Access procedure
The access procedure for the eduroam network complies with the IEEE 802.1X standard. The identity of a user is verified on the authentication server at the user's home institution.
Members of BTU Cottbus-Senftenberg can log in to the BTU eduroam network (or a guest institution participating in the eduroam service) using one of three EAP methods: EAP-TLS, PEAPv0 or EAP-TTLS/PAP. Each user can decide for themselves which of these three methods they would like to use. The recommended order of priority is shown in the following list:
1. EAP-TLS (recommended as the most secure method):
- The authentication server is authenticated on the client using an SSL certificate (server certificate).
- The user is authenticated using an SSL certificate (user certificate).
2. PEAPv0:
- The authentication server is authenticated on the client using an SSL certificate (server certificate).
- The user is authenticated using their username/password (central BTU account).
- The account data is transferred in a secure TLS tunnel using MSCHAPv2.
3. EAP-TTLS/PAP:
- The authentication server is authenticated by the client using an SSL certificate (server certificate).
- The user is authenticated using a username/password (central BTU account).
- The account data is transferred in a secure TTLS tunnel using PAP.
Each of these three methods requires a so-called 802.1X supplicant on the user's PC. This is often already part of the operating system on current devices.
All settings for accessing the eduroam network at a glance:
| EAP-TLS | PEAPv0 | EAP-TTLS/PAP | |
|---|---|---|---|
| 802.1X- settings |
|
|
|
| |||
| Authentication server: burg.sbone.b-tu.de Associated root certificate:
| |||
| Wi-Fi settings | SSID/network name: eduroam Network type: Infrastructure Authentication/encryption: WPA2/AES | ||
| Network settings | Obtain IP address and DNS server address automatically (via DHCP) | ||