The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

>   one of our institutions reported this fail while running the live test
> login from eduroam CAT:
> 
> 8<...
> 
> OK!PEAP-MSCHAPv2 from eduroamTL dk
> Error!    Login with PEAP-MSCHAPv2 from eduroamTL nl failed!
> Resultcode: 3
> 
> ...>8
> 
> The institution is being reached dinamically:
> 
> 8<...
> 
> Realm is *DYNAMIC* with no DNS errors encountered. Congratulations!
> 
> ...>8
> 
> What could be the cause for this error?

That's a bit strange indeed. Was this a one-off error, or is it persistent.

It looks like your request can be authenticated via the second ETLR in
Denmark, but not via the primary one in NL.

The return code 3 means "Access-Reject"; so "someone" was convinced that
the login credentials were not good enough. This could be the ETLR
policy "Reject instead of Ignore" or the inst RADIUS actually not liking
the incoming request; we currently can't make a distinction between
these two in CAT.

The institution admin himself could check in the logs whether he got two
login attempts or just one...

Also, do the "dynamic" tests show any certificate problems?

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66