The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Sverrir Davíðsson <sverrir AT thekking.is>]

Hi Stefan
I Changed the CA file both on the Ipd and the profile, and now i´m able to 
connect.

Thx for the extra pair of eyes :)

Best Regards
Sverrir Davíðsson

-----Original Message-----
From: Stefan Winter 
[mailto:stefan.winter AT restena.lu]
 
Sent: mánudagur, 30. nóvember 2015 13:15
To: Sverrir Davíðsson 
<sverrir AT thekking.is>;
 eduroam CAT Feedback 
<cat-users AT lists.geant.org>
Subject: Re: Trooble using Eduroam Installer, help needed

Hi,

now I missed my main point. :-/

I spent some amount of time debugging this for you. I like debugging 
difficult cases, so that's not usually a problem.

This one however has been turned into automatic check code a long time ago. 
There is a button "realm check" in CAT, and it should yield in bright red "X" 
button style the error that the configured CA does not match the server 
certificate during the actual authentication.

I'd appreciate if folks could actually use the on-board debugging facilities. 
My bad probably, next time I will bounce problem reports with a "have you 
tried the Check Realm feature" immediately.

Greetings,

Stefan Winter

Am 30.11.2015 um 13:35 schrieb Sverrir Davíðsson:
> Ho Stefan
> Sorry, I must have pressed send to quickly :)
> 
> Here are the logs, see attachments
> 
> Best regards
> Sverrir Davíðsson
> 
> -----Original Message-----
> From: Stefan Winter 
> [mailto:stefan.winter AT restena.lu]
> Sent: mánudagur, 30. nóvember 2015 11:48
> To: Sverrir Davíðsson 
> <sverrir AT thekking.is>;
>  eduroam CAT Feedback 
> <cat-users AT lists.geant.org>
> Subject: Re: Trooble using Eduroam Installer, help needed
> 
> Hello,
> 
>> Hi my name is Sverrir,
>> I have been setting up a IdP for the Iceland Academy of the Arts.
> 
> thanks for contacting the list and not me directly.
> 
>> Radius Authentication works, but we are unable to us the Installer.
>>
>> I´m having trouble getting the Installer (EXE) setup to work against 
>> our SSID.
>>
>> We are able to connect directly to "eduroam" SSID without the use of 
>> the Installer, user gets authenticated and connected no problem.
> 
> "Connected" is easy. Getting connected *securely*, i.e. with all security 
> checks client-side enabled, is harder.
> 
> The installers set all the security parameters. Only once those checks are 
> actually enabled, subtle misconfigurations on the server side will have 
> consequences.
> 
>> But when we try to use the Installer, there is something of with the 
>> creation of the wifi Profile, users will not get connected and my 
>> RADIUS complains about user mismatch.
>>
>> I see that the User Security ID is NULL when using the Installer.
> 
> I have no idea what the "User Security ID" is supposed to be?
> 
>> I have tested this on both windows 10 and 8,1.
>>
>> I see at the top of the page that CAT vas recently updraded to 
>> versions 1.1.1, could that be the root of my problems?
> 
> No. We should really remove the MOTD. This version is up since over a month 
> now.
> 
>> All attach some more info regarding our Wifi troubles.
>>
>>  
>>
>> Radius: Windows Server 2012R2
>>
>> Microsoft: Protected EAP (PEAP)
>>
>>                 Secure Password (EAP-MSCHAP v2)
>>
>> Cert: Public SSL from GoDaddy
>>
>> AP: Cisco
> 
> This setup is as standard as can be and as such is probably not the source 
> of any problem.
> 
>> Logs from Radius and Client when Connecting to eduroam
>>
>> Connecting directly to eduroam (Without Installer), See attachement : 
>> Eduroam-NonInstaller.txt
>>
>> Connecting to eduroam (With Installer), See attachement :
>> Eduroam-Installer.txt
> 
> If you'd attach the log files, we could actually look at them ;-)
> 
> Greetings,
> 
> Stefan Winter
> 
>>
>>  
>>
>>  
>>
>> Best Regards
>>
>> Sverrir Davíðsson
>>
>>  
>>
>> ---------------------------------------------------------------------
>> -
>> -- Skilmálar / Disclaimer <https://www.thekking.is/is/skilmalar>
> 
> 
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale 
> et de la Recherche 2, avenue de l'Université
> L-4365 Esch-sur-Alzette
> 
> Tel: +352 424409 1
> Fax: +352 422473
> 
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the 
> recipient's key is known to me
> 
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
> 


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche 2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's 
key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66