Getting involved in eduroam

In order to get your institution connected to eduroam you need to agree with our policy and make your LAN 802.1X enabled. Follow the steps below to join eduroam.ma:

1. Build your infrastructure 802.11 and broadcast ” eduroam” SSID on your home campus;

2. You need a RADIUS server to provide authentication services 802.1X. Popular choices are :

      > FreeRADIUS

      > Radiator

      > Cisco ACS

3. Choose an authentication type

To encrypt your user name and password, your home institution may choose either the open standard EAP/TTLS or Microsofts' solution EAP/PEAP or you can use the EAP/TLS with certificate.

The differences between this authentication types are listed in the following sheet :

EAP-Type Inner Password Notes
PEAP MSCHAPv2 MSCHAPV2 can only be implemented with clear-text password stored in the database. It can be implemented on Microsoft Windows clients without a party supplicant.
TTLS PAP,CHAP,MSCHAPv2 Works with MacOS X and Linux natively. MS Windows users can use the SecureW2 Supplicant.
TLS Certificate Only Use certificates for both user and server.

You are not necessarily limited to use only one authentication type if your RADIUS service can support multiple types simultaneously.

4. Contact eduroam.ma team.

If your institution would like to join the eduroam service, use the peering request form and complete the necessary requirements.

The eduroam.ma team will verify the identity of your request and will provide you with a shared secret and a test account.

5. Test the connectivity with the help of the eduroam.ma team;

6. Finally, sign the eduroam.ma  policy.