The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi,
Sorry for cross-posting, but while Windows Phone subject popped up at
the cat-users list, it really has nothing to do with CAT as CAT does not
support Windows Phone. The problem I would is a general 801.x thing.

To start with, WP 8.1 allows only two username/password EAP methods -
PEAP or TTLS-MSCHAPv2.

I run several WP 8.1 tests against EAPlab using both FreeRADIUS and
Radiator and on our production eduroam network with FreeRADIUS and got
identical, rather surprising results. It turns out that when I set the
CA certificate in the client then PEAP works fine, but TTLS rejects
authentication with incorrect certificate error. Both methods work fine
with no CA set and both produce an identical warning about accepting the
server.

I have checked that there is no error in Radius, in both cases the same
server cert is sent, so it appears that the is a bad bug in the TTLS
implementation. It seems so bad that I find it hard to believe that it
is not my error, but testing this several times and in different
scenarios would seem to show that i may be right.

Could someone verify this please.

Tomasz


-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne       Information&Communication Technology 
Centre
Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576