Versions Compared

Old Version 54

changes.mady.by.user Stefan Winter (old account)

Saved on

compared with

New Version Current

changes.mady.by.user Stefan Winter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
# my eduroam SP in Antarctica

<Client 203.0.113.5>
      Secret                     adf7856asdcvxb5p
      Identifier                 icecold-radius
      AddToRequestIfNotExist     Operator-Name=1foo.aq,eduroam-SP-Country=AQ
      RequireMessageAuthenticator
</Client>

Note: the Operator-Name attribute has the character "1" preceding the domain name. This is intentional and required as per the corresponding RFC. Please always prepend the character "one" to the domain names of the operator.

...

Code Block
<Client etlr1.eduroam.org>
      IdenticalClients           etlr2.eduroam.org
      Secret                     (as negotiated with eduroam OT)
      Identifier                 etlr1.eduroam.org
      AddToRequestIfNotExist     eduroam-SP-Country=UNKNOWN
      RequireMessageAuthenticator
</Client>

Two additional clients are useful: one client for localhost, which can be used for local debugging purposes (and which doesn't need a strong secret); and the client which used for European FLR monitoring (negotiate the actual client address eduroam OT) at

Code Block
<Client 192.0.2.1>
        Secret                 (as negotiated with eduroam OT)
        Identifier             Monitoring-ETLR
        AddToRequestIfNotExist eduroam-SP-Country=NONE
        RequireMessageAuthenticator
</Client>

<Client localhost>
        Secret                   mysecret
        DupInterval              0
        AddToRequestIfNotExist   eduroam-SP-Country=NONE
        RequireMessageAuthenticator
</Client>

Note: all the Identifier names in the configuration need to be unique, and should be meaningful to you, the server operator.

...