CSAILPrivate

On October 15th, we have made improvements to our wireless network for better security and user experience. The new system offers:

• Stronger security: Protects your data and network from unauthorized access.
• Easier setup: Especially for Apple devices: no more configuration files needed.
• Resilient to Kerberos password changes and resets.

Our previous “CSAILPrivate” network used Kerberos authentication, which can be complex to configure, especially for Apple devices. Additionally, the underlying RADIUS protocol has known security vulnerabilities.

To address these issues, we have transitioned to a new wireless authentication system provided by Cisco Meraki. This system uses a more secure authentication method and simplifies the connection process.

Before you can connect to the network, you must first create your CSAILPrivate wireless account

CSAILPrivate

CSAILPrivate is CSAIL’s encrypted, authenticated wireless network. Use of CSAILPrivate is required to get a static IP address or to print to CSAIL printers when connected to a wireless network. As a reminder, although your traffic over the wireless network will be encrypted, there are still other points within the CSAIL network and outside CSAIL where your traffic can be monitored, albeit with a slightly higher degree of difficulty. The instructions below describe how to set up access using a Meraki username and password.

Create a wireless account

Before you can connect to CSAILPrivate, you must create an account

1. Visit my.csail.mit.edu
2. Login using your CSAIL Kerberos account
3. Go to “My Account”
4. Under “Manage WiFi Password” click “Change” to Set or Change your CSAIL WiFi password.
5. You will be given the option of a randomly generated password.
   • Click the copy button then save to your password manager.
6. Click “Save” to submit and save your password
7. If you would rather create your own password, deselect the “use generated password” checkbox.
8. Enter a unique, strong password, and click “Save” to submit.
   • Be sure to remember or save in your password manager!

Connecting to CSAILPrivate

After you have created your wireless password, you can connect your device to CSAILPrivate. Instructions for major platforms are below.

Apple iOS

Prerequisite

If you’ve previously connected to “CSAILPrivate” on your devices, you’ll need to

• Remove the “.mobileconfig” file
  • Settings VPN & Device Management Select “CSAILPrivate Wireless” select “Remove Downloaded Profile”
• “Forget” the network
  • Settings Wi-Fi tap the button Select “Forget this Network”

Connecting

• From your client, select the “CSAILPrivate” network.
• Username: Your full CSAIL email address
• Password: Your CSAIL Wi-Fi password that you created in my.csail.mit.edu
• If you are prompted to Verify Certificate select trust
• Join the network

MacOS

Supported on 14+

Prerequisite

If you’ve previously connected to “CSAILPrivate” on your devices, you’ll need to

• Remove the “.mobileconfig” file
  • System Settings seach for “profiles” Select “Profiles” or “Device Management” Select “CSAILPrivate Wirless” and click the “-” to remove it
• “Forget” the network
  • System Settings Wi-Fi tap the button Select “Forget this Network”

Connecting

• From your client, select the “CSAILPrivate” network.
• Identy: None (if prompted)
• Username: Your full CSAIL email address
• Password: Your CSAIL Wi-Fi password that you created in my.csail.mit.edu
• If you are prompted to “Verify Certificate” select continue
• Join the network

Windows 11

• Click Start type “wireless” choose “Connect to a Network”
• Browse for “CSAILPrivate” and select it
• Enter your CSAIL Wi-Fi password that you created in my.csail.mit.edu

Ubuntu

Tested on 24.04. Note that your desktop environment, wireless configuration software, or Linux distro may look a little different, but these settings should work universally. Contact help@csail.mit.edu if you need help.

• Select CSAILPrivate from the WIFI drop down menu in the upper right hand corner of the desktop menu bar
• Security: WPA2
• Auth: PEAP
• Domain: meraki.com
• Select Certificate: /etc/ssl/certs/ca-certificates.crt
• PEAP: Version Automatic
• Inner Auth: MSCHAPv2
• Identity: Your full CSAIL email address
• Password: Your CSAIL Wi-Fi password that you created in my.csail.mit.edu

Android

Tested on Samsung Galaxy S21 Ultra 5G running Android 14 with 6.1 One UI

• Go into your Settings and select Connections Wi-Fi select CSAILPrivate enter the following:
• Identity: Your full CSAIL email address
• Password: Your CSAIL Wi-Fi password that you created in my.csail.mit.edu
• choose “use system certificates”
• Domain: meraki.com

Verifying the CSAILPrivate certificate

If you want to verify the certificate for the CSAIL wireless network, you can check against these fingerprints:

SHA-256: 42 C3 00 15 6D 6E A9 21 B3 0B 4D 75 77 85 A8 AA 4B 99 D8 87 37 62 92 FD F6 E9 F5 F8 31 2D DD A2

SHA-1: ED B6 2B CD ED 15 DF 27 B7 9D C1 BD 5C 6D D9 9A E5 F0 4D 4A