The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Christian, Andrew W." <andris AT nerc.ac.uk>]

Hi,

Thanks for your help (both who replied). I agree entirely with your points on 
Windows XP, inevitably someone will ask and I will have to provide a reason 
(which I now have).

Kind Regards,
Andrew Christian.

-----Original Message-----
From: Stefan Winter 
[mailto:stefan.winter AT restena.lu]
Sent: 10 July 2013 12:49
To: Christian, Andrew W.
Cc: 
cat-users AT geant.net
Subject: Re: [cat-users] Windows XP SP3 and MS-CHAPV2

Hello,

> I have a quick query with regard to eduroam CAT and Windows XP SP3.
> I've made a first attempt at creating and eduroam CAT installer but it
> says that windows XP SP3 is "Not supported by CAT" or at least for
> this authentication type.

That's correct; the Windows XP API for network configuration is not rich 
enough for an external installer to be able to configure all EAP properties 
automatically - but only for the built-in EAP types, i.e. PEAP.

> Is this a limitation of CAT/XP SP3 or have I misconfigured something?
> I know this auth type works when manually configured in XP. Is there
> anything I can do?

It's the combination of PEAP-MSCHAPv2 and Windows XP which does not work. If 
your RADIUS server also supports TTLS-PAP, just mark it as such in CAT, and 
then you'll also get a downloadable installer for Windows XP.

And as you can see, PEAP-MSCHAPv2 also works just fine on Windows Vista and 
up.

Other than that, there is little we can do; your best option if you want to 
support PEAP-MSCHAPv2 on Windows XP SP3 is either to provide your users with 
detailed step-by-step instructions for manual configuration, or you could try 
"su1x" which (AFAIK) requires you, the admin, to configure an XP machine 
yourself and then export some binary blob which can subsequently be used for 
installation on end-user devices.

And just as a side-note... April 2014 is the final end-of-support date for 
Windows XP by Microsoft. In CAT, we wondered how much effort we should put 
into a dying OS, and decided not to investigate further how PEAP could 
possibly be automated besides the API on Windows XP. Your mileage - or 
better: willingness to support legacy OSes - may vary.

Greetings,

Stefan Winter


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche 6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473


This message (and any attachments) is for the recipient only. NERC is subject 
to the Freedom of Information Act 2000 and the contents of this email and any 
reply you make may be disclosed by NERC unless it is exempt from release 
under the Act. Any material supplied to NERC may be stored in an electronic 
records management system.