Eduroam and setting identity privacy in Windows
alan.buxey at gmail.com
Tue Feb 12 12:04:16 CET 2019
> Ok, certificates is an avenue I hadn't considered... I wasn't aware that
> this was an option with eduroam (I'd just assumed we had to use PEAP).
EAP-TLS, PEAP, EAP-TTLS, EAP-FAST, EAP-GTC, EAP-PWD etc all work over eduroam :)
> Have you set something like this with eduroam in the past, or do you know if any
> other universities have had this working?
yes and yes - quite a few Universities in UK (and elsewhere) using
EAP-TLS - and several moving
to it. most are using commercial deployment tools (with user self
service etc) - eg Cloudpath ES
> So by setting the realm in the certificates, will the eduroam radius
> servers forward the request correctly? I think I need to read up on this.
yes, realm set in the cert - most clients can also define an outerID
for the initial identifier
More information about the Freeradius-Users