Eduroam and setting identity privacy in Windows

Alan Buxey alan.buxey at
Tue Feb 12 12:04:16 CET 2019


> Ok, certificates is an avenue I hadn't considered... I wasn't aware that
> this was an option with eduroam (I'd just assumed we had to use PEAP).

EAP-TLS, PEAP, EAP-TTLS, EAP-FAST, EAP-GTC, EAP-PWD etc all work over eduroam :)

> Have you set something like this with eduroam in the past, or do you know if any
> other universities have had this working?

yes and yes - quite a few Universities in UK (and elsewhere) using
EAP-TLS - and several moving
to it. most are using commercial deployment tools (with user self
service etc) - eg Cloudpath ES

> So by setting the realm in the certificates, will the eduroam radius
> servers forward the request correctly? I think I need to read up on this.

yes, realm set in the cert - most clients can also define an outerID
for the initial identifier


More information about the Freeradius-Users mailing list