eduroam and 802.1x Profiles

Hi,
Good to know, we are in the process of getting Eudoram ready at our institute and will check this as well.

We have iPads using an eduroam Wifi config that seems to work fine at other institutions.

Is the problem you are seeing isolated to one institution when they go overseas ? Is it failing to authenticate properly ? What kiind of symptoms are you seeing ?

@ewu-oit
That's good to hear.
No not isolated to one institution even when they go to other institutions in the same country too.
Failing to authenticate.

I think it has to do with the certificate trust settings and other wi-fi settings due to different ogranisational settings ( different organisations use different EAP types...etc).
Also on iPads you can use username@yourorganisation.edu format but on OS X machine we use just the username.

Can you please show me your settings of the profile if possible (cert trust, EAP settings, Trusted Server Certificate Names, etc..)?

Hi there,

We are using eduroam aswell on our Macbooks and iPads.
Here's the settings we are distributing:

SSID: eduroam
Security Type: WPA / WPA 2 Enterprise
Accepted EAP Types: PEAP
Username: $USERNAME@eduroam.realm.de
Outer Identity: anonymous@eduroam.realm.de

Since all eduroam Networks should be configured to forward the Requests to the realm mentioned in the Outer Identity, there should not be any Problem globally. To be sure it's working locally and on all remote eduroam networks , you have to add the @eduroam.realm.de after the Username, else it will always try to authenticate on the local realm.

We also imported our Certificates with a seperate Configprofile, just in case its needed for the Authentication.

@bofh][/url
Thanks for the information. Have you ever used this as a login window profile or system profile?

@Kumarasinghe
You're welcome!

We are using it as an User Level Profile. The Certificates are coming with a Machine Level Profile.
Not sure if it will work properly using a system profile, but it should.

@bofh][/url][/url
Do you have to put the username manually when you try to connect to eduroam or will it automatically get it when a user logs in?
In your config Username: $USERNAME@eduroam.realm.de is present and the $USERNAME should populate automatically but we don't get it populated (v8.62).

@Kumarasinghe

Usually we don't have put in the Username if we connect. It just asks for the Password.
We are using 9.22 atm.

@bofh when I put in $USERNAME@Domain.com all that is passed through to the radius server is "@Domain.com" and if I remove "@Domain.com" I get the AD user name as it should be but it won't authenticate because I don't have the "@Domain.com". How do I get it to pass the entire current user name and the "@Domain.com"?

@ABigRock

Thats what we use. it's working like that if your computers/ipads/iphones have proper User&Location settings within the jss

We are using eduroam on our Macbooks and iPads.
I came across the eduroam Configuration Assistant Tool at https://cat.eduroam.org/
This made it easy to choose our University, download the .mobileconfig file for our specific devices and upload the signed .mobileconfig file into JAMF Pro Configuration profiles.