Re: [WIRELESS-LAN] eduroam question(s)

2012-11-23 Thread James JJ Hooper
> On 11/13/12 5:26 AM, "James JJ Hooper"  wrote:
>
>>> -Original Message-
>>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset,
>>> Philippe C
>>> Sent: 13 November 2012 00:35
>>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>>> Subject: Re: [WIRELESS-LAN] eduroam question(s)
>>>
>>> ... We have the stats but are not publishing institution specific
>>> them for privacy reasons.
>>> http://www.eduroamus.org/node/232
>>> I have testimonials from Schools like UCSD and UChicago that
>>> immediately noticed hundreds of visitors on their campuses.
>>> Drexel University, for instance, had 40 eduroam users the first
>>> day they turned the SSID on.
>>> In general large institutions are amazed at how many eduroam
>>> visitors they have on campus.
>>>
>>> This said, the largest benefit is to make your campus population
>>> compatible with locations that heavily use
>>> eduroam (e.g. if your study abroad students go to Europe or
>>> Australia). There are places in Europe that
>>> make very difficult to use anything else than eduroam.
>>
>>...we would probably count as one of those institutions ;)
>>
>>A graph of our weekly users here/there/visitors-here is on this page:
>>http://www.wireless.bris.ac.uk/eduroam/#graph
>>
>>eduroam is the only SSID we offer to our staff/students.
>>
>>We've also got a "graph" that shows a monthly snapshot of where visitors
>>come from:
>>http://www.wireless.bris.ac.uk/gfx/random/eduroamvisitors.png
>>
>>It's definitely true that there is a critical mass point at which point
>>most
>>places have it, users start to expect it, and usage rises rapidly.


> On 13 November 2012 16:04, Johnson, Neil M  wrote:
> James,
>
> That's a cool graph. What tool(s) did you use to create it?

The first is javascript with dygraph: http://dygraphs.com/

The second is network weathermap using a database as the data source
http://www.network-weathermap.com/about

Kind regards,
  James

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-14 Thread Hanset, Philippe C
Julian,

I can answer that for you.
All Universities connected to the eduroam-US server are only using domains that 
they own,
and in the form *.domainowned.edu. Some use multiple domains (e.g. utk.edu and 
tennessee.edu), but all
are owned by the University.

Best,

Philippe Hanset
www.eduroamus.org


On Nov 14, 2012, at 12:14 PM, Julian Y Koh  wrote:

> On Nov 13, 2012, at 09:11 , "Hanset, Philippe C"  wrote:
>> 
>> For sanity, we will only pass to you *.northwestern.edu or other domains 
>> that you own and would like to be resolved e.gnorthwestern-1.edu
> 
> Are there any stats available as to how many institutions are using a 
> different eduroam domain than their regular top-level DNS domain?
> 
> I'm thinking about tossing together a quick surveymonkey survey to collect 
> some of this info if it's not available.
> 
> 
> -- 
> Julian Y. Koh
> Manager, Network Transport, Telecommunications and Network Services
> Northwestern University Information Technology (NUIT)
> 2001 Sheridan Road #G-166
> Evanston, IL 60208
> 847-467-5780
> NUIT Web Site: 
> PGP Public Key:
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-14 Thread Julian Y Koh
On Nov 13, 2012, at 09:11 , "Hanset, Philippe C"  wrote:
> 
> For sanity, we will only pass to you *.northwestern.edu or other domains that 
> you own and would like to be resolved e.gnorthwestern-1.edu

Are there any stats available as to how many institutions are using a different 
eduroam domain than their regular top-level DNS domain?

I'm thinking about tossing together a quick surveymonkey survey to collect some 
of this info if it's not available.


-- 
Julian Y. Koh
Manager, Network Transport, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)
2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: 
PGP Public Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Jason Cook
Thanks Brook, looks interesting will check it out in more detail.



--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800


-Original Message-
From: Brook Schofield [mailto:schofi...@terena.org] 
Sent: Tuesday, 13 November 2012 7:07 PM
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
Cc: Jason Cook; Scott Armitage
Subject: Re: [WIRELESS-LAN] eduroam question(s)

Jason,

attached is Scott Armitage's slides from the GN3 Symposium in October
(also in cc is case he isn't subscribed to this list). He's worked on
the "Russel Square" Problem which might be similar to your "North
Terrace Campus" Problem and help isolate UniSA and CSIRO users to their
preferred home network.

At the moment only wpa_suppliant has the configuration options to prefer
a particular home realm - and it isn't available in GUI configuration or
.mobileconfig options.

If anyone has contacts at Apple, Microsoft etc to expose these
configuration options it would be great to talk. These configuration
options will ease some of the pain of "eduroam" SSIDs in close proximity
to each other from different operators.

-Brook

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Jason Cook
All our data is taken from radius records (because WCS/NCS/Prime/[insert future 
name here] doesn't give us the reporting we want and probably never will), this 
gives us UID, MAC address's, IP address, time stamps, role 
(student/staff/visitor) which are imported into a home built database for 
querying. So it doesn't matter what SSID they connect to. eduroam visitors are 
flagged as such, and their domain is attached to the user id, the outer 
identities can cause some data to not match up, but I don't think we can 
control that and apart from that 1 month it's been minimal. An eduroam visitor 
could connect to our UofA network and still get authenticated via the eduroam 
system, and they'll show up as an eduroam visitor for statistics.

We also have a dhcp server sitting there just doing fingerprinting(never sends 
a response), this information is yet to be imported to our database. But we can 
pull a list of macs from the DB and run that past the finger printer logs to 
provide operating system stats for any or all users types. 

