It's pretty common in Europe to only offer the eduroam ssid, and offer visitors 'different' connectivity than local users on it, (and have a captive portal containing all the setup etc on an open ssid).
Making it so the wireless configuration is the same whether on campus or at another eduroam site is very popular amongst our academics & students, as it means that in practice, it's set up once, and simply opening the lid on their laptop at another site gets them connectivity. -- ian -----Original Message----- From: phanset Sent: 15/02/2013, 21:35 To: [email protected] Subject: Re: [WIRELESS-LAN] About the eduroam configuration on Freeradius Linchuan, There is a big drawback to no letting your users join the local eduroam SSID. They won't be able to setup their devices while on campus before traveling. Having the concordia.ca<http://concordia.ca> users joining the eduroam SSID on campus will help them with two aspects of the connectivity: -Learn to use the REALM (user@reaml, in your case realm=concordia.ca<http://concordia.ca>) -Learn to load the proper RADIUS infrastructure certificate on their machine before traveling somewhere else These two things alone could reduce your help desk calls quite a bit. If you do so, make sure to enforce the REALM requirement from your own users in your RADIUS config (we used to not enforce that at University of Tennessee and ended up with users not being able to use eduroam when traveling) What you can do (as explained by Steve and Julian) is to filter the concordia.ca<http://concordia.ca> users and put them in special VLANs. For instance: University of Tennessee, Knoxville assigns users with @utk.edu<http://utk.edu> credentials to the same VLAN pool weather they join the eduroam SSID or the ut-wpa2 SSID. The only difference between the two is that users joining eduroam have to use "[email protected]<mailto:[email protected]>" and users on ut-wpa2 can only use "netid" if they want. Have a good Weekend, Best, Philippe Hanset www.eduroamus.org<http://www.eduroamus.org> On Feb 15, 2013, at 3:24 PM, Linchuan Yang <[email protected]<mailto:[email protected]>> wrote: Dear All Do you use different radius servers for your local SSID and eduroam SSID? Currently, we are using the same radius servers for both of SSID, and we found that some of our local users login with eduroam SSID inside our campus. We want to block our local users (both [email protected]<mailto:[email protected]> and user123)to login with eduroam SSID, could you please explain how to modify the proxy.conf or other configuration files on Freeradius (Linux version)? Furthermore, we want to block [email protected]<mailto:[email protected]> to login with our local SSID, and let user123 login with our local SSID. Thank you, and have a nice weekend. Yours, Linchuan Yang (Antony) Wireless Networking Analyst Network Assessment and Integration, IITS-Concordia University Tel: (514)848-2424 ext. 7664 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found athttp://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
