cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [cat-users] CAT with iPhone/iPad and older Macs

From: Stefan Winter <stefan.winter AT restena.lu>
To: Brian Epstein <bepstein AT ias.edu>, cat-users AT geant.net
Subject: Re: [cat-users] CAT with iPhone/iPad and older Macs
Date: Mon, 07 Oct 2013 10:42:08 +0200
List-archive: <https://mail.geant.net/mailman/private/cat-users/>
List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Openpgp: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hello,

> We are having a lot of luck with the Windows 7 and Linux CAT files for
> configuring Eduroam for us.

I really hope there's no luck involved - it should all be fairly
deterministic ;-)

Glad to hear things are working for you!

> We are running into nothing but trouble with the iPhone/iPad

For iPhone and iPad, we've heard some reports about an iOS bug which
rears its ugly head only when your server certificate is not signed
directly by a root CA, but has an intermediate CA in between.

Is that by any chance the case in your deployment? If so, the bug is
that the intermediate CA gets ignored if it comes in during the EAP
conversation; it needs to be added to the CA list in CAT and be
provisioned with the profile.

Does this help?

> and MacOS <10.7.

This is currently not really supported by CAT. In fact, we do have a
module which can do it, but it didn't make its way into the production
release due to missing QA (these devices are getting more rare every day
after all).

There are more folks interested in this; and they are on this list. I'm
sure they will merrily take you on board when it comes to
testing/improving the device module.

> We are only using EAP-TTLS-PAP with a self-signed CA.

Right; I should have read the mail to the end before posting :-)

So there's no intermediate CA involved. Then, what is the error with the
iPhone iPad profiles? Do they not install at all, or do they not connect
afterwards? Any screenshot or behavioural description how to reproduce
would be mighty helpful.

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

[cat-users] CAT with iPhone/iPad and older Macs, Brian Epstein, 10/04/2013
- Re: [cat-users] CAT with iPhone/iPad and older Macs, Stefan Winter, 10/07/2013
  - Re: [cat-users] CAT with iPhone/iPad and older Macs, Brian Epstein, 10/07/2013
    - Re: [cat-users] CAT with iPhone/iPad and older Macs, Stefan Winter, 10/07/2013
      - Re: [cat-users] CAT with iPhone/iPad and older Macs, Tomasz Wolniewicz, 10/07/2013
        
        Re: [cat-users] CAT with iPhone/iPad and older Macs, Stefan Winter, 10/07/2013
        
        Re: [cat-users] CAT with iPhone/iPad and older Macs, Tomasz Wolniewicz, 10/07/2013
      - Re: [cat-users] CAT with iPhone/iPad and older Macs, Brian Epstein, 10/07/2013
      - Re: [cat-users] CAT with iPhone/iPad and older Macs, Brian Epstein, 10/07/2013
        
        Re: [cat-users] CAT with iPhone/iPad and older Macs, Brian Epstein, 10/07/2013
        
        Re: [cat-users] CAT with iPhone/iPad and older Macs, Stefan Winter, 10/08/2013
        
        Re: [cat-users] CAT with iPhone/iPad and older Macs, Brian Epstein, 10/09/2013