A 30 day snapshot of eduroam visitors by country domain below. It'd be nice to 
have time to get some live images up like others have done. 
   981 au
 26 uk
 18 de
 12 edu
  8 nl
  4 dk
  3 hk
  3 fr
  2 za
  2 se
  2 ca
  1 si
  1 pt
  1 nz
  1 es
  1 cz

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph    : +61 8 8313 4800


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 13 November 2012 9:13 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam question(s)

On the metrics, is there any way of showing how many of the Eduroam clients are 
bona ride visitors versus your own clients on the Eduroam SSID?  That's the 
real delta I'm curious about in general-  how many true visitors using it.

Thanks,

Lee

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Fligor, Debbie
On Nov 12, 2012, at 20:55, Jeff Kell  wrote:

> On 11/12/2012 9:41 PM, Lee H Badman wrote:
>> Also... Does anyone get a bit turned off about having yet another SSID in 
>> the air, or debranding your own in favor of pushing Eduroam as your SSID? 
>> Again, just wondering. Let's task Phillipe with figuring out a way to make 
>> the Eduroam underpinnings work automagically with any SSID we choose. 
>> 
>> Can we get that by Friday?
> 
> Ah hah... it's a battle of the Oranges :)
> 
> If you have separate SSIDs you can get better statistics, I suppose; but
> perhaps your Radius can drop them in different buckets.  For us it was a
> combination of things, primarily having our production 1X being
> NAC-enforced and role-based (requiring an agent, and proxying Radius
> through the NAC controller), whereas the eduroam SSID is off-the-grid
> (and also locked down by the eduroam firewall recommendations).

We have separate Eduroam and local (IllinoisNet) .1x networks.  Partly because 
we had already fully deployed, documented and pushed the IllinoisNet SSID, and 
partly because we treat Eduroam differently.  Our security group didn't want 
the Eduroam SSID on the same network with all our campus users, and our Eduroam 
deployment has all the required ports open, but not any extra. That way when 
people travel to other schools, they're never disappointed by what works -- 
anything they test on Eduroam here before they leave should work anywhere.  We 
don't have a large number of Eduroam users, Champaign-Urbana is pretty much in 
the middle of no-where (unlike Chicago locations :-), but we get a small but 
somewhat regular set of happy emails from our own faculty and from visitors 
saying that they were traveling (or visiting) and Eduroam "just worked" for 
them. Since it's not a heavy support load for us, it's a nice thing to be able 
to provide.  

Additionally, we don't have a unified SSID across our campuses (each campus 
does it's own IT support), and since we already had Eduroam, the other campuses 
are doing that (have done that?) so that staff that do move between campuses 
have an easy way to do so.


> 
> Jeff
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

-- 
-debbie
Debbie Fligor, n9dn   Lead Network Engineer, CITES, Univ. of Il
email: fli...@illinois.edu  
"Every keystroke can be monitored. And the computers never forget."

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Johnson, Neil M
James,

That's a cool graph. What tool(s) did you use to create it?

Thanks.

-Neil

-- 
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu






On 11/13/12 5:26 AM, "James JJ Hooper"  wrote:

>> -Original Message-
>> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
>> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset,
>> Philippe C
>> Sent: 13 November 2012 00:35
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> Subject: Re: [WIRELESS-LAN] eduroam question(s)
>>
>> ... We have the stats but are not publishing institution specific
>> them for privacy reasons.
>> http://www.eduroamus.org/node/232
>> I have testimonials from Schools like UCSD and UChicago that
>> immediately noticed hundreds of visitors on their campuses.
>> Drexel University, for instance, had 40 eduroam users the first
>> day they turned the SSID on.
>> In general large institutions are amazed at how many eduroam
>> visitors they have on campus.
>>
>> This said, the largest benefit is to make your campus population
>> compatible with locations that heavily use
>> eduroam (e.g. if your study abroad students go to Europe or
>> Australia). There are places in Europe that
>> make very difficult to use anything else than eduroam.
>
>...we would probably count as one of those institutions ;)
>
>A graph of our weekly users here/there/visitors-here is on this page:
>http://www.wireless.bris.ac.uk/eduroam/#graph
>
>eduroam is the only SSID we offer to our staff/students.
>
>We've also got a "graph" that shows a monthly snapshot of where visitors
>come from:
>http://www.wireless.bris.ac.uk/gfx/random/eduroamvisitors.png
>
>It's definitely true that there is a critical mass point at which point
>most
>places have it, users start to expect it, and usage rises rapidly.
>
>Kind regards,
>  James
>
>-- 
>James J J Hooper
>Senior Network Specialist, University of Bristol
>http://wireless.bristol.ac.uk
>--
>
>**
>Participation and subscription information for this EDUCAUSE Constituent
>Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Hanset, Philippe C
For sanity, we will only pass to you *.northwestern.edu or other domains that 
you own and would like to be resolved e.g northwestern-1.edu

On Nov 13, 2012, at 9:24 AM, Julian Y Koh  wrote:

> On Nov 12, 2012, at 18:34 , "Hanset, Philippe C"  wrote:
>> 
>> To answer the sub-domain question: we pass to your University everything in 
>> the form @*.university.edu
>> So you decide what to do.
> 
> But that's still not recommended as per the eduroam best practices?
> 
> Is there a requirement that the university.edu match what we actually use?  
> i.e., could we do something like nu-eduroam.edu instead of northwestern.edu?  
> (note: I'm not saying that would be a good idea, just trying to understand 
> what's possible :) )
> 
> 
> -- 
> Julian Y. Koh
> Manager, Network Transport, Telecommunications and Network Services
> Northwestern University Information Technology (NUIT)
> 2001 Sheridan Road #G-166
> Evanston, IL 60208
> 847-467-5780
> NUIT Web Site: 
> PGP Public Key:
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Julian Y Koh
On Nov 12, 2012, at 18:34 , "Hanset, Philippe C"  wrote:
> 
> To answer the sub-domain question: we pass to your University everything in 
> the form @*.university.edu
> So you decide what to do.

But that's still not recommended as per the eduroam best practices?

