eduroam

Last updated: 
1 week 4 days ago
Group Manager
A place to share information on all aspects of eduroam in the UK. Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents Click on item and scroll down to the selected content at the bottom of the page. Advisory: Implications of MAC address randomisation on eduroam(UK) members Advisory: CA Certificate Validation in Android Devices (Nov 2020) Deploying Govroam alongside eduroam Advisory: EAP server certificate considerations (July 2020) eduroam Visitor Access Administrator Manual - Configuration and Management eduroam Visitor Access Portal User Manual - Creating Guest Accounts eduroam Visitor Access User Manual - Creating Guest Accounts for Groups and SMS Events eduroam Visitor Access Guide - UKAMF IdP Configuration Requirements Advisory: Injection of Operator-Name at the NRPSs Walled Garden for Onboarding User Devices to eduroam Using eduroam Support site; Connecting to the NRPS; User on-boarding – CAT Introducing the eduroam Support Server 2 - Networkshop45 Presentation - April 2017 Guidance document - eduroam and Safeguarding Guidance document - Cost of Implementing eduroam eduroam(UK) Technical Specification Summary of Recommendations Checklist eduroam(UK) Technical Specification Summary of Requirements Checklist eduroam(UK) Technical Specification NHS and eduroam/shared use of wireless/govroam ORPS in Azure - alternatives to the use of ICMP Sending Operator Name with Cisco ISE 2.0 eduroam in Public Buildings and Spaces in City Centres TLS 1.2 and updated RADIUS requirements FreeRADIUS Packet Handling - examining the flow FreeRADIUS Best Current Practice Configuration for eduroam  Performance tweaks for RADIUS and backend authentication systems eduroam(UK) Microsoft NPS Configuration Guide eduroam(UK) Service Provider Assurance Tool User Guide eduroam(UK) Service Provider Assurance Tool Phase2 Field Trial Feedback Improving the Reliability of NPS as an Authenticator in eduroam Advisory: Using Status Server Advisory: Use of MD5 Certificates Deprecated in Favour of SHA-1 for RADIUS servers Advisory: Windows Mobile 8 and Certificate Verification NWS41 eduroam Forum presentations - TKIP, CUI, NAPTR, QoS Probe NWS40 FreeRADIUS Demystified seminar presentation Geant Funding available Janet Lumen House eduroam Service Information UK eduroam Usage Feb 2013 EAP-pwd Moving Towards a Deployable Standard Site Finder and Service Information Directory eduroam(UK) Technical Specification 1.3 (archived) - superseded by 1.4 eduroam User Troubleshooting Flowchart for IT Support Staff eduroam Administrators Troubleshooting Flowchart NAPTR Record Creation Using Microsoft Windows 2008 R2 DNS Server eduroam Best Practice Pointers FreeRADIUS 2 eduroam Deployment at University of Sussex
Log in to request membershipHide group description

Group administrators:

Recent members:

eduroam client issues

18 September 2015 at 10:43am

TLDR; most client issues are solved by ensuring that the client is configured via a deployment tool

IOS9

Apple have changed the behaviour of IOS 9 with enterprise WiFi.  It appears that if your organisation is using a certificate not natively known by the device then it will no longer accept just username/password entry and present you with a 'verify the server' option.  it just silently quits.

This may be solved by ensuring the CA root is known to the IOS9 device... but if you are doing that, you may as well ensure you have a deployent tool to do this task for you - eg eduroamCAT, Cloudpath Xpress or SE, ClearPass etc

eg see http://pages.queens.ox.ac.uk/it/2015/09/17/apple-ios-9-breaks-eduroam/

if the device has a correct profile installed, it should work.  This is actually good - its much better for security and ensures the device is correctly configured.

Admins note - IOS9 also requires a larger DH key - at least 1024 on the RADIUS server - please see other advisory. Future IOS releases will also use TLS 1.2 and so your RADIUS platform will need to be updated if it cannot do TLS 1.2 negotiation correctly (see other advisory)

alan

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo

Comments

Hi, Alan

Thanks for your post, and the helpful link to David's blog post.

We're in the process of upgrading the certificate presented by our RADIUS servers, and have found the same issue.

However, our experience has been that this is no different from iOS 8 (or at least 8.4.1). iOS doesn't appear to recognise the Quo Vadis root CA, even though it should be in its certificate store (at least for wireless authentication). I'm assuming that that would be the case whichever (legitimate, commercially-supplied) certificate was used.

Best wishes,
Steve Holden
University of Brighton

Submitted by Steve Holden on Fri, 2015-09-18 11:36