The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Jacques ROGNIN <rognin AT essec.edu>]

OK understood Thomasz.

Thanks for your preciuos help.

Hope that somebody else will have an idea .

Cheers

2015-05-28 15:42 GMT+02:00 Tomasz Wolniewicz <twoln AT umk.pl>:

Hi Jacques,

W dniu 2015-05-28 o 15:18, Jacques ROGNIN pisze:
> You are right Thomasz !
> A reload changes the look ::
>  ...... but doesn't fix my problem :-/

The warning returned states, as you probably realise yourself, that your
server does not add an intermediate CAs to the EAP exchange.
The intermediate CAs are loaded into the CAT profile so the validation
is possible but this setup may be a potential problem for your users,
for instance for those who configure their devices manually. To make a
secure configuration they just need to point to the Symantec root CA and
input the names of your servers, however when they connect to your
server it will not be possible to verify its certificate since the
certification chain will not be complete.

Since you have all intermediates in CAT profiles, installations done
with CAT installers should work properly as they install the
intermediate CAs, but looking form the point of view of RADIUS setup,
the current configuration at least requires a warning.

>From the CAT side all is fine, the problem you are left with is how to
push the CAs into the FreeRADIUS configuration, therefore you should
look up help from FreeRADIUS experts. Many of them are also on this list
so perhaps someone will suggest a solution.

Cheers
Tomasz


--
Tomasz Wolniewicz
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

--

Jacques ROGNIN