The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Chris Nelson <cnelson AT ceg-uk.com>]

Hi Alan,

Thank you so much for this!
Had totally forgotten about the live login test and I would have seen what 
you pointed out of the externally signed wildcard cert.
With seeing this, I thought this had been set up on the externally facing 
proxy but after further checking it had been installed on the actual radius 
server for some reason.
Tested with the live test and it's working fine so just need to test at a 
campus.

Thanks again.
Chris Nelson


-----Original Message-----
From: 
A.L.M.Buxey AT lboro.ac.uk
 
[mailto:A.L.M.Buxey AT lboro.ac.uk]
 
Sent: 04 April 2016 20:31
To: Chris Nelson 
<cnelson AT ceg-uk.com>
Cc: 
cat-users AT lists.geant.org
Subject: Re: [[cat-users]] Cat Tool now not authenticating users

Hi,

>    Hopefully you can help with this.
>    We did have eduroam working with android and ios devices but now it seems
>    that when requests are coming through, something has changed and the
>    requests are failing.
>    Looking at our set up we have the cn of the authentication server set as
>    CBBH-DC-02.ceg.local
>    The current car cert file is still current but authentication requests 
> are
>    failing.

check what your eduroamCAT profile looks like - the CA, the CN etc 
(ceg.catscollege.com CA with your .local RADIUS server cert)  versus what 
your RADIUS server is actually handing out when you authenticate against it - 
your production box has got a GoDaddy Root CA, intermediate and a wildcard 
RADIUS server cert (the first two appear to have the BEGIN CERTICATE on same 
line as /OU+CN stuff which is a bit messy.

as Stefan said, someones made a change without adjusting the other thing - 
your current RADIUS server is only SHA1 and expires on Jul 25 07:41:16 2016 
so something to be getting ready for anyway.

alan

____________________________________________________________

This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you have received this e-mail in error please notify the
originator of the message. 

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Cambridge Education Group.

Scanning of this message and addition of this footer is performed
by Sophos E-mail Filter appliance in conjunction with 
virus detection software.
CT