OK, this is great - I've had a look at the other options in Group policy for setting up these connections, several of them look very promising. Thanks again for everyone's advice, I'll let you know how I get on. cheers, Jim On Tue, 12 Feb 2019 at 11:04, Alan Buxey <alan.buxey@gmail.com> wrote:
hi,
Ok, certificates is an avenue I hadn't considered... I wasn't aware that this was an option with eduroam (I'd just assumed we had to use PEAP).
EAP-TLS, PEAP, EAP-TTLS, EAP-FAST, EAP-GTC, EAP-PWD etc all work over eduroam :)
Have you set something like this with eduroam in the past, or do you know if any other universities have had this working?
yes and yes - quite a few Universities in UK (and elsewhere) using EAP-TLS - and several moving to it. most are using commercial deployment tools (with user self service etc) - eg Cloudpath ES
So by setting the realm in the certificates, will the eduroam radius servers forward the request correctly? I think I need to read up on this.
yes, realm set in the cert - most clients can also define an outerID for the initial identifier
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- thanks, Jim Potter User Platform Engineer IT Services Bath Spa University T: 01225 876220 Visit www.bathspa.ac.uk Join us on: Facebook <http://www.facebook.com/bath.spa.university>| Twitter <https://twitter.com/#!/BathSpaUni>| YouTube <http://www.youtube.com/BathSpaUniversity>| LinkedIn <http://www.linkedin.com/company/bath-spa-university> Newton Park, Bath, BA2 9BN Think before you print Disclaimer If you have received this message in error, please notify us and remove it from your system. Any views or opinions expressed in personal emails are solely those of the author and do not necessarily represent those of Bath Spa University. Neither Bath Spa University nor the sender accepts any responsibility for viruses and it is your responsibility to scan this email and any attachments for viruses.