eduroam

Last updated: 
4 months 2 weeks ago
Blog Manager
Log in to request membershipHide blog description
eduroam Service News Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents - click on item and scroll to bottom of box to read item 15/04/19 - Advisory: EAP-PWD Vulnerability 12/10/18 - Advisory: Injection of Operator-Name attribute by the NRPSs 23/02/18 - eduroam Seminar pre-Networkshop 2018 - FreeRADIUS 4 etc 24/10/17 - Advisory: WPA2 Key Reinstallation Attacks vulnerability, KRACK 14/07/16 - Release of Technical Specification v1.4 10/05/16 - Advisory: Ending of RADIUS Accounting within eduroam(UK) 22/01/15 - eduroam Support Clinic Tues March 1st 14:15-15:30 18/09/15 - Advisory: Impact of change of Certificate Service CA for eduroam Home (IdP) service providers 27/01/15 - eduroam now available at seven hospitals in Cardiff 22/01/15 - eduroam Support Clinic Tues January 27th 10:45-12:00am 23/12/14 - Calling Station Identity 01/12/14 - New DNS Name for eduroam(UK) Support Server 19/12/14 - eduroam Support Clinic Tues January 6th 10:45am 28/11/14 - eduroam Support Clinic Tues December 2nd 10:45am 19/11/14 - Advisory: Microsoft Security Bulletin Affecting NPS and IAS 27/05/14 - eduroam training course June 11-12 Birmingham; Aug 6-7 Aug Bristol 08/04/14 - Advisory: OpenSSL TLS Heartbleed Vulnerability rev 1.1 21/02/14 - Auth Timestamp Feature on eduroam(UK) Support Server 30/10/13 - Release of FreeRADIUS 2.2.2 07/10/13 - Release of FreeRADIUS 3.0.0 17/09/13 - Release of FreeRADIUS 2.2.1 13/06/13 - Release of Technical Specification v1.3 13/06/13 - eduroam training course June 27 Glasgow 23/04/13 - eduroam training courses July 24-25 London 23/04/13 - Chargeable User Identity how-to guide now available in Library 25/03/13 - eduroam training courses May 2-3 Manchester 24/02/13 - Time for a review of your eduroam deployment - Technical Specification v 1.2 Main Changes from v 1.1 30/01/13 - Configuration Assistant Tool (CAT) now available - builds eduroam client installers for user devices 23/01/13 - Advice regarding keeping eduroam credentials secure 09/01/13 - eduroam(UK) Announcement of Change of Name of the Janet Roaming Service to eduroam(UK) 19/11/12 - Uptake of NAPTR record definition in DNS (to enable RadSec DD) is increasing 31/10/12 - eduroam(UK) Support Server Update: Nagios LG and check for NAPTR records 30/10/12 - Cisco ACS 5.4 released: now support Operator-Name 29/10/12 - Unscheduled service outage Friday 26/10/2012 1:02 AM - 9:48 AM 03/10/12 - Advisory: Improving Efficiency of International Authentication through utilisation of RadSec at National Level 11/09/12 - Advisory: FreeRADIUS 2.1.10,11,12 Security

Group administrators:

Recent members:

Suggested Jobs for your eduroam Service during the Summer

August 2013 - 14/08/2013

Originator - Alan Buxey

Summary

As part of the continuing programme of improving the eduroam services provided by our members throughout the UK we are contacting organisations on an individual basis where particular issues have been identified. However there are some fairly simple things in the Technical Specification, not involving any RADIUS/802.1X/Wi-Fi aspects, that members can check and fix where necessary to improve their services without needing to be prompted by eduroam(UK).

Service Aspects to Check

1) You must have an eduroam service information web page that covers your eduroam service - giving information to your users on what it is and how to configure devices to use the service (ideally including a link to deployment/configuration tools!)

- this website MUST have a link to http://www.eduroam.org

- this website MUST have the eduroam logo on it (a legal/legit version as per https://www.eduroam.org/index.php?p=media&s=logo )

2) Your eduroam RADIUS servers (ORPS) must be PINGable from the three National proxies (NRPS) and from the Support server.  IF you are using Cisco ACS/ISE with its hardening script then the system will use TCP port 2002 instead from just the Support server (in which case your firewall only needs to be open for that port from the Support server, not the NRPS as well).

3) Organisations running a Home service SHOULD look at using NAPTR records to get auth packets from their International roaming users back to the UK more effectively from other countries:

https://community.ja.net/blogs/eduroam/article/improving-efficiency-international-authentication-supporting-radsec-national

4) eduroam CAT is a free 802.1X deployment tool for eduroam developed by TERENA partners as part of the eduroam project in Europe. If you are not using SU1X or XpressConnect you should find CAT invaluable.

One of the biggest issues we hear from sites is that getting users correctly configured for 802.1X networks is complex and requires lots of documentation. Deployment tools reduce the load and those requirements - reducing burden on your service desk.

Whilst we have had a sizeable number of requests for admin accounts on the CAT server, there are still nearly a hundred eligible sites in eduroam(UK) which have not asked for their eduroamCAT token so that they can start using this tool. If you are providing an operational Home service, why not get your admin account set up and have a look at the capability of the tool?

More info here: https://community.ja.net/library/janet-services-documentation/eduroam-cat-configuration-assistance-tool

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo