Hey Julian, We recently went through this after cranking up eduroam officially this past fall. We have similar points of confusion, plus a bonus.
Our email addresses are first-l...@utc.edu unless there are conflicts, in which case we use a middle initial or a suffix. Our official "UTCid" is a rather arbitrary string (3 letters, 3 numbers, where that came from don't ask me, it was back in the "no-SSNs" conversion). The directory key / userID is in fact the UTCid, and is typically used as a login for everything. It's also the Active Directory ID. And now the bonus... the AD domain is in fact utc.tennessee.edu (we're a "branch" of the state's tennessee.edu domain), so there's already some confusion as to using the tennessee.edu versus utc.edu. Even worse... there are root forest entries for ut...@tennessee.edu as well as @utc.tennessee.edu. And of course UTK started the whole eduroam thing, and they're already taking tennessee.edu as local :( although they still take utk.edu as well. So we more or less got stuck with ut...@utc.edu to avoid the domain/realm confusion with the big orange one. I would advise you rig up your local .1X to authenticate with your fully-qualified eduroam username, just so users can consistently login with the same credentials (assuming you're not using eduroam for production .1X). Jeff On 11/12/2012 6:11 PM, Julian Y Koh wrote: > So we're looking at an eduroam deployment here, and one question that has > come up is one of credentials. Here at NU, we have 2 identifiers - the NetID > and the alias. All of the directories and the like are keyed off of the > NetID, which does not have to be the same as the alias. Top-level email > addresses take the form <alias>@northwestern.edu. > > Under a basic default eduroam deployment, a user would use > <netid>@northwestern.edu as his/her username to authenticate to the wireless > network. This is not 100% ideal from an end user point of view, though, > since that could potentially lead to some confusion since at least here, > netid rarely is the same as alias. Obviously, at some schools, netid = > alias, so this is a moot point, but have other schools encountered > support/documentation issues because of this? > > As an alternative, has anyone looking into using a subdomain for the realm? > i.e., <netid>@eduroam.northwestern.edu? > > I tried going through the FAQs and documentation at > <http://www.eduroamus.org/>, and there is some mention of avoiding subdomains > at <http://www.eduroamus.org/node/29>. > > Personally, I think with good enough documentation we should be able to do > the standard <netid>@northwestern.edu without a lot of trouble, but we also > need to do due diligence and explore these options. :) > > Thanks!! > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
