Last updated: 
1 month 3 days ago
Group Manager
A place to share information on all aspects of eduroam in the UK. Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents Click on item and scroll down to the selected content at the bottom of the page. eduroam Visitor Access Administrator Manual - Configuration and Management eduroam Visitor Access Portal User Manual - Creating Guest Accounts eduroam Visitor Access User Manual - Creating Guest Accounts for Groups and SMS Events eduroam Visitor Access Guide - UKAMF IdP Configuration Requirements Advisory: Injection of Operator-Name at the NRPSs Walled Garden for Onboarding User Devices to eduroam Using eduroam Support site; Connecting to the NRPS; User on-boarding – CAT Guidance document - eduroam and Safeguarding Guidance document - Cost of Implementing eduroam eduroam(UK) Technical Specification Summary of Recommendations Checklist eduroam(UK) Technical Specification Summary of Requirements Checklist eduroam(UK) Technical Specification NHS and eduroam/shared use of wireless/govroam ORPS in Azure - alternatives to the use of ICMP Sending Operator Name with Cisco ISE 2.0 eduroam in Public Buildings and Spaces in City Centres TLS 1.2 and updated RADIUS requirements FreeRADIUS Packet Handling - examining the flow FreeRADIUS Best Current Practice Configuration for eduroam  Performance tweaks for RADIUS and backend authentication systems eduroam(UK) Microsoft NPS Configuration Guide eduroam(UK) Service Provider Assurance Tool User Guide eduroam(UK) Service Provider Assurance Tool Phase2 Field Trial Feedback Improving the Reliability of NPS as an Authenticator in eduroam Advisory: Using Status Server Advisory: Use of MD5 Certificates Deprecated in Favour of SHA-1 for RADIUS servers Advisory: Windows Mobile 8 and Certificate Verification NWS41 eduroam Forum presentations - TKIP, CUI, NAPTR, QoS Probe NWS40 FreeRADIUS Demystified seminar presentation Geant Funding available Janet Lumen House eduroam Service Information UK eduroam Usage Feb 2013 EAP-pwd Moving Towards a Deployable Standard Site Finder and Service Information Directory eduroam(UK) Technical Specification 1.3 (archived) - superseded by 1.4 eduroam User Troubleshooting Flowchart for IT Support Staff eduroam Administrators Troubleshooting Flowchart NAPTR Record Creation Using Microsoft Windows 2008 R2 DNS Server eduroam Best Practice Pointers FreeRADIUS 2 eduroam Deployment at University of Sussex

Group administrators:

Jisc Lumen House eduroam Service Information

19 June 2015 at 10:57am

Jisc provides Home and Visited eduroam service types at Lumen House.

Information for Visitors

Wi-Fi network name: eduroam

Security type: WPA2

Encryption: AES

Coverage: eduroam is available throughout the building. eduroam is also available at other locations on the Oxford Harwell campus provided through STFC.

Acceptable Use Policies: the visitor's own home organisation Acceptable Use Policy should be considered to apply when visiting Lumen House and using the eduroam network.

The eduroam(UK) Policy also applies 

Support: If you are unable to associate to the eduroam network, Corporate Information Services at Lumen House may be able to assist. If you can associate to eduroam but experience difficulties authenticating, in the first instance you should contact your home organisation IT Support service. Similarly, for help in configuration of your device, only your home organisation possesses the requisite information to help with this.

eduroam Confederation web site: 

Information for Jisc Staff - eduroam

  • eduroam makes available to the user a huge footprint of campus-wide and public area Wi-Fi networks (which normally require authentication prior to access to the network logon).
  • Only a single Wi-Fi profile and set of user credentials is needed to provide Internet access for the user, regardless of location. No additional configuration is needed for roaming.
  • eduroam is available for members of organisations which are eligible to benefit from Janet services (researchers, teachers, students, staff members, other uses supporting learning, teaching and research)  
  • eduroam makes connecting to a network service easy: automatic connection when in hot zone (depending on Wi-Fi profile), just the same as when connecting at the home organisation, does not require guest network accounts to be set up, free of charge to the user
  • Not just the UK - service is available at a huge number of locations across the UK, Europe, SE Asia (including Japan, HK, China, Taiwan and Australia and parts of North America), coming to Africa and South America
  • the eduroam standards based network service is assured to support a wide set of applications (web, e-mail, vpn, ftp, citrix)
  • eduroam can be enabled for hard-wired desktop machines as well as Wi-Fi capable devices: laptops,  tablets, smart phones
  • User logon is secured using EAP-based authentication (WPA2 Enterprise) which means that credentials are securely encrypted.  AES data encryption on Wi-Fi connection. 

How to use eduroam - Jisc Staff

More information about eduroam for users: About eduroam

Acceptable use Policies: IT Security Policy

The eduroam(UK) Policy also applies 

Where can I use eduroam?: connecting via eduroam when travelling

Lumen House Wi-Fi network name: eduroam

Security type: WPA2

Encryption: AES

Coverage: eduroam is available throughout the building. eduroam is also available at other locations on the Oxford Harwell campus provided through STFC.

How to configuration your laptop: 1) use the eduroam CAT tool 2) follow the instructions below   

1) eduroam CAT Click on the <eduroam user: download your eduroam installer> button towards the bottom of the page

2) Windows (7) Manual Configuration Guide for eduroam (Jisc staff only)

Visitors must consult the configuration information provided by their Home sites.

To set up eduroam as a new wireless network on a laptop:

1. Left hand click on the wireless network icon in the system tray. If there is no wireless icon in the system tray, go to the Control Panel and select <Network and Sharing Center>

2. If the eduroam SSID is detected right hand click on eduroam and click on <Properties> and skip to step 6. If eduroam is not detected  select <Open Network and Sharing Center> at the bottom of the dialogue box or go to the Control Panel and select <Network and Sharing Center>

3. Select <Set up a new connection or network>

4. Select <Manually connect to a wireless network> and click <Next>

5. Enter network name:  eduroam

6. From the drop down list select security type: WPA2-Enterprise

7. Encryption type: AES   Make sure 'Start this connection automatically' is ticked. (And click on <Next> if using network and sharing Center. Ignore greyed out Security Key box).    

8. Click on the 'Security' tab if necessary and ensure 'Choose a network authentication method' is: Protected EAP (PEAP)

9. Check that the 'Remember my credentials for this connection each time I'm logged on' box is ticked (recommended setting)

10. Click on the 'Settings' button and tick 'Validate server certificate'

11. Scroll down the list of root CAs in the 'Trusted Root Certification Authorities' box and tick AddTrust External CA Root (although theoretically UTN-USERFirst-Hardware should also work) [QuoVadis Root Certification Authority will be needed at some point in the future].

12. To ensure certificate of RADIUS server actually belongs to the Jisc ORPSs, if there is an option to 'Specify RADIUS server/Certificate Name'. Tick 'Connect to these servers' and enter;

13. On the <Configure...> tab, untick <Automatically use my Windows logon name and password>

14. OK and close.

You should now be prompted for your eduroam credentials when you try to connect to eduroam (

15. You might get an error message which looks like the screen print below. If you do, do not click <Connect>

Instead, click on the 'Details' arrow and get in contact with CIS, advising them of the contents. You MUST validate the RADIUS server certificate or else you will leave yourself vulnerable to authentication server spoofing attacks and consequent theft of your credentials.