Zahlavi

eduroam

Introduction

The eduroam project was developed as a part of the TF-mobility program of the TERENA association. Its idea is to enable transparent use of networks of member organizations. Users can connect their devices as guests in host organization using credentials provided by their home organization. Remote authentication via Internet is provided through a secured encrypted channel.

Remote authentication is done by hierarchically connected radius servers. Each home organization must have its own radius server connected to a national proxy radius server. CESNET is maintaining the Czech national server. Information on eduroam policy and a list of connected organizations can be also found there. Membership of states is covered by eduroam.org.

The usual way of connection is wireless by connecting to network named eduroam. Host organization can set rules and restrictions for network usage. For security reasons the use of network is logged.

Getting credentials to connect to eduroam

Each organization maintains its users accounts. For identification reason the username includes the organizations realm, i.e. @ujf.cas.cz in the case of NPI, then full identity (login) for connection to eduroam would be user@ujf.cas.cz.

Rules for using eduroam are defined by the roaming policy, which includes, but is not limited to these following rules:

  • Users are bound to comply with the roaming policy of the host and home networks as well as the Acceptable User Policy of the CESNET academic network.
  • Users have to respond immediately to the network administrators requests and instructions.
  • Users are responsible for the abuse of his/her credentials, allowing them to access the network.


According the principles of the Acceptable User Policy of the CESNET academic network, users must not use this network for activities that:

  • Enable or try to gain unauthorized access to the resources of connected networks.
  • Violate intellectual property rights.
  • Negatively affect the network or its services, prevent users from accessing these services.
  • Excessively use network resources.
  • Destroy data stored on computers and other network devices.
  • Limit users' privacy.


For security reasons, NPI credentials are maintained independently from other systems. Employees interested in using eduroam have to send an e-mail confirming that they have familiarized themselves with this page and the eduroam roaming policy. Then they will obtain their credentials.

Setting up the computer to connect to eduroam

In order to ensure security, you have to install and configure a certificate CA. Certificate enables you to verify that you are connecting to right server. It is strongly recommended to use the eduroam Configuration Assistant Tool.

Eduroam CAT for mobile devices can be installed from the appropriate store

        iPhone/iPad     Apple App Store (iOS)
  Android Adroid Apps (Google Play)

Note: If you have to fill in the Anonymous Identity field, please use your username again (user@ujf.cas.cz.)

Download certificates:

Note: You do not need a personal certificate to use eduroam.

Access points

Only wireless connection is available. Technical parameters of NPI access points:

  • SSID (wi-fi network name): eduroam
  • Authentication type: 802.1x (EAP)
  • Security method: WPA2
  • Encryption type: AES
  • IP addresses: IPv4, non-public, NAT
  • Device vendor: Cisco


Some outgoing services may be blocked by our firewall, the access to local area network is also limited.

Eduroam coverage in NPI

  • Administration Building (No. 351) - 2nd floor (Department of Theoretical Physics) and rooms No. 223, 222B, 222C, 113 (Meeting room).
  • Building No. 274 - Department of Nuclear Spectroscopy – 1st floor Meeting room (No. 202)
  • Building no. 275 - Department of Neutron Physics – Ground floor Meeting room (No. 101)
  • Building No. 231 – Meeting room (No. 116) and rooms No. 112, 114, 117, 118.
  • Department of Radiation Dosimetry (Bulovka) – 1st Floor Meeting room (No. 116)


You can find a list of all places with connection in the Czech Republic at www.eduroam.cz.

Go to monitor.eduroam.org for a list of sites connected worldwide.

Name „eduroam“ and eduroam logo are registered trademarks of the TERENA.

Information for guests

Three basic requirements must be fulfilled if you want to connect to eduroam:

  • Your home organization must be connected to eduroam.
  • You must have your account in your home organization, which is used for connection to eduroam. Usually it is name and password or name and certificate. It depends on your home organization. Please, read information about eduroam at your home institution.
  • You must have your mobile computer set up for connection to eduroam. Only wireless connection is available. Please, refer to your home organization’s instruction how to set up your computer.


The basic rules to be followed are described in the Eduroam Username and Password section above.

For more information about eduroam go to the following sources:

IT information