The SSID is eduroam in lower case.

Username and password

The username and password comes from your remote access account (used for IT Services VPN and OWL).

Note: This is not your Oxford SSO account.


The authentication domain is If prompted for an Outer or Roaming Identity (may also be known as Anonymous Identity) specify (nothing in front of the @ sign).

Wireless type

The device must support WPA2-Enterprise.

The device should automatically switch between WPA/TKIP and the newer WPA2/AES (which may be called WPA2-Enterprise on the device) based on what the access point it connects to is serving. Some clients (e.g. MS Windows) do not do this and hence require two profiles, one for each type.

The EAP type is 'PEAP', if asked for a sub authentication type use EAP-MSCHAP v2.

The root certificate authority is "AddTrust" which may be listed as "AddTrust External CA Root".

RADIUS servers

If asked, the RADIUS server to authenticate against is:


  1. Check that a typo such as '' hasn't been used.
  2. Check that the remote access password is being used, not the SSO account.
  3. Check that the certificate is set correctly.
  4. Check that the username is of the form and not an email address.


Written by IT Services. Latest revision 24 April 2017