Information for eduroam Administrators

A reference for IT administrators setting up and managing eduroam at their institution.

1. What is eduroam?

eduroam is a secure, worldwide roaming access service developed for the international research and education community. It allows users from participating institutions to obtain Internet connectivity at other participating institutions.

2. How do we join eduroam?

To join eduroam, your institution needs to become a member of the national eduroam federation (KENET). Contact the national eduroam coordinator of Kenya (KENET) for specific steps and requirements.

3. What are the technical requirements?

  • A RADIUS server for authentication
  • Wireless network supporting WPA2-Enterprise
  • Firewall rules and IP address management

4. How do we configure our RADIUS server?

  • Install and configure a RADIUS server
  • Integrate with your institution's identity management system (e.g., LDAP, Active Directory)
  • Configure communication with the national eduroam federation's RADIUS server

5. What security measures should be implemented?

  • Use strong encryption (WPA2-Enterprise)
  • Regularly update and patch your systems
  • Monitor network traffic for suspicious activity

6. How do we provide support to our users?

  • Create clear documentation for connecting to eduroam
  • Offer technical support through your institution's IT helpdesk
  • Educate users on safe network practices

7. Authentication logs and privacy

  • Keep authentication logs per institution and national federation policies
  • Ensure compliance with the Kenya Data Protection Act 2019
  • Inform users about data collection practices and their rights

8. How can we troubleshoot common issues?

  • Ensure your RADIUS server is reachable and correctly configured
  • Verify that the user's credentials are correct and active
  • Check the compatibility of user devices with WPA2-Enterprise

9. Can eduroam work with captive portals?

No, eduroam does not work with captive portals. eduroam requires direct access to the network without any intermediate web-based login pages.

10. Email account requirements for Kenya

Email accounts used for eduroam authentication MUST end with a .ke domain, such as .ac.ke, .or.ke, .sc.ke, .go.ke, etc.
For non-country-code TLD (non-cTLD) domains such as .edu, .org, or .com, institutions are added to the eduroam infrastructure via NAPTR+SRV DNS records pointing to the KENET RADIUS proxy.