Skip to main content
Status Page Contact Us
AARNet Home

What is the eduroam AU AdminTool?

  • Updated

Terminology used

National roaming operator (NRO): The national organisation in charge of overseeing and co-ordinating eduroam. For Australia, the NRO is AARNet.

eduroam global database: Provides information about eduroam participants to all national roaming operators.

eduroam AdminTool public interface: A simplified UI for users to look up details of eduroam networks.

About the eduroam AU AdminTool

Users, other eduroam participants, and national roaming operators all might require information about your eduroam deployment. 

For example, tech support staff might need access to connection settings so that they can guide visitors through connecting to eduroam at your institution.

Because of this need for correct and up-to-date information, part of the agreement that your organisation signs is to regularly update that information.

The eduroam AU AdminTool is your interface for adding and updating this information. 

Note: No security sensitive information is stored in the AdminTool. The fields for RADIUS server secrets and institutional test account passwords are locked, and only a default value is stored in the AdminTool database.

Data sharing

A subset of data entered into the AdminTool is shared globally. 

How the AdminTool works

When you update your institution’s data in the AdminTool, it creates an XML file containing all relevant information. The eduroam Global Database imports any changed XML files every day.

Log in to the AdminTool

As an administrator, you can access the AdminTool using:

Register as an administrator

  1. Open the AdminTool.
  2. Click Manage.
  3. Select a login type.
  4. Enter your credentials.
  5. Select the institution that you want to administer.

AdminTool will send an email to the NRO administrator, who is responsible for activating institutional administrators.

Once the NRO administrator has activated your account, you’ll receive a confirmation email.

First AdminTool use as administrator

  1. Open the AdminTool.
  2. Click Manage.

If the AdminTool has no previous information about your institution, it will display a page indicating this institution has no data and needs to be populated from scratch.

Otherwise, it will display existing details for your institution.

Click a location icon to view information already entered for that location.

Populate eduroam deployment data

eduroam requires these categories of data:

  • Institution: basic information about your institution, including its name, whether it’s a Service Provider, Identity Provider, or both, main office address, and links to user information.
  • Location: address of each campus, the name of the SSID used in each, and any differences to the wireless service.
  • Server: function, port, and protocol used for each RADIUS server.
  • Realm: at least the primary internet domain for the institution, and which servers each realm proxies to.
  • Monitored realm: details of a test account that eduroam can use to track service reliability and functionality.
  • Contacts: administrator and technical support contact information. 

Edit your institution information

  1. Click Institution in the side menu.
  2. Enter the street address for the institution’s main campus or administrative centre.
  3. Click + Add under Contacts to add a technical support or administrator. This information is used by eduroam and the NRO.
  4. Add links to the institution’s publicly-available eduroam information page, acceptable use policy, and any other links useful to users (for example, technical support).
  5. In Institution Type, enter one or two integers, separated by a comma. See GEANT’s documentation of Location Type for the most common codes to use.
  6. Enter the primary internet domain name that your institution uses. For example, www.educator.edu.au.
  7. Enter an estimated number of people that will be using the eduroam service at your institution at one time.
  8. Enter the estimated number of people that will be assigned eduroam IDs from your institution.
  9. Click Apply.

Add a location

  1. Click Locations in the side menu.
  2. Click + Add a new location under the list of existing locations.
  3. Enter the address or latitude and longitude.
  4. Enter a name for the location. This will be displayed in eduroam user resources like the Configuration Assistant Tool (CAT).
  5. Select an option from Physical availability.
  6. If the service is only available during specific hours, enter the hours of availability in Operation Hours.
  7. In Location Type, enter one or two integers, separated by a comma. See GEANT’s documentation of Location Type for the most common codes to use.
  8. Enter the SSID that your wireless access point uses. This is typically eduroam.
  9. Select all encryption standards in use at the location.
  10. Tick any applicable tags.
  11. If this location has different policies or support to the main institution, add links.
  12. Click Apply.

Add a server

RADIUS servers can be configured to operate as:

  • Service Providers (SP), proxying all requests to the National RADIUS Servers.
  • Identity Providers (IdP), authenticating local realms. 