Is there a requirement that the university.edu match what we actually use?  
i.e., could we do something like nu-eduroam.edu instead of northwestern.edu?  
(note: I'm not saying that would be a good idea, just trying to understand 
what's possible :) )


-- 
Julian Y. Koh
Manager, Network Transport, Telecommunications and Network Services
Northwestern University Information Technology (NUIT)
2001 Sheridan Road #G-166
Evanston, IL 60208
847-467-5780
NUIT Web Site: 
PGP Public Key:

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread James JJ Hooper
> -Original Message-
> From: The EDUCAUSE Wireless Issues Constituent Group Listserv
> [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset,
> Philippe C
> Sent: 13 November 2012 00:35
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] eduroam question(s)
>
> ... We have the stats but are not publishing institution specific
> them for privacy reasons.
> http://www.eduroamus.org/node/232
> I have testimonials from Schools like UCSD and UChicago that
> immediately noticed hundreds of visitors on their campuses.
> Drexel University, for instance, had 40 eduroam users the first
> day they turned the SSID on.
> In general large institutions are amazed at how many eduroam
> visitors they have on campus.
>
> This said, the largest benefit is to make your campus population
> compatible with locations that heavily use
> eduroam (e.g. if your study abroad students go to Europe or
> Australia). There are places in Europe that
> make very difficult to use anything else than eduroam.

...we would probably count as one of those institutions ;)

A graph of our weekly users here/there/visitors-here is on this page:
http://www.wireless.bris.ac.uk/eduroam/#graph

eduroam is the only SSID we offer to our staff/students.

We've also got a "graph" that shows a monthly snapshot of where visitors
come from:
http://www.wireless.bris.ac.uk/gfx/random/eduroamvisitors.png

It's definitely true that there is a critical mass point at which point most
places have it, users start to expect it, and usage rises rapidly.

Kind regards,
  James

-- 
James J J Hooper
Senior Network Specialist, University of Bristol
http://wireless.bristol.ac.uk
--

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


RE: [WIRELESS-LAN] eduroam question(s)

2012-11-13 Thread Lee H Badman
On the metrics, is there any way of showing how many of the Eduroam clients are 
bona ride visitors versus your own clients on the Eduroam SSID?  That's the 
real delta I'm curious about in general-  how many true visitors using it.

Thanks,

Lee


Lee H. Badman
Network Architect/Wireless TME
ITS, Syracuse University
315.443.3003


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] on behalf of Jason Cook 
[jason.c...@adelaide.edu.au]
Sent: Monday, November 12, 2012 11:33 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam question(s)

We keep statistics for eduroam, have attached graphs of monthly unique users 
for viewing.

May 2011 had a large spike, this  was a single person who had a new randomly 
generated outer identity for every authentication.

We have considered just using eduroam as an SSID, but there is definitely a 
preference internally to keep some branding in the air. We also border with 
another University, if we only offered eduroam then there could be some big 
issues for users who get good signal from both networks.

The final point of interest on that is quality of service. Do people implement 
a different qos for eduroam over their own network?
I'm not sure on implementing qos for radius assigned networks within 1 SSID, 
e.g. within wireless can vlan x be provided with a different qos than vlan y 
for a given SSID. Not something we've ever looked into.

--
Jason Cook
Technology Services
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800


-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 13 November 2012 1:12 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] eduroam question(s)

Also... Does anyone get a bit turned off about having yet another SSID in the 
air, or debranding your own in favor of pushing Eduroam as your SSID? Again, 
just wondering. Let's task Phillipe with figuring out a way to make the Eduroam 
underpinnings work automagically with any SSID we choose.

Can we get that by Friday?



On Nov 12, 2012, at 21:36, "Lee H Badman"  wrote:

> Nah, just like to understand the benefit before making changes. Trying
> to gage how many nomadic WLAN users are really roaming from school to
> school, as opposed to users connecting to it on their own campus.
> Seems like a fair exercise:)
>
> Sent from an Etch-a-Sketch. Please excuse squiggly lines.
>
> On Nov 12, 2012, at 19:44, "Hanset, Philippe C"  wrote:
>
>> On Nov 12, 2012, at 6:39 PM, Lee H Badman  wrote:
>>
>>> Does anyone keep stats on how much your Eduroam efforts get used? Like, 
>>> other than just being in the club, is it really providing benefits that an 
>>> easy-to-use guest network wouldn't? Not being snarky, but genuinely 
>>> wondering.
>>>
>>
>> How can you beat instant authentication with encryption over the air?
>> Even an open network doesn't give that!
>> I walk on a campus and my phone automatically switches from 3G to
>> Wi-Fi for Data, not hitting my less than adequate quotas
>>
>> You are the hardest man to convince Lee ;-)
>>
>> Philippe
>>
>>
>>
>>>> Our email addresses are first-l...@utc.edu unless there are
>>>> conflicts, in which case we use a middle initial or a suffix.
>>>>
>>>> Our official "UTCid" is a rather arbitrary string (3 letters, 3
>>>> numbers, where that came from don't ask me, it was back in the "no-SSNs" 
>>>> conversion).
>>>>
>>>> The directory key / userID is in fact the UTCid, and is typically
>>>> used as a login for everything.  It's also the Active Directory ID.
>>>>
>>>> And now the bonus...  the AD domain is in fact utc.tennessee.edu
>>>> (we're a "branch" of the state's tennessee.edu domain), so there's
>>>> already some confusion as to using the tennessee.edu versus utc.edu.  Even 
>>>> worse...
>>>> there are root forest entries for ut...@tennessee.edu as well as
>>>> @utc.tennessee.edu.  And of course UTK started the whole eduroam
>>>> thing, and they're already taking tennessee.edu as local :(
>>>> although they still take utk.edu as well.
>>>>
>>>> So we more or less got stuck with ut...@utc.edu to avoid the
>>>> domain/realm confusion with the big orange one.
>>>>
>>>> I would advise you rig up your local .1X to authenticate with your
>>>> ful

Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Hanset, Philippe C
Done. It's called 802.11u which is now part of 802.11
The SSID will soon be irrelevant anyway. All you will do is a Roaming Operator 
challenge!

