1. It is possible to run your campus as an IdP, SP, or both. Most people elect to do both, as we did. You are free not to be an SP, however. 2. We use FreeRADIUS, and the configuration is pretty straightforward. The easiest thing to do regardless of your current RADIUS infrastructure, in my opinion, is to create new FreeRADIUS VMs whose responsibility is to proxy authentication requests to your main campus RADIUS servers. That way, there’s an extra layer of security between the web and your main auth servers and you have another layer of fault/failure protection. 3. We had a 9-stage rollout campaign of eduroam, which included a complete decommissioning of our college-branded SSID (we are an SP and IdP). We found that replacing our primary SSID was essential for people to take advantage of eduroam. Without this switchover, we found that we reached a plateau in eduroam adoption that rendered the solution of limited value. The biggest challenge our helpdesk has faced is the change of user account format from <username> to <[email protected]>. Many users still struggle with that, as I watch all the failed authentications against our eduroam RADIUS servers with <username> only. All in all, however, eduroam works no different than our original SSID, and from the user’s perspective, the only thing that changed was the network name and the username format. I will say, however, that the change invited a new wave of scapegoating on the wireless network. Despite no actual technical problems with the network, people took the excuse to say things like, “Since you guys installed eduroam, my wireless signal has been worse!”, even though that obviously has nothing to do with signal strength. So, helpdesk had to filter through lots of calls blaming eduroam when in fact the problems were related to the user’s device. Finally, you should consider the eduroam CAT (configuration assistance tool) for aiding your constituents in joining eduroam. It’s a free utility that comes with your eduroam subscription and does a pretty great job.
-- Jason Trinklein Wireless Engineering Manager College of Charleston 81 St. Philip Street | Office 311D | Charleston, SC 29403 [email protected]<mailto:[email protected]> | (843) 300–8009 From: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]> on behalf of Rita Schnepp <[email protected]> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <[email protected]> Date: Wednesday, April 18, 2018 at 6:37 PM To: "[email protected]" <[email protected]> Subject: [WIRELESS-LAN] Eduroam - 3 questions Anyone using EDUROAM? We are thinking about deploying it at our Pepperdine Malibu Campus in particular for our students/faculty travelling in Europe...and all over the US. We have 3 questions from an "admin's" perspective: 1) Can we make our main, authenticating campus which houses the RADIUS server just a Connector (and not an SP). The reason we want this is that we don't want to be an SP at our main Malibu Campus because we already have WIFI guest access via another method. Has anyone done this? 2) From our WiFi and Radius tech's perspective, was it as easy to deploy as Internet2/Eduroam says it is on their website? 3) How shall we prepare our Help Desk for EDUROAM? What kinds of calls will they get? Thanks. Rita -- Rita Schnepp, PMP, Director, IT Project Management Office Pepperdine University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7C%7Ce31a09a00287436e00df08d5a57cfc2a%7Ce285d438dbba4a4c941c593ba422deac%7C0%7C0%7C636596878585474829&sdata=B5R0jR%2FUHewEGrJ2BE2T0U6XApu56xgjkcH7%2FkSvWBE%3D&reserved=0>. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
