hi,
Ok, certificates is an avenue I hadn't considered... I wasn't aware that this was an option with eduroam (I'd just assumed we had to use PEAP).
EAP-TLS, PEAP, EAP-TTLS, EAP-FAST, EAP-GTC, EAP-PWD etc all work over eduroam :)
Have you set something like this with eduroam in the past, or do you know if any other universities have had this working?
yes and yes - quite a few Universities in UK (and elsewhere) using EAP-TLS - and several moving to it. most are using commercial deployment tools (with user self service etc) - eg Cloudpath ES
So by setting the realm in the certificates, will the eduroam radius servers forward the request correctly? I think I need to read up on this.
yes, realm set in the cert - most clients can also define an outerID for the initial identifier alan