Philippe

On Nov 12, 2012, at 9:41 PM, Lee H Badman  wrote:

> Also... Does anyone get a bit turned off about having yet another SSID in the 
> air, or debranding your own in favor of pushing Eduroam as your SSID? Again, 
> just wondering. Let's task Phillipe with figuring out a way to make the 
> Eduroam underpinnings work automagically with any SSID we choose. 
> 
> Can we get that by Friday?
> 
> 
> 
> On Nov 12, 2012, at 21:36, "Lee H Badman"  wrote:
> 
>> Nah, just like to understand the benefit before making changes. Trying to 
>> gage how many nomadic WLAN users are really roaming from school to school, 
>> as opposed to users connecting to it on their own campus. Seems like a fair 
>> exercise:)
>> 
>> Sent from an Etch-a-Sketch. Please excuse squiggly lines.
>> 
>> On Nov 12, 2012, at 19:44, "Hanset, Philippe C"  wrote:
>> 
>>> On Nov 12, 2012, at 6:39 PM, Lee H Badman  wrote:
>>> 
 Does anyone keep stats on how much your Eduroam efforts get used? Like, 
 other than just being in the club, is it really providing benefits that an 
 easy-to-use guest network wouldn't? Not being snarky, but genuinely 
 wondering.
 
>>> 
>>> How can you beat instant authentication with encryption over the air?
>>> Even an open network doesn't give that!
>>> I walk on a campus and my phone automatically switches from 3G to Wi-Fi for 
>>> Data, not hitting my less than adequate quotas
>>> 
>>> You are the hardest man to convince Lee ;-)
>>> 
>>> Philippe
>>> 
>>> 
>>> 
> Our email addresses are first-l...@utc.edu unless there are conflicts,
> in which case we use a middle initial or a suffix.
> 
> Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
> where that came from don't ask me, it was back in the "no-SSNs" 
> conversion).
> 
> The directory key / userID is in fact the UTCid, and is typically used
> as a login for everything.  It's also the Active Directory ID.
> 
> And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
> a "branch" of the state's tennessee.edu domain), so there's already some
> confusion as to using the tennessee.edu versus utc.edu.  Even worse...
> there are root forest entries for ut...@tennessee.edu as well as
> @utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
> and they're already taking tennessee.edu as local :( although they still
> take utk.edu as well.
> 
> So we more or less got stuck with ut...@utc.edu to avoid the
> domain/realm confusion with the big orange one.
> 
> I would advise you rig up your local .1X to authenticate with your
> fully-qualified eduroam username, just so users can consistently login
> with the same credentials (assuming you're not using eduroam for
> production .1X).
> 
> Jeff
> 
> On 11/12/2012 6:11 PM, Julian Y Koh wrote:
>> So we're looking at an eduroam deployment here, and one question that 
>> has come up is one of credentials.  Here at NU, we have 2 identifiers - 
>> the NetID and the alias.  All of the directories and the like are keyed 
>> off of the NetID, which does not have to be the same as the alias.  
>> Top-level email addresses take the form @northwestern.edu.  
>> 
>> Under a basic default eduroam deployment, a user would use 
>> @northwestern.edu as his/her username to authenticate to the 
>> wireless network.  This is not 100% ideal from an end user point of 
>> view, though, since that could potentially lead to some confusion since 
>> at least here, netid rarely is the same as alias.  Obviously, at some 
>> schools, netid = alias, so this is a moot point, but have other schools 
>> encountered support/documentation issues because of this?  
>> 
>> As an alternative, has anyone looking into using a subdomain for the 
>> realm?  i.e., @eduroam.northwestern.edu?
>> 
>> I tried going through the FAQs and documentation at 
>> , and there is some mention of avoiding 
>> subdomains at .  
>> 
>> Personally, I think with good enough documentation we should be able to 
>> do the standard @northwestern.edu without a lot of trouble, but 
>> we also need to do due diligence and explore these options.  :)
>> 
>> Thanks!!
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
 
>>> 
>>> **
>>> Participation and subscription information for 

Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Jeff Kell
On 11/12/2012 9:41 PM, Lee H Badman wrote:
> Also... Does anyone get a bit turned off about having yet another SSID in the 
> air, or debranding your own in favor of pushing Eduroam as your SSID? Again, 
> just wondering. Let's task Phillipe with figuring out a way to make the 
> Eduroam underpinnings work automagically with any SSID we choose. 
>
> Can we get that by Friday?

Ah hah... it's a battle of the Oranges :)

If you have separate SSIDs you can get better statistics, I suppose; but
perhaps your Radius can drop them in different buckets.  For us it was a
combination of things, primarily having our production 1X being
NAC-enforced and role-based (requiring an agent, and proxying Radius
through the NAC controller), whereas the eduroam SSID is off-the-grid
(and also locked down by the eduroam firewall recommendations).

Jeff

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Lee H Badman
Also... Does anyone get a bit turned off about having yet another SSID in the 
air, or debranding your own in favor of pushing Eduroam as your SSID? Again, 
just wondering. Let's task Phillipe with figuring out a way to make the Eduroam 
underpinnings work automagically with any SSID we choose. 

Can we get that by Friday?