To add a server to the AdminTool:

  1. Click Servers in the side menu.
  2. Click Add new server under the list of existing servers.
  3. Select a server type. This should be a Service Provider, an Identity Provider, or both.
  4. Select the IP address family in use.
  5. Enter the IP address or domain name for the server.
  6. Enter a descriptive name for the server. AdminTool will use this in server lists.
  7. Select the packet types that the server will handle.
  8. To allow eduroam to ping the server to check its status, tick Status-Server.
  9. Select the protocol used by the server.
  10. Click Apply.

Add a realm

  1. Click Realms in the side menu.
  2. Click Add new realm under the list of existing realms.
  3. Enter the domain name for the realm.
  4. Select the servers that this realm will proxy to.
  5. Click Apply.

eduroam monitoring

eduroam’s NROs conduct infrastructure monitoring to ensure a reliable and high-quality service for users. To enable this monitoring, eduroam participants are required to provide a test account on their realms.

Naming convention

A test account for specific realms – or a single test account that will work with multiple realms – should take the name eduroam-test@realm.

The authentication protocols supported should also be specified. We recommend that you support and recommend PEAP/MSCHAPV2 protocols for users. A challenge-response protocol provides an additional layer of security in case of rogue APs or RADIUS servers.

Add a test account to a realm

  1. Click Monitored realms in the side menu.
  2. Click Add monitored realm under the list of existing realm test accounts.
  3. Enter the domain name for the realm.
  4. Select the servers that this realm will proxy to.
  5. Click Apply.
  6. Click edit next to the new realm entry in the Parameters column of the Monitored realms list.
  7. Select EAP protocols to use. These protocols must be enabled on the server.
    AARNet recommends PEAP/MSCHAPv2 protocols to provide an extra layer of protection to the test account.
  8. Click Apply.

Add a technical contact

eduroam requires at least one technical contact for each institution. This must be a person, though group accounts (for example, a technical support help desk account) may also be added.

To add a contact:

  1. Click Contacts in the side menu.
  2. Click Add new contact under the list of existing realms.
  3. Enter the person’s name.
  4. Enter the person’s email address and phone number.
  5. Click Apply.

XML file provided to global database

The XML data that the AdminTool outputs to eduroam’s global database is a subset of the data that you enter for your institution. It provides information for:

  • Users that need to know about your eduroam service
  • eduroam to ensure that service quality is upheld. 

As this data provides contact information, access to the institutional data file is restricted to the global eduroam database ingest service and AARNet internal servers.

If you wish to have a copy of the XML data for your institution, please email a request to support@eduroam.edu.au.

Example XML data for AARNet (with contact info removed):

<institutions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="institution.xsd">
<institution>
<instid>2b023ffb5a9b4e699352cc76a79df02a</instid>
<ROid>AU01</ROid>
<type>IdP+SP</type>
<stage>1</stage>
<inst_realm>aarnet.edu.au</inst_realm>
<inst_name lang="en">AARNet</inst_name>
<address>
<street lang="en">Level 7, Tower A, 799 Pacific Highway</street>
<city lang="en">Chatswood NSW 2067</city>
</address>
<inst_type/>
<contact>
<name>…</name>
<email>…</email>
<phone>…</phone>
<type>0</type>
<privacy>0</privacy>
</contact>
<contact>
<name>…</name>
<email>…</email>
<phone>…</phone>
<type>0</type>
<privacy>0</privacy>
</contact>
<info_URL lang="en">http://www.eduroam.edu.au/</info_URL>
<policy_URL lang="en">http://www.eduroam.edu.au/eduroam_AU_policy_v4.1.pdf</policy_URL>
<ts>2020-06-05T01:46:52.597085+00:00</ts>
<location>
<locationid>bd82583ba0f64863ba0794aedd90cd5a</locationid>
<coordinates>151.20172262,-33.88380346</coordinates>
<stage>1</stage>
<type>0</type>
<loc_name lang="en">AARNet Sydney - UTS</loc_name>
<address>
<street lang="en">15 Broadway, Ultimo (Level 10, Building 1 UTS)</street>
<city lang="en">Ultimo NSW 2007</city>
</address>
<SSID>eduroam</SSID>
<enc_level>WPA2/AES</enc_level>
<AP_no>2</AP_no>
<tag>IPv6,NAT</tag>
<availability>0</availability>
</location>:
<location>
:
</location>
</institution>

Related articles