Last updated: 
1 month 1 day ago
Group Manager

A place to share information on all aspects of eduroam in the UK.

Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun.

Contents

Click on item and scroll down to the selected content at the bottom of the page.

eduroam Visitor Access Administrator Manual - Configuration and Management

eduroam Visitor Access Portal User Manual - Creating Guest Accounts

eduroam Visitor Access User Manual - Creating Guest Accounts for Groups and SMS Events

eduroam Visitor Access Guide - UKAMF IdP Configuration Requirements

Advisory: Injection of Operator-Name at the NRPSs

Walled Garden for Onboarding User Devices to eduroam

Using eduroam Support site; Connecting to the NRPS; User on-boarding – CAT

Guidance document - eduroam and Safeguarding

Guidance document - Cost of Implementing eduroam

eduroam(UK) Technical Specification Summary of Recommendations Checklist

eduroam(UK) Technical Specification Summary of Requirements Checklist

eduroam(UK) Technical Specification

NHS and eduroam/shared use of wireless/govroam

ORPS in Azure - alternatives to the use of ICMP

Sending Operator Name with Cisco ISE 2.0

eduroam in Public Buildings and Spaces in City Centres

TLS 1.2 and updated RADIUS requirements

FreeRADIUS Packet Handling - examining the flow

FreeRADIUS Best Current Practice Configuration for eduroam 

Performance tweaks for RADIUS and backend authentication systems

eduroam(UK) Microsoft NPS Configuration Guide

eduroam(UK) Service Provider Assurance Tool User Guide

eduroam(UK) Service Provider Assurance Tool Phase2 Field Trial Feedback

Improving the Reliability of NPS as an Authenticator in eduroam

Advisory: Using Status Server

Advisory: Use of MD5 Certificates Deprecated in Favour of SHA-1 for RADIUS servers

Advisory: Windows Mobile 8 and Certificate Verification

NWS41 eduroam Forum presentations - TKIP, CUI, NAPTR, QoS Probe

NWS40 FreeRADIUS Demystified seminar presentation

Geant Funding available

Janet Lumen House eduroam Service Information

UK eduroam Usage Feb 2013

EAP-pwd Moving Towards a Deployable Standard

Site Finder and Service Information Directory

eduroam(UK) Technical Specification 1.3 (archived) - superseded by 1.4

eduroam User Troubleshooting Flowchart for IT Support Staff

eduroam Administrators Troubleshooting Flowchart

NAPTR Record Creation Using Microsoft Windows 2008 R2 DNS Server

eduroam Best Practice Pointers

FreeRADIUS 2 eduroam Deployment at University of Sussex

Article

eduroam(UK) Test of Basic Network Connectivity to your ORPS

The eduroam UK technical specification mandates that an organisations' ORPS must be PINGable from the three National RADIUS Proxy servers (NRPS) and the eduroam UK support server.  This is all part of basic traffic light monitoring (red/amber/green) so we have a 'is the server up?' answer when troubleshooting. (We're moving to Status-Server in-band RADIUS checking where possible, but neither NPS nor ISE (nor previous versions - IAS or ACS) support that.

Article

TLDR; most client issues are solved by ensuring that the client is configured via a deployment tool

IOS9

Apple have changed the behaviour of IOS 9 with enterprise WiFi.  It appears that if your organisation is using a certificate not natively known by the device then it will no longer accept just username/password entry and present you with a 'verify the server' option.  it just silently quits.

Article

Successful deployments of 802.1X (as used in eduroam) mean that large numbers of clients will be using RADIUS authentication methods to get online.  Whilst eduroam is just the proxying of RADIUS packets, the system fails if the local authentication service cannot handle the requests sent to it in time (e.g. slow backend authenticator). So this article is a place where RADIUS admins can post tweaks and performance enhancement tips for their chosen platforms. If any sections are blank then that is due to no feedback from the community (crowd sourced document)

Article

I've spent a fair bit of time over the past month trying to improve the reliability of our RADIUS service for eduroam.  Previously it was entirely based on Microsoft NPS which has the tendency to silently discard authentication packets which it should really be rejecting. This creates a problem because if the authentication request originated from outside of your network (i.e.

Article

Announcement regarding Windows Mobile 8 and 802.1X authentication with certificate validation

Best practice is that clients must be configured to trust/verify the CA that signs
the RADIUS server that presents during an 802.1X authentication - a major security
pin for eduroam is this trust/check.

It has been noted that Windows Mobile 8 (WM8) devices would not authenticate the user
if this 'verify' option was chosen.

Article

We are delighted to announce new dates for the eduroam training course.

eduroam Fundamentals - 2 May 2013

This course provides delegates with an understanding of how eduroamUK operates at both basic technical and support levels. This includes an overview of how to configure user equipment and solve some of the issues those users might face. The course also covers the configuration of wireless and wired clients for use on the eduroamUK Service, details of the logfile examination and methods of fault finding and reporting.

Prev | Next