eduroam - Setup for Windows NPS

 

Windows NPS Config

 

      - we will need to set up the NPS server for local, external access for local users and local access for remote users.

 

       - Setup the 2 external radius servers from eduroam as "Radius Clients".

-   tlrs1.eduroam.us

- tlrs2.eduroam.us 

set the "Shared Secret" and remember them so you can add them on eduroam's webpage later on.

   - Set up the "Group Server" under "Remote Radius Server Groups".... set the name to "eduroam" and add eduroams servers.

 

  Next set up the "Connection Request Policies"

• "eduroam - School"  - will be triggered for local users that are authenticating FROM School's network.

• "eduroam - USTopLevel"  -  triggered for local users that are authenticating FROM a EXTERNAL eduroam members network.

• "eduroam - external"    - will be triggered for non-School domain users that are authenticating FROM School's network.

•  This profile you will be forwarding to the "Remote Radius Server Group" labeled "eduroam"

 

        - THESE POLICIES NEED TO BE IN THIS ORDER.... you will get a "domain loop" error from eduroam if you have them messed up.

- Below for the “eduroam-External” Policies we are dropping users on a specific vlan, in this case we are dropping them on VLAN 10 (school’s guest network).

•  Now Setup the "Network Policies"

• Each Network Policy is pretty much the same.. The only difference is”

•  Condition: “Windows Groups” 

• Settings :  “Filter-ID”