Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
eduroam and machine authentication
If you want to do machine authentication for local access, the SSID is yours, so treat it like you would treat
any other SSID on campus.
For machine authentication, I know that University of Tennessee used a lot of AD Group Policies to accomplish Machine Authentication,
while maintaining user authentication at the same time (the machine can jojn the network to talk to AD on its own but each user has to authenticate independently
to access the functionality of the machine).
As Anders mentioned, if you give access to those machines with a REALM, empowering them to travel to other eduroam locations, make sure that someone is responsible for their usage.