The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Workman, John R" <john.workman AT mnsu.edu>]

Requiring an anonymous outer identity seems to help with this, if your RADIUS can be configured to require it.

Many platforms restrict the Wi-Fi connection properties to be very simple and do not easily permit entering the outer identity without using a configuration file.

On 3/29/19 10:19 AM, Per Mejdal Rasmussen wrote:

At my university many student devices are not configured to verify the radius server certificate, despite we for many years have told the students to use the CAT tool.

As a consequence we will make system that generates unique credentials per device. Where each username/password pair is locked to a specific mac address.

This will make it impossible to reuse stolen eduroam credentials for other systems, and make it very hard to use stolen credentials on other devices.

I was wondering if anyone else has made a similar system, or know of a system you can buy for that purpose?

The reason we don't just use device certificates, is that it is not as widely supported as username/password in devices.

--

John Workman (john.workman AT mnsu.edu) 
Networking Engineer 
Information and Technology Services 
Minnesota State University, Mankato 
3010 Memorial Library 
Mankato, MN  56001 
Office: 507-389-1337 
Mobile: 507-514-0604 
Fax: 507-389-6115