Hi, I would like to connect mikrotik to eduroam wireless network and then share it via ethernet using nat. I would prefer if every connected client had to authenticate himself from his computer, but if I couldn’t be done this way, it would be ok to authenticate just in the mikrotik device. Can somebody help me? Thanks.
Some more details would be helpful for us to point you in the right direction.
The Mikrotik is a router, so as long as you LAN is all on layer2 what you are looking to do is going to be very easy to get up and running at first and then you can fine tune it form there. What you are specifically looking for is the hotspot functionality in the MikroTik. It will display a login page to each unique end user and require them to enter in a user name and password to get online. You can also try using PPPoE if you have a static user base.
As far as how you want to mange the user database that’s up to you. If you only have one or two locations you want to set this up on, then local authentication works just fine, however if you want to roll this out to several locations you will want to look into some form of centralized management solution, namely Radius works very well for this. This way you only have one database to maintain and one place to go to make changes. There are several free options for Radius and several pay options, what you choose depends on what kind of services you want to offer.
Sorry, I thought people here will know what eduroam is 
http://www.eduroam.org/
http://en.wikipedia.org/wiki/Eduroam
So I have an existing network.
I would like to use it also in my dormitory, which is not so far from university. I have Mikrotik RB133 and I would like to use it to be able to access the network for me and my roommate. I would prefer each to use his own login information, but if this is not possible, it would be ok to just authenticate in mikrotik as one of us and the share the connection using nat. Problem is that I don’t have much experience with mikrotik devices and don’t know how exactly configure this.
http://wiki.mikrotik.com/wiki/Manual:Wireless_AP_Client
You can then try to bridge your WLAN and Ethernet ports together. I’m not sure if it will pass on the appropriate layer2 information over the wireless link though, so you will probably be better setting it up so that it will route your traffic out of the wireless card and using NAT.
http://www.eduroam.org/index.php?p=faq#technology
In eduroam, communication between the access point and the user’s home institution is based on IEEE 802.1X standard
http://www.eduroam.org/index.php?p=faq#captive
Does eduroam use a captive portal for authentication?
No. Web Portal, Captive Portal or Splash-Screen based authentication mechanisms are not a secure way of accepting eduroam credentials, even if the website is protected by an HTTPS secure connection. The distributed nature of eduroam would mean that many different pages, languages and layouts would be presented to eduroam users making it impossible to distinguish between legitimate and bogus sites (even a consistent layout can be mimicked by an adversary).
eduroam requires the use of 802.1x
According to their FAQ eduroam doesn’t permit anything but 802.1x and explicitly rules out Hotspots. RouterOS doesn’t do wired 802.1x at all, so that’s out. Wireless is your only option.
You’d need a RADIUS server that is set up as a service point with eduroam as per their requirements, or access to such a RADIUS server. That’s entirely outside of RouterOS and has nothing to do with the NAS, and is by far the hardest part of all this. Once you have the RADIUS server set up you’d follow the manual as below:
http://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#RADIUS_EAP_pass-through_authentication - set up WPA/WPA2 with EAP passthrough to the RADIUS server
http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client - set up the RouterBOARD as a NAS for wireless services to the RADIUS server
OK, so I decided to use nat, but at first I wanted just to connect to eduroam and try at least ping somewhere from mikrotik, but it doesn’t connect. I am attaching few screenshots, are the settings ok?
In screenshots I’ve removed supplicant identity - there I have what I am entering as username when logging in from windows - in format user@server…
and secret in radius server settings - there I have what I am entering as password when logging in from windows
Radius server address is ip of radius1.feld.cvut.cz
Login instructions on website of my home university: http://www.feld.cvut.cz/user-info/eduroam/ (it is in czech, so I am not sure if anybody will understand, maybe try google translate 
)
bump
bump