The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

>    just two comments... Stefan, please note that Marcos is from
> esci.upf.edu, not upf.edu (two different organizations).

Okay. Sorry for being confused :-)

> I explained Marcos that the SecureW2 installer is only used for Win
> XP, and it should'nt be used by default for win 7 and 8.x (if
> PEAP+MSCHAPv2 is selected as first option as is the case)... am I right?
> 
> Of course you could use it in further windows versions too, but given
> the priority of methods allowed in the profile and their order (1.
> PEAP-MSCHAPv2, 2. TTLS-MSCHAPv2, 3. TTLS+PAP), I guess the installer
> for win 7 and win 8.1 is not based on SecureW2...

Yes, with that priority, Vista and above would not trigger SecureW2
installation.

And the built-in supplicant which is then used is of course bound to
Microsoft's built-in TLS validation routines... which are on the SHA-1
sunset crusade.

> Also I have to say, I checked this morning and the profile looked fine
> to me.

Maybe he is still sending the (superfluous) old TERENA intermediate CA
and Microsoft is (unrightfully) upset about that. Or he is missing the
second intermediate (IIRC) and the supplicants can't complete the chain.

Stefan

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature