you have any problems with this we highly recommend that you bring the device to the Help Desk in Smith Memorial Student Union room 18 so that a technician can do hands-on troubleshooting with the PSU wireless networks available and the device in front of them. You can also call the Help Desk at 503.725.HELP or email help@pdx.edu for answers to general questions about the network, its operation, and use.