The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[José Manuel Macías <jmanuel.macias AT rediris.es>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Stefan, Marcos,

   just two comments... Stefan, please note that Marcos is from
esci.upf.edu, not upf.edu (two different organizations).

El 21/01/15 a las 12:19, Stefan Winter escribió:
> Hi,
> 
>> We are writing to report a problem detected with our users.
>> 
>> We are offering the installer from cat.eduroam.org website, and
>> since January we detected how windows 7 and 8.1 pcs connection
>> fails, curiosly If you use mac (version 10.10) or android
>> mobiles, you can connect. Using SecureW2 client last version you
>> can connect in Windows clients and our national support service
>> confirm us how client used by eduroam was GPL version. We are
>> checking how can be possible this, but now the users can't
>> connect and we need support to confirm the problem and repair
>> official installer. Was anyone reporting this problems?

I explained Marcos that the SecureW2 installer is only used for Win
XP, and it should'nt be used by default for win 7 and 8.x (if
PEAP+MSCHAPv2 is selected as first option as is the case)... am I right?

Of course you could use it in further windows versions too, but given
the priority of methods allowed in the profile and their order (1.
PEAP-MSCHAPv2, 2. TTLS-MSCHAPv2, 3. TTLS+PAP), I guess the installer
for win 7 and win 8.1 is not based on SecureW2...

Also I have to say, I checked this morning and the profile looked fine
to me.

> Did the problem start on Jan 1? It's not impossible that Microsoft
> may be enforcing new certificate requirements, and that your server
> or intermediate CA certificate does not meet those new
> requirements.
> 
> If you use a different version of SecureW2 that may or may not hint
> to a problem with our version - maybe the users who try that new
> version simply do not enable the certificate checks properly in
> their manual configuration.
> 
> It would be helpful if you could send me the server certificate and
> CA certificate(s) by mail so I could take a closer look. Because I
> don't get any certificate out of the EAP conversation for @upf.edu
> - maybe you are using a Microsoft RADIUS server and it doesn't like
> my outer identity...

Please note my initial comment... it's not @upf.edu (idp=38) but
@esci.upf.edu  (idp=313)... just in case.

cheers,

jose.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlS/mF8ACgkQGWs+hpVj71PN7gCgmF7MKqYktgKNTH1Ltk2AUZws
JgMAn2RdpxLQ0cwHZmg1HkMTFsqzOmWL
=A1Zc
-----END PGP SIGNATURE-----