On Nov 12, 2012, at 21:36, "Lee H Badman"  wrote:

> Nah, just like to understand the benefit before making changes. Trying to 
> gage how many nomadic WLAN users are really roaming from school to school, as 
> opposed to users connecting to it on their own campus. Seems like a fair 
> exercise:)
> 
> Sent from an Etch-a-Sketch. Please excuse squiggly lines.
> 
> On Nov 12, 2012, at 19:44, "Hanset, Philippe C"  wrote:
> 
>> On Nov 12, 2012, at 6:39 PM, Lee H Badman  wrote:
>> 
>>> Does anyone keep stats on how much your Eduroam efforts get used? Like, 
>>> other than just being in the club, is it really providing benefits that an 
>>> easy-to-use guest network wouldn't? Not being snarky, but genuinely 
>>> wondering.
>>> 
>> 
>> How can you beat instant authentication with encryption over the air?
>> Even an open network doesn't give that!
>> I walk on a campus and my phone automatically switches from 3G to Wi-Fi for 
>> Data, not hitting my less than adequate quotas
>> 
>> You are the hardest man to convince Lee ;-)
>> 
>> Philippe
>> 
>> 
>> 
 Our email addresses are first-l...@utc.edu unless there are conflicts,
 in which case we use a middle initial or a suffix.
 
 Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
 where that came from don't ask me, it was back in the "no-SSNs" 
 conversion).
 
 The directory key / userID is in fact the UTCid, and is typically used
 as a login for everything.  It's also the Active Directory ID.
 
 And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
 a "branch" of the state's tennessee.edu domain), so there's already some
 confusion as to using the tennessee.edu versus utc.edu.  Even worse...
 there are root forest entries for ut...@tennessee.edu as well as
 @utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
 and they're already taking tennessee.edu as local :( although they still
 take utk.edu as well.
 
 So we more or less got stuck with ut...@utc.edu to avoid the
 domain/realm confusion with the big orange one.
 
 I would advise you rig up your local .1X to authenticate with your
 fully-qualified eduroam username, just so users can consistently login
 with the same credentials (assuming you're not using eduroam for
 production .1X).
 
 Jeff
 
 On 11/12/2012 6:11 PM, Julian Y Koh wrote:
> So we're looking at an eduroam deployment here, and one question that has 
> come up is one of credentials.  Here at NU, we have 2 identifiers - the 
> NetID and the alias.  All of the directories and the like are keyed off 
> of the NetID, which does not have to be the same as the alias.  Top-level 
> email addresses take the form @northwestern.edu.  
> 
> Under a basic default eduroam deployment, a user would use 
> @northwestern.edu as his/her username to authenticate to the 
> wireless network.  This is not 100% ideal from an end user point of view, 
> though, since that could potentially lead to some confusion since at 
> least here, netid rarely is the same as alias.  Obviously, at some 
> schools, netid = alias, so this is a moot point, but have other schools 
> encountered support/documentation issues because of this?  
> 
> As an alternative, has anyone looking into using a subdomain for the 
> realm?  i.e., @eduroam.northwestern.edu?
> 
> I tried going through the FAQs and documentation at 
> , and there is some mention of avoiding 
> subdomains at .  
> 
> Personally, I think with good enough documentation we should be able to 
> do the standard @northwestern.edu without a lot of trouble, but we 
> also need to do due diligence and explore these options.  :)
> 
> Thanks!!
> 
 
 **
 Participation and subscription information for this EDUCAUSE Constituent 
 Group discussion list can be found at http://www.educause.edu/groups/.
>>> 
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent 
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>>> 
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for 

Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Lee H Badman
Nah, just like to understand the benefit before making changes. Trying to gage 
how many nomadic WLAN users are really roaming from school to school, as 
opposed to users connecting to it on their own campus. Seems like a fair 
exercise:)

Sent from an Etch-a-Sketch. Please excuse squiggly lines.

On Nov 12, 2012, at 19:44, "Hanset, Philippe C"  wrote:

> On Nov 12, 2012, at 6:39 PM, Lee H Badman  wrote:
> 
>> Does anyone keep stats on how much your Eduroam efforts get used? Like, 
>> other than just being in the club, is it really providing benefits that an 
>> easy-to-use guest network wouldn't? Not being snarky, but genuinely 
>> wondering.
>> 
> 
> How can you beat instant authentication with encryption over the air?
> Even an open network doesn't give that!
> I walk on a campus and my phone automatically switches from 3G to Wi-Fi for 
> Data, not hitting my less than adequate quotas
> 
> You are the hardest man to convince Lee ;-)
> 
> Philippe
> 
> 
> 
>>> Our email addresses are first-l...@utc.edu unless there are conflicts,
>>> in which case we use a middle initial or a suffix.
>>> 
>>> Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
>>> where that came from don't ask me, it was back in the "no-SSNs" conversion).
>>> 
>>> The directory key / userID is in fact the UTCid, and is typically used
>>> as a login for everything.  It's also the Active Directory ID.
>>> 
>>> And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
>>> a "branch" of the state's tennessee.edu domain), so there's already some
>>> confusion as to using the tennessee.edu versus utc.edu.  Even worse...
>>> there are root forest entries for ut...@tennessee.edu as well as
>>> @utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
>>> and they're already taking tennessee.edu as local :( although they still
>>> take utk.edu as well.
>>> 
>>> So we more or less got stuck with ut...@utc.edu to avoid the
>>> domain/realm confusion with the big orange one.
>>> 
>>> I would advise you rig up your local .1X to authenticate with your
>>> fully-qualified eduroam username, just so users can consistently login
>>> with the same credentials (assuming you're not using eduroam for
>>> production .1X).
>>> 
>>> Jeff
>>> 
>>> On 11/12/2012 6:11 PM, Julian Y Koh wrote:
 So we're looking at an eduroam deployment here, and one question that has 
 come up is one of credentials.  Here at NU, we have 2 identifiers - the 
 NetID and the alias.  All of the directories and the like are keyed off of 
 the NetID, which does not have to be the same as the alias.  Top-level 
 email addresses take the form @northwestern.edu.  
 
 Under a basic default eduroam deployment, a user would use 
 @northwestern.edu as his/her username to authenticate to the 
 wireless network.  This is not 100% ideal from an end user point of view, 
 though, since that could potentially lead to some confusion since at least 
 here, netid rarely is the same as alias.  Obviously, at some schools, 
 netid = alias, so this is a moot point, but have other schools encountered 
 support/documentation issues because of this?  
 
