The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> ·         Is it possible to control if the “Connect even if the network
> is not broadcasting its name (SSID)” checkbox is checked? Since we
> always broadcast the SSID of eduroam there is no need for that setting
> to be enabled.

Most eduroam hotspots broadcast the SSID; which is not surprising
because it's required in the policy :-)

However, there might be some ill-advised deployments which hide the SSID
anyway. If the "hidden" checkbox is unchecked, your users will not
receive eduroam service at these locations, which would be a pity.

Threfore, CAT-generated installers always set the "also if hidden" checkbox.

I understand that this checkbox occasionally gets some beating over
being privacy-leaking; after all the user's machine will merrily tell
every access point on the planet that it is configured for a network
called "eduroam". However, I find this particular "privacy leak"
extremely minimal, as this network is something that millions of people
have configured on their machine; and it merely reveals that the box
belongs to someone who is working/studying in the education sector. The
privacy concerns about leaking configured SSIDs with the "hidden" flag
much more applies to private-use SSIDs; e.g. if someone at home has an
SSID "MY_PRIVATE_PORN_VAULT" then leaking this SSID could be somewhat
embarrassing :-)

> ·         I also wonder if it’s possible to add a custom text field to
> the Windows and Mac configurators in the wizard where you can describe
> how they should type their credentials and where they can get them?
>
> In our case you type 
> “username/ppp AT SU.SE”
>  and that’s not easy to know
> for the users. See picture “eduroam-win7-1.jpg”

We have an area for that in the download area; not in installers. This
is something you can configure in the Installer Fine-Tuning page as
"Fine-tuning options for EAP-Type". See the CAT manual for institution
admins, near the end of chapter 4 ("Generating Installers for my
users"). The link to the manual is

https://confluence.terena.org/x/fgBYAg

If such texts are configured, they are shown on top of the final
"Download" button on the web interface. That's probably not as catchy as
showing it in the installers though.

At least for the windows and Linux installers, it would also make sense
to display it inline. I wonder what the Windows/Linux installer
developre, Tomasz Wolniewicz, thinks about this. It might be a worthy
feature to implement.

For the Apple mobileconfig profiles, I'm pretty sure no extra text can
be added during credential installation. The only place for embedding
custom text is the "Terms of Use", but that's used for Terms of Use :-)

> ·         And on the same subject, is it possible to append something
> after the username if they missed to type it in, in our case append
> “/ppp AT SU.SE”
>  after the username if the user dose not type it in? That
> goes for both Mac, Linux and Windows.

I'd be wary doing that. As your users roam, they will occasionally end
up at hotspots which do not use the default SSID. They *will* have to
configure their device manually at that point, and it's best to have had
them educated properly beforehand when that time comes (or they will
fail horribly ;-) . So, deterministically making things NOT WORK if the
user typed in something wrong is better than fixing it silently under
the hood for most circumstances, but failing in others (User: "Why
doesn't it work here? I did the SAME THING as I did at home?!?!").

That's an "IMHO", but a strong one.

> If the above features is not possible at the moment, see them as feature
> requests that would be much appreciated.

Sure; at least the extra text thingy makes sense to me on first look.

Greetings,

Stefan Winter


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

Attachment: signature.asc
Description: OpenPGP digital signature