Server configuration

The identity provider must autenticate users who need access to eduroam. Normally, you can build upon already existing user databases in the form of an Active Directory or an LDAP database.

Both identity and service providers must use an authentication server to communicate the validation of eduroam users on the fly. This server is often called a Radius server as the Radius protocol (Remote Authentication Dial-In User Service, RFC 2865, etc.) is used in communication between the cooperating servers.


Technical design

Eduroam gives users access to the internet. The user must be known at her home institution. When the user's device associates with the Wi-Fi network, a request is sent to the home institution. Only if the institution acknowledges the user access is granted.

This is accomplished by using port-based network access control (IEEE 802.1X).

Subscribe to RSS - Radius