Thursday, October 8, 2015

How to use Apple TV on enterprise wireless

I recently got an Apple TV for the purpose of sharing access to a projector in a classroom or (once I get one) a big monitor in the lab, only to discover that it's really hard to set up on an enterprise wireless network like most universities have. In particular, there's no way to actually enter a wireless password on the device - maybe not a bad idea, since I'd have to do it on an on-screen keyboard in front of a room full of students.

So here's what you have to do:

1. Get the Apple Configurator

2. Get the certificates for your wireless network. If, like Northeastern, your institution helpfully fails to make these publicly available, you can sniff them using these directions. On my Mac it involves turning off wireless, starting a tcpdump capture ("tcpdump -i en0 -w keys.pcap"), turning wireless on and connecting to the network, and stopping the capture with ^C. Then load the trace into wireshark and export the certificates as ".der" files. This is described in the linked article, but here's the actual step of saving one of the certificates:


Note that for the Apple TV Configurator we'll keep the certificates in DER format, instead of converting them to PEM. There should be multiple certificates in the packet; save each of them separately.

3. Start Apple Configurator, then connect to your Apple TV with USB. (you don't need the HDMI while you're doing this, which is a good thing because the two sockets are too close together for most cables) A window pops up; follow the following set of steps:

- Enrollment profile: don't enroll
- choose software to install: don't install (unless you want to wait an hour or so)
- choose the profiles to install: click "New", since you haven't set up any profiles yet

Set a name for the profile, then on the left click "Certificates":


Click 'Configure', upload the .der files that you just created from wireshark, and save. (if you have official certificates you got from your IT department you're on your own - I don't know what format they need to be in)

Now click 'Wi-Fi':

and configure. Enter your SSID, set "security type" to WPA/WPA2 Enterprise, and set your username and password:

Now click 'Trust' and select the certificates you uploaded:

Now click 'Save', select your new profile on the next screen, and click 'Next' once or twice to install it on your device.

For those of you at Northeastern, here are links to the certificates you need for NUwave or CCIS-Wireless:

AddTrust.der
InCommon.der
USERTrust.der
wireless.northeastern.edu.der


Posted by at No comments:
Subscribe to: Posts (Atom)