Updating eduroam

The University recently rolled its public certificate for eduroam and the old one was dropped a couple of days ago. So double-checking that all devices still worked resulted in some fiddling to make it so. Twice over because the local preferred Department Wi-Fi network is Internal-CL for which I can use the same credentials.

My phone (iOS 26) was in a weird state. First off, due to having not turned off “iCloud Passwords & Keychain” it turned out to have shared the credentials I gave to my iPad. I do not want this—we can generate our own credentials, and I generate them per-device deliberately—so that had to be turned off: Settings > Apple Account > iCloud > Saved to iCloud ... See All > Passwords & Keychain > Sync this iPhone = OFF.

Then I could forget and then rejoin eduroam using my usual credentials worked just fine. But I couldn’t connect at all to Internal-CL—I wasn’t even prompted for a username/password. Also couldn’t remove it or forget it: it showed as a “managed network” in Settings > Wi-Fi > Edit. So visited Settings > General > Device & VPN Management which showed Internal-CL as a “device profile”. Removed that, and then reconnected using the usual credentials and all was well.

My laptop runs NixOS so I often have to do things like this by hand. This time, rather than faffing with nmtui I thought I’d have a go from the command-line as I’ve recently found it to work well. Building off the manual instructions from UIS plus a relevant gist, the following seems to work:

nmcli connection add type wifi con-name 'NAME' ssid 'SSID' \
  ipv4.method auto 802-1x.eap peap 802-1x.phase2-auth mschapv2 \
  802-1x.identity 'USERNAME' \
  802-1x.password 'PASSWORD' \
  wifi-sec.key-mgmt wpa-eap

…setting NAME=SSID to be eduroam or Internal-CL, and USERNAME and PASSWORD to be my usual network credentials.