The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

I have taken a look at the actual profile. It has an error. Instead of
the certificate chain for the CAs it just contains the server
certificate (TCS one). This is not correct.

Please supply the whole TCS certificate chain as either one PEM file
containing all, or several files with separate certificates and please
try again then.

With TTLS-PAP, the newest IOS does not ask the user to provide
credentials at install time, only at first connection time. This is
different from PEAP.

Tomasz



W dniu 14.06.2013 13:04, Stefan Winter pisze:
> Hi,
>
>> We use PAP-TTLS as we authenticate against a unix password file. 
>> Unfortunately PEAP did not work. 
>> iPad and iPhone does not work and vast majority of students use have these 
>> devices. 
> Looking at the thread, I see that you reported OS X Lion+ to work
> without problems.
>
> That's "funny" because the OS X Lion download and iOS download are the
> identical file; they only have two different buttons on the download
> interface because people are looking for device classes usually, and a
> button with an abstract notion of "anythinig Apple" looked less
> intuitive than mentioning the exact device class.
>
> So if the OS X Lion+ installer works, I'm reasonably confident that the
> profile as generated by CAT is in good working order.
>
> Since Scott mentioned that their CloudPath installer has the same issue,
> I'm really tempted to think that this is an iOS bug - in that it can't
> do TTLS-PAP properly - much more than an eduroam CAT problem.
>
> Since you can't move away from TTLS-PAP, I'm sort of lost in things to
> suggest. There is one thing maybe: you could try to generate an iOS
> profile "by hand"; i.e. download Apple's "iPhone Configuration Utility",
> click together the settings as they apply to your IdP and see if the
> resulting profile works better with the iOS devices.
>
> I'm guessing it won't, and then it's clearly an iOS bug. If it does work
> better however, please send the profile over to me so I can inspect it
> for differences to what CAT generates.
>
> Greetings,
>
> Stefan Winter
>
>>
>> Regards
>> Judy Angel
>>  
>>
>> Sent from my iPad
>>
>> On 13 Jun 2013, at 08:56 PM, Scott Armitage 
>> <S.P.Armitage AT lboro.ac.uk>
>>  wrote:
>>
>>> On 13 Jun 2013, at 15:46, "Angel, Judy" 
>>> <admyet4 AT herts.ac.uk>
>>>  wrote:
>>>
>>>> Hi
>>>> I am new to this system and think it is great. Thank you very much for 
>>>> developing such a useful tool.
>>>> I have tested the download for w7, XP ,lion , linux and all work fine. 
>>>> However the iphone app does not look as nice as the others and
>>>> More to the point down not work for me. It goes through the install 
>>>> screen, I enter username and password but there is no connection.
>>>> I originally had a self certified certificate. I have now installed the 
>>>> Janet Terena one which I can see as verified in the 
>>>> iphone>general>profile
>>>> But when I select the SSID eduroam the certificate page with the gears 
>>>> is on the left, not verified in red in the middle of the screen, accept 
>>>> on the right hand side but it is not an active button, so can not be 
>>>> selected.
>>>> Have you come across such a problem? Any suggestions please.
>>>
>>> I think the problem is TTLS.  I noticed the same problem with our 
>>> cloudpath profiles if the authentication type was set to EAP-TTLS.  I 
>>> therefore had to switch PEAP.
>>> From memory this was discussed a while ago on another mailing list (but I 
>>> can't remember).
>>>
>>> Try a PEAP configuration and see if you have the same problem.
>>>
>>> Regards
>>>
>>> Scott Armitage
>

-- 
Tomasz Wolniewicz    
  
twoln AT umk.pl
     http://www.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication
                                      Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750  fax: +48-56-622-1850 tel kom.: +48-693-032-576