Last updated: 
4 months 2 weeks ago
Group Manager
A place to share information on all aspects of eduroam in the UK. Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents Click on item and scroll down to the selected content at the bottom of the page. Advisory: Implications of MAC address randomisation on eduroam(UK) members Advisory: CA Certificate Validation in Android Devices (Nov 2020) Deploying Govroam alongside eduroam Advisory: EAP server certificate considerations (July 2020) eduroam Visitor Access Administrator Manual - Configuration and Management eduroam Visitor Access Portal User Manual - Creating Guest Accounts eduroam Visitor Access User Manual - Creating Guest Accounts for Groups and SMS Events eduroam Visitor Access Guide - UKAMF IdP Configuration Requirements Advisory: Injection of Operator-Name at the NRPSs Walled Garden for Onboarding User Devices to eduroam Using eduroam Support site; Connecting to the NRPS; User on-boarding – CAT Introducing the eduroam Support Server 2 - Networkshop45 Presentation - April 2017 Guidance document - eduroam and Safeguarding Guidance document - Cost of Implementing eduroam eduroam(UK) Technical Specification Summary of Recommendations Checklist eduroam(UK) Technical Specification Summary of Requirements Checklist eduroam(UK) Technical Specification NHS and eduroam/shared use of wireless/govroam ORPS in Azure - alternatives to the use of ICMP Sending Operator Name with Cisco ISE 2.0 eduroam in Public Buildings and Spaces in City Centres TLS 1.2 and updated RADIUS requirements FreeRADIUS Packet Handling - examining the flow FreeRADIUS Best Current Practice Configuration for eduroam  Performance tweaks for RADIUS and backend authentication systems eduroam(UK) Microsoft NPS Configuration Guide eduroam(UK) Service Provider Assurance Tool User Guide eduroam(UK) Service Provider Assurance Tool Phase2 Field Trial Feedback Improving the Reliability of NPS as an Authenticator in eduroam Advisory: Using Status Server Advisory: Use of MD5 Certificates Deprecated in Favour of SHA-1 for RADIUS servers Advisory: Windows Mobile 8 and Certificate Verification NWS41 eduroam Forum presentations - TKIP, CUI, NAPTR, QoS Probe NWS40 FreeRADIUS Demystified seminar presentation Geant Funding available Janet Lumen House eduroam Service Information UK eduroam Usage Feb 2013 EAP-pwd Moving Towards a Deployable Standard Site Finder and Service Information Directory eduroam(UK) Technical Specification 1.3 (archived) - superseded by 1.4 eduroam User Troubleshooting Flowchart for IT Support Staff eduroam Administrators Troubleshooting Flowchart NAPTR Record Creation Using Microsoft Windows 2008 R2 DNS Server eduroam Best Practice Pointers FreeRADIUS 2 eduroam Deployment at University of Sussex

Group administrators:

eduroam(UK) Technical Specification v1.3

17 April 2014 at 4:38pm

MS Word version can be downloaded from icon above.

The document can also be found in the eduroam section of Community in the Documentation area.

Changes from version 1.2

  • The discussion of participation models in chapter 2, Common Requirement and Recommendations, has been expanded in the interest of clarification and to illustrate that it is possible for a service to be provided on an out-sourced basis or on a completely managed basis.
  • Requirement 6, the stipulation of a six months maximum retention period for RADIUS logs has been deleted since the maximum retention period is a matter decided by the participant's general data protection compliance or other policy.
  • Wording added to the discussion section 2.3.2 to provide the reasoning behind removal of the maximum period for log keeping and to indicate best practice together with emphasising the reference to the Janet technical guide on logging. Minor wording changes also made to the first paragraph on time reference to improve readability.
  • Requirement 32, non-local realm name defined to describe names other than those associated with the local participating organisation or partners of an organisation providing a managed service. Authentication requests containing user names with such non-local realm must be forwarded to the NRPS but forwarding of requests containing local realm names to the NRPS is explicitly prohibited.
  • Requirement 35 and 36 expanded to include partner organisations in relation to administration of DNS domains from which realms are derived.
  • New Requirement 37 inserted to mandate forwarding of local authentication requests directly to a partner organisation’s Home RADIUS servers where a Visited service is provided in partnership with another organisation, for instance by a managed service provider, and to prohibit forwarding by the managed service provider of such authentication requests to the NRPS.
  • New Requirement 38 inserted to prohibit forwarding of requests between multiple partners where the partners are independent eduroam participants; i.e. bypassing the NRPS for authentications between partner organisations is prohibited. Note, this does not proscribe inter-organisation authentication between members of an association of co-operating organisations in which the association is a member of eduroam(UK) but individual organisations are not members in their own right.
  • Requirement 37 renumbered to 39 and all subsequent requirements to 54 incremented by 2.
  • Appendices updated.