 As an alternative, has anyone looking into using a subdomain for the 
 realm?  i.e., @eduroam.northwestern.edu?
 
 I tried going through the FAQs and documentation at 
 , and there is some mention of avoiding 
 subdomains at .  
 
 Personally, I think with good enough documentation we should be able to do 
 the standard @northwestern.edu without a lot of trouble, but we 
 also need to do due diligence and explore these options.  :)
 
 Thanks!!
 
>>> 
>>> **
>>> Participation and subscription information for this EDUCAUSE Constituent 
>>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Karl Reuss

On 11/12/2012 6:39 PM, Lee H Badman wrote:

Does anyone keep stats on how much your Eduroam efforts get used?
Like, other than just being in the club, is it really providing
benefits that an easy-to-use guest network wouldn't? Not being
snarky, but genuinely wondering.


We don't have any officially generated stats but a quick check of the 
numbers for this month shows we've had about 2000 traditional guests and 
500 eduroam guests.  The advantage eduroam guests had is that they were 
pre-approved before coming to campus and their devices were already 
setup.  Our guest system is a little clunky and could use some cleanup, 
but it will never "just work" like eduroam does for it's users.


We also get good feedback from our faculty and staff who visit other 
institutions, and that is hard to quantify with stats.  So far this 
month about 150 of our folks have authenticated at other eduroam sites.


-Karl

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Hanset, Philippe C
On Nov 12, 2012, at 6:39 PM, Lee H Badman  wrote:

> Does anyone keep stats on how much your Eduroam efforts get used? Like, other 
> than just being in the club, is it really providing benefits that an 
> easy-to-use guest network wouldn't? Not being snarky, but genuinely wondering.
> 

How can you beat instant authentication with encryption over the air?
Even an open network doesn't give that!
I walk on a campus and my phone automatically switches from 3G to Wi-Fi for 
Data, not hitting my less than adequate quotas

You are the hardest man to convince Lee ;-)

Philippe



>> Our email addresses are first-l...@utc.edu unless there are conflicts,
>> in which case we use a middle initial or a suffix.
>> 
>> Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
>> where that came from don't ask me, it was back in the "no-SSNs" conversion).
>> 
>> The directory key / userID is in fact the UTCid, and is typically used
>> as a login for everything.  It's also the Active Directory ID.
>> 
>> And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
>> a "branch" of the state's tennessee.edu domain), so there's already some
>> confusion as to using the tennessee.edu versus utc.edu.  Even worse...
>> there are root forest entries for ut...@tennessee.edu as well as
>> @utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
>> and they're already taking tennessee.edu as local :( although they still
>> take utk.edu as well.
>> 
>> So we more or less got stuck with ut...@utc.edu to avoid the
>> domain/realm confusion with the big orange one.
>> 
>> I would advise you rig up your local .1X to authenticate with your
>> fully-qualified eduroam username, just so users can consistently login
>> with the same credentials (assuming you're not using eduroam for
>> production .1X).
>> 
>> Jeff
>> 
>> On 11/12/2012 6:11 PM, Julian Y Koh wrote:
>>> So we're looking at an eduroam deployment here, and one question that has 
>>> come up is one of credentials.  Here at NU, we have 2 identifiers - the 
>>> NetID and the alias.  All of the directories and the like are keyed off of 
>>> the NetID, which does not have to be the same as the alias.  Top-level 
>>> email addresses take the form @northwestern.edu.  
>>> 
>>> Under a basic default eduroam deployment, a user would use 
>>> @northwestern.edu as his/her username to authenticate to the 
>>> wireless network.  This is not 100% ideal from an end user point of view, 
>>> though, since that could potentially lead to some confusion since at least 
>>> here, netid rarely is the same as alias.  Obviously, at some schools, netid 
>>> = alias, so this is a moot point, but have other schools encountered 
>>> support/documentation issues because of this?  
>>> 
>>> As an alternative, has anyone looking into using a subdomain for the realm? 
>>>  i.e., @eduroam.northwestern.edu?
>>> 
>>> I tried going through the FAQs and documentation at 
>>> , and there is some mention of avoiding 
>>> subdomains at .  
>>> 
>>> Personally, I think with good enough documentation we should be able to do 
>>> the standard @northwestern.edu without a lot of trouble, but we also 
>>> need to do due diligence and explore these options.  :)
>>> 
>>> Thanks!!
>>> 
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educause.edu/groups/.
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.
> 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Hanset, Philippe C
... We have the stats but are not publishing institution specific them for 
privacy reasons.
http://www.eduroamus.org/node/232
I have testimonials from Schools like UCSD and UChicago that immediately 
noticed hundreds of visitors on their campuses.
Drexel University, for instance, had 40 eduroam users the first day they turned 
the SSID on.
In general large institutions are amazed at how many eduroam visitors they have 
on campus.

This said, the largest benefit is to make your campus population compatible 
with locations that heavily use
eduroam (e.g. if your study abroad students go to Europe or Australia). There 
are places in Europe that 
make very difficult to use anything else than eduroam.

To answer the "using eduroam as the main 1X network", we have seen schools 
doing that very successfully.
(your are definitely ready to roam...just by using it at your school)
Here at UT Knoxville, we have opted to still keep the UTK branded 1x network 
and the eduroam network together for a while
with the idea of getting rid of the UTK 1x (called ut-wpa2) in the future. 
In reality this is just a beaconing difference...in the back we resolve people 
that join eduroam with @utk.edu credentials
to the exact same VLANs as the people joining ut-wpa2.

