The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Marcin Balcerzyk" <mbalcerzyk AT us.es>]

Dear Alan.

 

The catch with Eduroam is that in majority of universities use is EAP-TTLS-PAP, AND some other, usually undocumented, protocols. The implementation of WP10 is that it seems to use some TTLS which does not include (visible) second phase, anonymous identity etc.

 

Maybe for University of Seville would be the easiest to implement MSCHAPv2, but it is them that has to decide.

 

Kind regards.

 

Marcin Balcerzyk, Ph.D.

Unidad Ciclotron,

Centro Nacional de Aceleradores,

Universidad de Sevilla-CSIC-Junta de Andalucia,

Parque Tecnólogico Cartuja 93,

c/Thomas Alva Edison Nº 7,

41092 Sevilla (Spain),
Tel.:  (+34)  954 460 553 ext. 226,

Fax:  (+34)   954 460 145,

mobile:(+34) 697 322 126

Skype: balcerzm

 

From: Alan Buxey [mailto:A.L.M.Buxey AT lboro.ac.uk]
Sent: 25 January 2016 14:26
To: Jose Manuel Macias Luna <jmanuel.macias AT rediris.es>; Marcin Balcerzyk <mbalcerzyk AT us.es>; 'Stefan Winter' <stefan.winter AT restena.lu>
Cc: 'Daniel Daza Muñoz' <daniel AT us.es>; cat-users AT lists.geant.org; 'Gustavo A. Rodriguez' <gusrodri AT us.es>; 'Carmen Lopez (Nené)' <carmen AT us.es>
Subject: Re: [[cat-users]] Installation of Eduroam for Windows Phone 8.1 and 10

 

The main part is that the clients need to be configured to use the method(s) that the authentication server supports

If the authentication server can only handle EAP method ABC then there's little to be gained from configuring the client to use XYZ instead other than failed auths and errors in the auth server.

It's an unusual case if a server that can do PAP can't do MSCHAPv2 (but such stuff still needs configuration on the server)

If the site say use ABC then use ABC and don't expect anything else to work

alan