cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: Zenon Mousmoulas <zmousm AT noc.grnet.gr>, Stefan Winter <stefan.winter AT restena.lu>
- Cc: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] additional ssid with TKIP
- Date: Mon, 28 Dec 2015 19:01:08 +0100
Hi Zenon,
the CAT output indeed suggests a bit of a mess. I will take a look
why this is happening.
Thanks for supplying the log.
Tomasz
W dniu 28.12.2015 o 18:43, Zenon Mousmoulas pisze:
> Hi Stefan,
>
>
> On 2015-12-21 08:20, Stefan Winter wrote:
>>> there is an IdP-wide option in CAT to configure an additional ssid with
>>> TKIP. Does this still do anything, since the removal of (automatically
>>> included) TKIP profiles in CAT 1.1? Looking at non-binary profiles
>>> produced, I can't see a difference after enabling this option. And a
>>> Windows 10 user reported a problem[1] with an installer with this
>>> option
>>> enabled.
>>
>> The change was merely about the "eduroam" SSID itself; it previously
>> came with a TKIP profile included; but not any more.
>>
>> An additional SSID can still manually be configured with TKIP support.
>>
>> If you looked at the non-binary Apple OS X / iOS profiles: for them,
>> there is indeed no change, as the configuration profiles on that
>> platform do not make a distinction - everything is just "WPA", and
>> includes WPA+WPA2 and TKIP+AES.
>
> OK
>
>> So: we are not aware of any issues in that regard. If there was a
>> problem on a Windows installation, a bit more detail would be needed.
>
> I managed to get access to the user's computer and get a closer look
> at the problem after all.
>
> The error as displayed can be seen in the attachment (sorry, no screen
> grab). The message in Greek corresponds to this string from devices.pot:
>
> #: devices/ms/Files/common.inc:1014
> msgid "Credentials installation problem"
> msgstr "Πρόβλημα κατά την εγκατάσταση των διαπιστευτηρίων"
>
> I then ran the installer with debug:
>
> eduroam-W10-GRNET_S.A.-_SHA2_GRNET-HQ_eduroam_IdP.exe -DEBUG=4
>
> This is the log output:
>
> | Platfrom:64
> | WindowsVer:8
> | Checking for wireless interfaces
> | Exec: C:\Users\PDTSAN\AppData\Local\Temp\wlan_test.exe
> | wlan_test.exe returned 0
> | Wireless check OK
> | testing for EAP: 88
> | EAP test returned:
> | Symantec test returned:
> | Entering WiredConfirm with wireless_result=0; wired=0
> | locating certificate SHA=0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
> Level=root
> | Testing machine store root
> | Execute: certutil -store root 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
> | certutil returned -2146893807
> | Testing machine store authroot
> | Execute: certutil -store authroot
> 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
> | certutil returned 0
> | Found AUTHROOT
> | Checking for profile eduroam (TKIP)
> | Exec: netsh wlan show profiles eduroam (TKIP)
> | netsh returned 1
> | profile eduroam (TKIP) not found
> | Checking for profile eduroam
> | Exec: netsh wlan show profiles eduroam
> | netsh returned 1
> | profile eduroam not found
> | Execute: netsh wlan add profile
> C:\Users\PDTSAN\AppData\Local\Temp\wlan_prof-0.xml
> | netsh returned 0
> | Profile eduroam (TKIP) created
> | Execute: netsh wlan add profile
> C:\Users\PDTSAN\AppData\Local\Temp\wlan_prof-1.xml
> | netsh returned 0
> | Profile eduroam created
> | Additional Deletes
> | Checking for profile eduroam (TKIP)
> | Exec: netsh wlan show profiles eduroam (TKIP)
> | netsh returned 0
> | found profile eduroam (TKIP)
> | deleting profile "eduroam (TKIP)"
> | Execute: netsh wlan delete profile "eduroam (TKIP)"
> | Installing wireless credentials
> | installing credentials for profile eduroam (TKIP)
> | Execute: C:\Users\PDTSAN\AppData\Local\Temp\setEAPCred.exe
> "zmousm AT admin.grnet.gr"
> "base_64_password_not_recorded" "eduroam (TKIP)"
> | setEAPCred.exe returned 4
> | installing credentials for profile eduroam
> | Execute: C:\Users\PDTSAN\AppData\Local\Temp\setEAPCred.exe
> "zmousm AT admin.grnet.gr"
> "base_64_password_not_recorded" "eduroam"
> | setEAPCred.exe returned 0
> | writing C:\Users\PDTSAN\Downloads\inst_cat.cmd
>
> It looks like the installer adds and subsequently removes an "eduroam
> (TKIP)" profile. It calls setEAPCred.exe to set credentials for
> "eduroam (TKIP)" but it fails. I suppose it can't do that for a
> profile that has just been deleted.
>
> So the question is: Is this on purpose, so we can't configure an
> eduroam SSID with TKIP, or is this just a conflict with the installer
> trying to get rid of an automatically included eduroam/TKIP profile
> that might have been installed in the past?
>
> Merry Christmas,
> Z.
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users
--
Tomasz Wolniewicz
twoln AT umk.pl
http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology
Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- [[cat-users]] additional ssid with TKIP, Zenon Mousmoulas, 12/19/2015
- Re: [[cat-users]] additional ssid with TKIP, Stefan Winter, 12/21/2015
- Re: [[cat-users]] additional ssid with TKIP, Zenon Mousmoulas, 12/28/2015
- Re: [[cat-users]] additional ssid with TKIP, Tomasz Wolniewicz, 12/28/2015
- Re: [[cat-users]] additional ssid with TKIP, Tomasz Wolniewicz, 12/30/2015
- Re: [[cat-users]] additional ssid with TKIP, Zenon Mousmoulas, 12/28/2015
- Re: [[cat-users]] additional ssid with TKIP, Stefan Winter, 12/21/2015
Archive powered by MHonArc 2.6.19.