cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

[cat-users] CAT 1.1 Issues

From: Jacques ROGNIN <rognin AT essec.edu>
To: cat-users AT geant.net
Subject: [cat-users] CAT 1.1 Issues
Date: Wed, 27 May 2015 16:41:04 +0200
List-archive: <http://mail.geant.net/pipermail/cat-users/>
List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>

Hello,

I am new in this list and in the CAT users community.

I just tried to generate my installers in differents modes ( PEAP-MSCHAPV2, TTLS-MSCHAPV2) I support on my radius server.

However I get an error with Iphones , Ipad and OS/X Yosemite.

It seems that I have a problem with the certificate.

We use a Symantec cetificate and it works correctly if I configure the profile using my own Apple configurator.

I think I don't fill the certificate information correctly in the CAT portal.

What have I to do ?

To upload the Root CA
To upload the ICA
To upload the server certificate
Several of them ?

Is it a CAT 1.1 bug ?

Thanks for your help

Jacques ROGNIN

FOR INFORMATION :Freeradius says :

# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[request] returns notfound
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.155.0.230/auth-detail-20150527
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.155.0.230/auth-detail-20150527
[auth_log] expand: %t -> Wed May 27 16:34:31 2015
++[auth_log] returns ok
++[mschap] returns noop
[suffix] Looking up realm "essec.fr" for User-Name = "anonymous AT essec.fr"
[suffix] Found realm "essec.fr"
[suffix] Adding Realm = "essec.fr"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 11 length 17
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 7
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Alert [length 0002], warning close_notify
TLS Alert read:warning:close notify
TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
SSL: SSL_read failed in a system call (-1), TLS session fails.
TLS receive handshake failed during operation
[ttls] eaptls_process returned 4
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.

Jacques ROGNIN

[cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/27/2015
- Re: [cat-users] CAT 1.1 Issues, Stefan Winter, 05/27/2015
- Re: [cat-users] CAT 1.1 Issues, Stefan Winter, 05/27/2015
  - Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
    - Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
      - Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
        
        Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
        
        Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
        
        Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015
        Re: [cat-users] CAT 1.1 Issues, Jacques ROGNIN, 05/28/2015
        
        Re: [cat-users] CAT 1.1 Issues, Tomasz Wolniewicz, 05/28/2015