The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Michele de Varda <michele.devarda AT unimi.it>]

Sorry,  this issue happened because yesterday we changed FreeRADIUS 
server's certificate and so many users downloaded the new CAT configuration.
Now we put all configuration files locally on the captive portal.

I will ask you another question about certificates: in the new CAT 
configuration we put only the root certificate (VeriSign Class 3 Public 
Primary Certification Authority - G5) and in the RADIUS server we put 
the server certificate (CN=eduroam.unimi.it) and the intermediate 
certificate chain that contains "Symantec Class 3 Secure Server CA - G4" 
and   "VeriSign Class 3 Public Primary Certification Authority - G5" 
certificates.
The CAT configurator works fine with all Windows Systems, Linux and IOS 
and  MAC OS X 10.10 Yosemite, but we have an auth error with MAC OS X 
10.7 and 10.9.
MAC OS X makes different checks on certificate chain?

Thank you for your support,

Michele de Varda
Univ. degli Studi di Milano
Div. Telecomunicazioni







Il 19/03/2015 10:45, 
A.L.M.Buxey AT lboro.ac.uk
 ha scritto:
> Hi,
>
> > The connection was blocked only from this IP,   behind the  captive
> > portal NAT there were thousand Unimi users that yesterday tried to
> > download CAT configurator and probably we caused a kind of DoS
> > attack to cat site.
> if you are directing ALL captive portal requests through to cat.eduroam.org 
> then I'd expect you to
> be blocked - thats not friendly and cat.eduroam.org isnt designed or scaled 
> for such a thing.
>
> alan