Eduroam(UK) Service: Information for end users

eduroam logo Eduroam(UK) (Formerly known as JANET roaming) is a system whereby users visiting participating sites can authenticate to the network using the credentials of their home institution. BioSS operates Eduroam(UK) as a "Home Site", that is registered BioSS users can authenticate to wireless networks offering the "eduroam" SSID.

Eduroam(UK) is available at a variety of locations worldwide. In the UK, review the map of participating organisations to see where eduroam is available. Click on the "radio mast" icons to see the status of the service

Using Eduroam(UK) at HQ

Fortunately the University of Edinburgh provides wireless coverage including eduroam over the BioSS corridor and in the coffee shop at the end of the corridor

Conditions of use

All BioSS users who use Eduroam(UK) must comply with the conditions of use. These are as follows:

  1. Be a member of staff, a student or a BioSS associate
  2. Comply with the BBSRC Code of practice covering use of computer facilities and communications systems and the relevant BioSS local amendments. These are the computing documents you signed when joining BioSS.
  3. Comply with the Eduroam(UK) conditions of use
  4. Read the Eduroam(UK) end-user documentation

Client Setup: Eduroam CAT

The Eduroam CAT service provides installers for most major operating systems and devices. All you need to enter is your Eduroam ID (in the form USERNAME@bioss.ac.uk) and your normal password. This is now the preferred method for install on mobile devices as the Eduroam CAT tool is available in the app store for both Android, Apple and Windows Mobile devices.

Users on desktop machines can download the relevant installers here

Client Setup: Other Devices

The BioSS implementation of Eduroam(UK) Home support should enable most devices to connect. The configuration options required are given below. Alternatively, you may use the Eduroam CAT configuration utilities; simply search for "BioSS" to download an installer for your platform.

Option name Value Notes
BioSS CA certificate file Various devices need certificates in particular formats:
PEM (Most common)
If your device is not specifically listed below, try this certificate format first
CRT (Android)
Click the link and follow the prompts to install the certificate in your device. Then, when setting up Eduroam make sure you select this certificate as the "CA certificate"
DER (Windows)
Most devices will use the PEM certificate. This cert is necessary to verify your device is actually talking to BioSS and not an impostor
Wireless SSID eduroam Ensure you connect to this network if you are trying to use Eduroam. Institutions may offer several networks with differing policies and Windows will connect to them at random
Wireless security method WPA2 or WPA with any cipher This is the responsibility of the institution you are visiting. WPA2 is the strongest so use that if available.
Authentication method EAP/TTLS-PAP, PEAPv0/MSCHAPV2. You will need the PEAPv0/MSCHAPV2 if using the built-in windows supplicant.
Authentication server radius.bioss.ac.uk This is the server to which authentication requests will be sent. Having the client know this is useful for detecting "impostor" servers.
Validate server Yes If possible, you should set this option. This will ensure that your supplicant only talks to the RADIUS server configured by BioSS and not an impostor.
Outer identity anonymous@bioss.ac.uk If prompted, enter this. This stops the wireless network operator from seeing our usernames. Such information is mildly advantageous to an attacker so it is good practice to hide it if you can.
Inner identity (yourusername)@bioss.ac.uk This is what you will actually try to authenticate. Windows's default supplicant does not allow you to set outer and inner identity values explicitly. If you are prompted for identity only once, this is the value you should enter

In due course instructions will be provided for other devices and Linux machines but in the meantime configuring any device other than a Windows XP Service Pack 3 or Windows 7 laptop is left as an exercise for the reader. Most common devices will have good online instructions though: for example see these excellent instructions for iPhones and iPod Touch devices from OUCS.

Remote Working

Once you are connected, you may wish to look at the thunderbird setup instructions for remote users

JunOS Pulse VPN

You may also install the client to access licence servers and the like. This is installed by default on BioSS-provided laptops but you can put it on non-BioSS machines too. Clients exist for the following:

Windows

There are two installers you can use:

In addition, you may also download the Pulse Secure Installer service. This allows non-administrative users to receive updates to the VPN. Most users will not require this.

MacOS X
MaxOS JunOS installer DMG

Unless explicitly stated otherwise, all material is copyright © Biomathematics and Statistics Scotland. Biomathematics and Statistics Scotland (BioSS) is formally part of the James Hutton Institute, a registered Scottish charity No. SC041796 and a company limited by guarantee No. SC374831, Registered Office: JHI, Invergowrie, Dundee, DD2 5DA, Scotland