The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

To be absolutely precise and also show that Windows world is even more 
complicated, I need to add that in Windows 8 with TTLS you are expected 
to specify the full anonymous identity i.e. including the realm, it is 
only in PEAP where your control is limited to the user part.

Tomasz

W dniu 2013-05-08 13:21, Stefan Winter pisze:
> Hi,
>
> > I am forwarding a question / request form on of our institutions.
> > When enabling anonymous outer ID, is it possible to include realm
> > "anonymous AT myorg.no"
> >  and let this be mirrored in the profiles?
> > At present only "anonymous" is transferred to Win clients.
> >
> > We have seen the footnote that the suffix is derived from the username
> > input, but can this be changed? Or is it a good reason for this "feature"?
> Welcome to the mysterious world of Windows :-)
>
> It's the way how Microsoft designed the "anonymous" configuration. Also
> if you configure this interactively, the string field is supposed to
> contain only the local part of the username, i.e. anonymous. The realm
> part of it gets constructed during the login, when the user enters the
> realm himself.
>
> I always found that ... odd .. to say the least, but we have to work
> with what we have here. If you inspect the packets during
> authentication, you'll see that the right construct of anonID@inputrealm
> is chosen by Windows.
>
> Glad to see that someone actually read my footnote text. I thought it's
> way too easy to overlook :-)
>
> Greetings,
>
> Stefan Winter
>
> > Mvh
> > Tom Myren
> > UNINETT AS - 7465 Trondheim, tlf. 73 55 79 00 - fax 73 55 79 01
> > Direkte innvalg 73 55 79 14 - mobil 92600199
> > http://www.uninett.no
> >
> >
> >
> > -------- Original Message --------
> > Subject:        Re: Tilgang til http://cat-test.eduroam.org/admin/
> > Date:   Wed, 08 May 2013 12:11:08 +0200
> > From:   Øystein Gyland 
> > <oystegy AT usit.uio.no>
> > To:     Tom Ivar Myren 
> > <tom.myren AT uninett.no>
> >
> >
> >
> > On 05/08/2013 11:52 AM, Tom Ivar Myren wrote:
> >
> > > > Under «Device compatiblity matrix for 
> > > > eduroam AT uio.no
> > > >  of Universitetet
> > > > i Oslo» står det en fotnote for alle Windows-variantene:
> > > >
> > > > «Anonymous identities do not use the realm as specified in the profile
> > > > - it is derived from the suffix of the user's username input instead»
> > > Det betyr at sluttbruker må angi realm i brukernavnet når de første gang
> > > oppgir dette. Om man ikke benytter anonym identitet vil det som er
> > > oppgitt i realm automatisk bli benyttet.
> > > Jeg har ikke spesifikt tetstet dette...
> > På min Win7-maskin så blir ytre identitet «anonymous» (uten @uio.no),
> > selvom jeg satt opp profilen med 
> > «anonymous AT uio.no»
> >  som ytre identitet.
> >
> > Vi sliter litt med at folk oppgir brukernavnet sitt uten @uio.no, hvis
> > vi kunne ha fått satt opp en profil med 
> > «anonymous AT uio.no»
> >  som ytre
> > identitet hadde det vært gull. (Det er altså kun Windows-variantene som
> > har denne begrensningen såvidt jeg kan se).

--
Tomasz Wolniewicz
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576