To answer the sub-domain question: we pass to your University everything in the 
form @*.university.edu
So you decide what to do.
If you have alias issues, in some cases, an installer like Xpressconnect  can 
be very helpful

Best

Philippe Hanset
www.eduroamus.org
(eduroam is now an Internet2 NET+ Service)



On Nov 12, 2012, at 6:39 PM, Lee H Badman 
 wrote:

> Does anyone keep stats on how much your Eduroam efforts get used? Like, other 
> than just being in the club, is it really providing benefits that an 
> easy-to-use guest network wouldn't? Not being snarky, but genuinely wondering.
> 
> Lee Badman
> 
> 
> 
> On Nov 12, 2012, at 18:27, "Jeff Kell"  wrote:
> 
>> Hey Julian,
>> 
>> We recently went through this after cranking up eduroam officially this
>> past fall.  We have similar points of confusion, plus a bonus.
>> 
>> Our email addresses are first-l...@utc.edu unless there are conflicts,
>> in which case we use a middle initial or a suffix.
>> 
>> Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
>> where that came from don't ask me, it was back in the "no-SSNs" conversion).
>> 
>> The directory key / userID is in fact the UTCid, and is typically used
>> as a login for everything.  It's also the Active Directory ID.
>> 
>> And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
>> a "branch" of the state's tennessee.edu domain), so there's already some
>> confusion as to using the tennessee.edu versus utc.edu.  Even worse...
>> there are root forest entries for ut...@tennessee.edu as well as
>> @utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
>> and they're already taking tennessee.edu as local :( although they still
>> take utk.edu as well.
>> 
>> So we more or less got stuck with ut...@utc.edu to avoid the
>> domain/realm confusion with the big orange one.
>> 
>> I would advise you rig up your local .1X to authenticate with your
>> fully-qualified eduroam username, just so users can consistently login
>> with the same credentials (assuming you're not using eduroam for
>> production .1X).
>> 
>> Jeff
>> 
>> On 11/12/2012 6:11 PM, Julian Y Koh wrote:
>>> So we're looking at an eduroam deployment here, and one question that has 
>>> come up is one of credentials.  Here at NU, we have 2 identifiers - the 
>>> NetID and the alias.  All of the directories and the like are keyed off of 
>>> the NetID, which does not have to be the same as the alias.  Top-level 
>>> email addresses take the form @northwestern.edu.  
>>> 
>>> Under a basic default eduroam deployment, a user would use 
>>> @northwestern.edu as his/her username to authenticate to the 
>>> wireless network.  This is not 100% ideal from an end user point of view, 
>>> though, since that could potentially lead to some confusion since at least 
>>> here, netid rarely is the same as alias.  Obviously, at some schools, netid 
>>> = alias, so this is a moot point, but have other schools encountered 
>>> support/documentation issues because of this?  
>>> 
>>> As an alternative, has anyone looking into using a subdomain for the realm? 
>>>  i.e., @eduroam.northwestern.edu?
>>> 
>>> I tried going through the FAQs and documentation at 
>>> , and there is some mention of avoiding 
>>> subdomains at .  
>>> 
>>> Personally, I think with good enough documentation we should be able to do 
>>> the standard @northwestern.edu without a lot of trouble, but we also 
>>> need to do due diligence and explore these options.  :)
>>> 
>>> Thanks!!
>>> 
>> 
>> **
>> Participation and subscription information for this EDUCAUSE Constituent 
>> Group discussion list can be found at http://www.educa

Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Steve Bohrer

On Nov 12, 2012, at 6:39 PM, Lee H Badman wrote:

Does anyone keep stats on how much your Eduroam efforts get used?  
Like, other than just being in the club, is it really providing  
benefits that an easy-to-use guest network wouldn't? Not being  
snarky, but genuinely wondering.




Not actual stats, but we are so tiny that anecdote covers pretty much  
all of our cases. As it happens, last summer when we were first  
testing eduroam, and had it deployed only to one AP in our office, we  
got an email from a math prof who was going to a conference in  
Germany. The advance material they sent her suggested that eduroam was  
the best way to connect at the conference campus, and she wanted to  
know if we had that. So, we got her connected to on our test AP, and  
it worked for her in both Germany and Scotland. More recently, a few  
IT and Library staff used it at the EDUCAUSE conference. Thus, so far,  
only about 2% of our users have connected to Eduroam at a remote site.  
We've not noticed any eduroam guests here yet, but we are small and  
out of the way.


My sense is that in the US it is still very much in the chicken-and- 
egg stage: It is not so useful yet, because it is not so widely  
deployed; and thus no one feels the need to deploy it. However, looks  
like in Europe there is very solid coverage, so I assume that it is  
more heavily used there. I hope enough people deploy it to make it  
more widely useful here, but even if not, it's useful enough: I  
haven't really seen any downside to our deployment, as we already were  
doing 802.1x, so it was not much effort to change to a new SSID. Thus,  
even if the benefit is only for the occasional professor or student  
traveling overseas, it seems useful enough to cover the hassle of  
deployment.


(Also, being in the club seems pretty cool to me :-)

Steve Bohrer
Network Admin
Bard College at Simon's Rock
413-528-7645

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Jeff Kell
On 11/12/2012 6:39 PM, Lee H Badman wrote:
> Does anyone keep stats on how much your Eduroam efforts get used? Like, other 
> than just being in the club, is it really providing benefits that an 
> easy-to-use guest network wouldn't? Not being snarky, but genuinely wondering.

Well, again, I have a biased answer.  I think all of our (UT) campuses
have eduroam available.  If for no other benefit, it certainly makes
inter-campus visits much more pleasant to have working wireless when you
arrive :)  And guest access requests from other UT visitors have dropped
significantly.  Most of the issues where it doesn't work is due to the
visitor not having their device configured properly (certificate issues,
or Windows defaulting to computer authentication via AD).  We use
XpressConnect for our dot-1X setup, and it uses the same Radius server
as eduroam.  If you are setup for our dot-1X, eduroam will just work. 
If you are not, it probably won't.  The certificate checks are against
your home server, regardless of where you actually are connecting from.

I don't have accurate statistics at the moment as we are currently
dropping eduroam folks into a wireless role shared by another group or
two (plan to adjust that soon).

