eduroam should work with just about any authentication method that uses EAP (PEAP,TLS,TTLS) etc.
So if your are say moving to TLS (Client certificates) it should still just work. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 E-Mail: neil-john...@uiowa.edu > On Jun 17, 2016, at 10:19 AM, Curtis K. Larsen <curtis.k.lar...@utah.edu> > wrote: > > We're beginning to run into this problem as well. Luckily, eduroam is not > our primary SSID so at > least the critical business functions continue to work fine on a separate > SSID. My guess is that > we'll end up turning eduroam off at those remote locations if problems get > reported. > > In talking with the eduroam admin from the other institution they mentioned > that when this occurs > in Europe the solution has been to change the name of the SSID. Is this > really allowed? If so, > I'm sold! Then we can start using our primary SSID with eduroam credentials! > This is what I > always thought eduroam should have been. To me the value was always in the > universal credential > *NOT* the SSID name. That was always a drawback for me especially as > supplicants become easier to > configure. > > The other problem that we're going to run into soon is that we will be > phasing out PEAP on our > main SSID to mitigate against the evil twin vulnerability, but what do we do > with eduroam? I mean > I guess you could say it is the remote institution's problem, or the user's > problem if they > connect to an evil twin on your campus because they're not validating the > server. But if the evil > twin is on your campus it seems you have at least some responsibility in the > matter. But as it > stands, eduroam will leave a bit of a gaping security hole for us. > > -- > Curtis K. Larsen > Senior Network Engineer > University of Utah IT/CIS > > > > On Fri, June 17, 2016 7:35 am, Turner, Ryan H wrote: >> Yes. We have a satellite school at UNC Asheville. Up until recently, UNC >> Asheville was not >> running eduroam, and UNC Chapel Hill was the only occupant of a couple of >> buildings on campus. >> UNC Asheville adopted eduroam and wanted to move into adjoining spaces. So >> we were going to have >> the situation where UNC Chapel Hill folks might attach to the wrong >> institution’s eduroam and >> vice versa. We ended up bridging the two networks together through a single >> link, and based on >> realm, UNC Asheville will terminate UNC Chapel Hill folks directly to our >> network (through trunked >> vlans). It is nice, because now anywhere on UNC Asheville campus, UNC >> Chapel Hill folks have UNC >> Chapel Hill IP space. Because it made sense, we actually turned off our >> access points and allowed >> UNC Asheville to provide wireless in our areas (so we wouldn’t have >> competing wireless). >> >> >> Ryan Turner >> Manager of Network Operations >> ITS Communication Technologies >> The University of North Carolina at Chapel Hill >> >> r...@unc.edu<mailto:r...@unc.edu> >> +1 919 445 0113 Office >> +1 919 274 7926 Mobile >> >> >> >> From: The EDUCAUSE Wireless Issues Constituent Group Listserv >> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Becker, Jason >> Sent: Thursday, June 16, 2016 11:45 PM >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> Subject: [WIRELESS-LAN] eduroam ssid >> >> Has anyone ran into this situation… >> >> We are an eduroam participating school and have multiple buildings that are >> either across the road >> or sometimes sidewalk that another University owns. The other school is >> wanting to join eduroam >> so my issue is when we are both broadcasting the same ssid in possibly the >> same airspace. I have >> a felling this is going to cause many problems as clients could bounce back >> and forth between >> systems. >> >> If you had to deal with this I like to hear your thoughts on it. >> >> -- >> Thanks, >> Jason Becker >> Network Systems Engineer >> Washington University in St. Louis >> jbec...@wustl.edu<mailto:jbec...@wustl.edu> >> 314-935-5006 >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group >> discussion list can be found at >> http://www.educause.edu/groups/<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu%2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu%7ccb70500b292d4427293208d39661db4b%7c58b3d54f16c942d3af081fcabd095666%7c1&sdata=qGNRUEHsNMv7sMBIsc4xSekkNTdOESCI%2fPCz87RzRZY%3d>. >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent >> Group discussion list can >> be found at http://www.educause.edu/groups/. >> >> > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
