The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

One side comment,
   in CAT 1.1 which (in beta) you can test at https://cat-test.eduroam.org/beta/ there is a "secret" switch
When you call https://cat-test.eduroam.org/beta/?hidden=1 you will also see modules which are normally hidden from user's view. Currently there is one such module called Test. If you use it you will download the CAT setting for a given profile as a single zip file. This can be useful for solving such support problems in the future (of course the federation admin can always take ownership of an institution, but this approach is faster and works for every institution in CAT, nut just your own federation).

Tomasz




W dniu 2015-01-21 o 13:15, José Manuel Macías pisze:

Hi Stefan, Marcos,

   just two comments... Stefan, please note that Marcos is from
esci.upf.edu, not upf.edu (two different organizations).

El 21/01/15 a las 12:19, Stefan Winter escribió:
> Hi,

>> We are writing to report a problem detected with our users.
>>
>> We are offering the installer from cat.eduroam.org website, and
>> since January we detected how windows 7 and 8.1 pcs connection
>> fails, curiosly If you use mac (version 10.10) or android
>> mobiles, you can connect. Using SecureW2 client last version you
>> can connect in Windows clients and our national support service
>> confirm us how client used by eduroam was GPL version. We are
>> checking how can be possible this, but now the users can't
>> connect and we need support to confirm the problem and repair
>> official installer. Was anyone reporting this problems?

I explained Marcos that the SecureW2 installer is only used for Win
XP, and it should'nt be used by default for win 7 and 8.x (if
PEAP+MSCHAPv2 is selected as first option as is the case)... am I right?

Of course you could use it in further windows versions too, but given
the priority of methods allowed in the profile and their order (1.
PEAP-MSCHAPv2, 2. TTLS-MSCHAPv2, 3. TTLS+PAP), I guess the installer
for win 7 and win 8.1 is not based on SecureW2...

Also I have to say, I checked this morning and the profile looked fine
to me.

> Did the problem start on Jan 1? It's not impossible that Microsoft
> may be enforcing new certificate requirements, and that your server
> or intermediate CA certificate does not meet those new
> requirements.

> If you use a different version of SecureW2 that may or may not hint
> to a problem with our version - maybe the users who try that new
> version simply do not enable the certificate checks properly in
> their manual configuration.

> It would be helpful if you could send me the server certificate and
> CA certificate(s) by mail so I could take a closer look. Because I
> don't get any certificate out of the EAP conversation for @upf.edu
> - maybe you are using a Microsoft RADIUS server and it doesn't like
> my outer identity...

Please note my initial comment... it's not @upf.edu (idp=38) but
@esci.upf.edu  (idp=313)... just in case.

cheers,

jose.

>

--
Tomasz Wolniewicz   
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576