Jeff

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Steve Bohrer

In Nov 12, 2012, at 6:26 PM, Jeff Kell wrote:


I would advise you rig up your local .1X to authenticate with your
fully-qualified eduroam username, just so users can consistently login
with the same credentials (assuming you're not using eduroam for
production .1X).


Sorry, what's the benefit of "not using eduroam for production .1X"?  
For us it is a key feature that the same wifi setup our people use  
here on campus will "just work" with absolutely no changes at any  
eduroam campus. (Of course, it does take some extra user training to  
get them to include the domain for their eduroam login but not for any  
other on-campus logins, but having a different production SSID  
wouldn't help any on that.)


Steve Bohrer
Network Admin
Bard College at Simon's Rock
413-528-7645

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Lee H Badman
Does anyone keep stats on how much your Eduroam efforts get used? Like, other 
than just being in the club, is it really providing benefits that an 
easy-to-use guest network wouldn't? Not being snarky, but genuinely wondering.

Lee Badman



On Nov 12, 2012, at 18:27, "Jeff Kell"  wrote:

> Hey Julian,
> 
> We recently went through this after cranking up eduroam officially this
> past fall.  We have similar points of confusion, plus a bonus.
> 
> Our email addresses are first-l...@utc.edu unless there are conflicts,
> in which case we use a middle initial or a suffix.
> 
> Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
> where that came from don't ask me, it was back in the "no-SSNs" conversion).
> 
> The directory key / userID is in fact the UTCid, and is typically used
> as a login for everything.  It's also the Active Directory ID.
> 
> And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
> a "branch" of the state's tennessee.edu domain), so there's already some
> confusion as to using the tennessee.edu versus utc.edu.  Even worse...
> there are root forest entries for ut...@tennessee.edu as well as
> @utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
> and they're already taking tennessee.edu as local :( although they still
> take utk.edu as well.
> 
> So we more or less got stuck with ut...@utc.edu to avoid the
> domain/realm confusion with the big orange one.
> 
> I would advise you rig up your local .1X to authenticate with your
> fully-qualified eduroam username, just so users can consistently login
> with the same credentials (assuming you're not using eduroam for
> production .1X).
> 
> Jeff
> 
> On 11/12/2012 6:11 PM, Julian Y Koh wrote:
>> So we're looking at an eduroam deployment here, and one question that has 
>> come up is one of credentials.  Here at NU, we have 2 identifiers - the 
>> NetID and the alias.  All of the directories and the like are keyed off of 
>> the NetID, which does not have to be the same as the alias.  Top-level email 
>> addresses take the form @northwestern.edu.  
>> 
>> Under a basic default eduroam deployment, a user would use 
>> @northwestern.edu as his/her username to authenticate to the wireless 
>> network.  This is not 100% ideal from an end user point of view, though, 
>> since that could potentially lead to some confusion since at least here, 
>> netid rarely is the same as alias.  Obviously, at some schools, netid = 
>> alias, so this is a moot point, but have other schools encountered 
>> support/documentation issues because of this?  
>> 
>> As an alternative, has anyone looking into using a subdomain for the realm?  
>> i.e., @eduroam.northwestern.edu?
>> 
>> I tried going through the FAQs and documentation at 
>> , and there is some mention of avoiding 
>> subdomains at .  
>> 
>> Personally, I think with good enough documentation we should be able to do 
>> the standard @northwestern.edu without a lot of trouble, but we also 
>> need to do due diligence and explore these options.  :)
>> 
>> Thanks!!
>> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.


Re: [WIRELESS-LAN] eduroam question(s)

2012-11-12 Thread Jeff Kell
Hey Julian,

We recently went through this after cranking up eduroam officially this
past fall.  We have similar points of confusion, plus a bonus.

Our email addresses are first-l...@utc.edu unless there are conflicts,
in which case we use a middle initial or a suffix.

Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers,
where that came from don't ask me, it was back in the "no-SSNs" conversion).

The directory key / userID is in fact the UTCid, and is typically used
as a login for everything.  It's also the Active Directory ID.

And now the bonus...  the AD domain is in fact utc.tennessee.edu (we're
a "branch" of the state's tennessee.edu domain), so there's already some
confusion as to using the tennessee.edu versus utc.edu.  Even worse...
there are root forest entries for ut...@tennessee.edu as well as
@utc.tennessee.edu.  And of course UTK started the whole eduroam thing,
and they're already taking tennessee.edu as local :( although they still
take utk.edu as well.

So we more or less got stuck with ut...@utc.edu to avoid the
domain/realm confusion with the big orange one.

I would advise you rig up your local .1X to authenticate with your
fully-qualified eduroam username, just so users can consistently login
with the same credentials (assuming you're not using eduroam for
production .1X).

Jeff

On 11/12/2012 6:11 PM, Julian Y Koh wrote:
> So we're looking at an eduroam deployment here, and one question that has 
> come up is one of credentials.  Here at NU, we have 2 identifiers - the NetID 
> and the alias.  All of the directories and the like are keyed off of the 
> NetID, which does not have to be the same as the alias.  Top-level email 
> addresses take the form @northwestern.edu.  
>
> Under a basic default eduroam deployment, a user would use 
> @northwestern.edu as his/her username to authenticate to the wireless 
> network.  This is not 100% ideal from an end user point of view, though, 
> since that could potentially lead to some confusion since at least here, 
> netid rarely is the same as alias.  Obviously, at some schools, netid = 
> alias, so this is a moot point, but have other schools encountered 
> support/documentation issues because of this?  
>
> As an alternative, has anyone looking into using a subdomain for the realm?  
> i.e., @eduroam.northwestern.edu?
>
> I tried going through the FAQs and documentation at 
> , and there is some mention of avoiding subdomains 
> at .  
>
> Personally, I think with good enough documentation we should be able to do 
> the standard @northwestern.edu without a lot of trouble, but we also 
> need to do due diligence and explore these options.  :)
>
> Thanks!!
>

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.