The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Zenon Mousmoulas <zmousm AT noc.grnet.gr>]

Hi Stefan,


On 2015-12-21 08:20, Stefan Winter wrote:
> > there is an IdP-wide option in CAT to configure an additional ssid 
> > with
> > TKIP. Does this still do anything, since the removal of (automatically
> > included) TKIP profiles in CAT 1.1? Looking at non-binary profiles
> > produced, I can't see a difference after enabling this option. And a
> > Windows 10 user reported a problem[1] with an installer with this 
> > option
> > enabled.
>
> The change was merely about the "eduroam" SSID itself; it previously
> came with a TKIP profile included; but not any more.
>
> An additional SSID can still manually be configured with TKIP support.
>
> If you looked at the non-binary Apple OS X / iOS profiles: for them,
> there is indeed no change, as the configuration profiles on that
> platform do not make a distinction - everything is just "WPA", and
> includes WPA+WPA2 and TKIP+AES.

OK

> So: we are not aware of any issues in that regard. If there was a
> problem on a Windows installation, a bit more detail would be needed.

I managed to get access to the user's computer and get a closer look at 
the problem after all.

The error as displayed can be seen in the attachment (sorry, no screen 
grab). The message in Greek corresponds to this string from devices.pot:

#: devices/ms/Files/common.inc:1014
msgid "Credentials installation problem"
msgstr "Πρόβλημα κατά την εγκατάσταση των διαπιστευτηρίων"

I then ran the installer with debug:

eduroam-W10-GRNET_S.A.-_SHA2_GRNET-HQ_eduroam_IdP.exe -DEBUG=4

This is the log output:

| Platfrom:64
| WindowsVer:8
| Checking for wireless interfaces
| Exec: C:\Users\PDTSAN\AppData\Local\Temp\wlan_test.exe
| wlan_test.exe returned 0
| Wireless check OK
| testing for EAP: 88
| EAP test returned:
| Symantec test returned:
| Entering WiredConfirm with wireless_result=0; wired=0
| locating certificate  SHA=0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 
Level=root
| Testing machine store root
| Execute: certutil -store root 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
| certutil returned -2146893807
| Testing machine store authroot
| Execute: certutil -store authroot 
0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
| certutil returned 0
| Found AUTHROOT
| Checking for profile eduroam (TKIP)
| Exec: netsh wlan show profiles eduroam (TKIP)
| netsh returned 1
| profile eduroam (TKIP) not found
| Checking for profile eduroam
| Exec: netsh wlan show profiles eduroam
| netsh returned 1
| profile eduroam not found
| Execute: netsh wlan add profile 
C:\Users\PDTSAN\AppData\Local\Temp\wlan_prof-0.xml
| netsh returned 0
| Profile eduroam (TKIP) created
| Execute: netsh wlan add profile 
C:\Users\PDTSAN\AppData\Local\Temp\wlan_prof-1.xml
| netsh returned 0
| Profile eduroam created
| Additional Deletes
| Checking for profile eduroam (TKIP)
| Exec: netsh wlan show profiles eduroam (TKIP)
| netsh returned 0
| found profile eduroam (TKIP)
| deleting profile "eduroam (TKIP)"
| Execute: netsh wlan delete profile "eduroam (TKIP)"
| Installing wireless credentials
| installing credentials for profile eduroam (TKIP)
| Execute: C:\Users\PDTSAN\AppData\Local\Temp\setEAPCred.exe 
"zmousm AT admin.grnet.gr" "base_64_password_not_recorded" "eduroam (TKIP)"
| setEAPCred.exe returned 4
| installing credentials for profile eduroam
| Execute: C:\Users\PDTSAN\AppData\Local\Temp\setEAPCred.exe 
"zmousm AT admin.grnet.gr" "base_64_password_not_recorded" "eduroam"
| setEAPCred.exe returned 0
| writing C:\Users\PDTSAN\Downloads\inst_cat.cmd

It looks like the installer adds and subsequently removes an "eduroam 
(TKIP)" profile. It calls setEAPCred.exe to set credentials for "eduroam 
(TKIP)" but it fails. I suppose it can't do that for a profile that has 
just been deleted.

So the question is: Is this on purpose, so we can't configure an eduroam 
SSID with TKIP, or is this just a conflict with the installer trying to 
get rid of an automatically included eduroam/TKIP profile that might 
have been installed in the past?

Merry Christmas,
Z.

Attachment: IMG_2318.jpg
Description: JPEG image