UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
...
You are required to pop a Chargeable-User-Identity request into your Access-Requests. If you are unable to do this, your uplink can potentially do this. The UK OpenRoaming proxy does this by default.
If using NPS as your RADIUS server for password-based authentication, you *must* add the user 'anonymous' into your Active Directory instance, but you can disable it (it must merely exist). Recent versions of Android will use the word 'anonymous' followed by your realm name as the so-called Outer Identity for tunnelled methods (such as EAP-TTLS or PEAP), and NPS will reject any authentication attempts from Android devices if the 'anonymous' user cannot be found in Active Directory.
Beacon Settings
In order to signal that eduroam users are welcome, a set of these RCOIs can be used. Below are two common choices. Note that the SSID for the network is then arbitrary but SHOULD NOT be "eduroam" as there are known side-effects on supplicants when the network configuration matches both by SSID and by RCOI.
...