eduroam

Interesting Troubleshooting Cases, Part 3 - Breaking other Wi-Fi

Interesting Troubleshooting Cases, Part 3 - Breaking other Wi-Fi

Note: This article is part 3 of a 4-part troubleshooting series, with more in-depth information about a TEN talk at WLPC.
Part 1 - The RADIUS connection
Part 2 - Zoom issues
Part 4 - The suddenly weaker Wi-Fi
Video recording from WLPC Prague

Incoming Ticket: I have installed eduroam via the configuration assistant tool (CAT) on macOS without issues and eduroam connects flawlessly.
But now my home network does not work anymore. After deleting the CAT profile my Wi-Fi at home works again. Is this a known issue?

Now, my first reaction to this was “What?!” as this sounds just impossible.

If you don’t know CAT, this is a tool that provides onboarding for eduroam, with executables (Windows), Scripts (Linux), Apps (Android), and mobileconfig files (macOS, iOS), not doing more than telling your device how to correctly configure for eduroam, so it is secure. It is basically justa sort of MDM for eduroam.

It does normally not delete SSIDs (though some installers can, if instructed to), and does not mess with IP settings, DNS settings, Adapter settings, or anything else. We have thousands of installs of the macOS .mobileconfig, so you would think that if it did mess up settings, there would be more clients raising issues.

Interesting Troubleshooting Cases, Part 1 - The RADIUS Connection

Interesting Troubleshooting Cases, Part 1 - The RADIUS Connection

Note: This article is part 1 of a 4-part troubleshooting series, with more in-depth information about a TEN talk at WLPC.
Part 2 - Zoom issues
Part 3 - Breaking other Wi-Fi
Part 4 - The suddenly weaker Wi-Fi
Video recording from WLPC Prague

Incoming Ticket: I’m a student from Institution X in the same town. I am visiting your library and I can’t connect to eduroam here. It works fine on the campus of Institution X.

If you are not familiar with eduroam, it is a worldwide network of Universities, granting each other wireless access.

eduroam is built in a tree-like structure:

tree-like countries

If you as an institution receive an authentication request from a foreign user, you will forward it to your country root - you only talk directly to your root. This root will either know where to forward it - if it is in the same country - or forward it to his root, which knows all countries. Upon being received by the correct country root, it will arrive at the right institution.