Skip to Content.

cat-users - Re: [[cat-users]] Windows 10 EAP-TTLS not working

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Windows 10 EAP-TTLS not working


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Eduroam UPB <eduroam.upb AT gmail.com>, cat-users AT lists.geant.org, Tomasz Wolniewicz <twoln AT umk.pl>
  • Subject: Re: [[cat-users]] Windows 10 EAP-TTLS not working
  • Date: Tue, 2 Aug 2016 08:29:44 +0200
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,

> Hi with the recent CAT version i have been getting erros on Eduroam
> installers for Windows 10
>
> When I select Fine-tuning options for EAP-Type TTLS-MSCHAPv2 , the
> option : "Turn on selection of EAP-TLS User-Name on", the file
> wlan_prof-0.xml within the installer has the xml item
>
> <DisablePrompt>true</DisablePrompt>
>
> When i remove the this option the same parameter does not change
> <DisablePrompt>true</DisablePrompt>
>
>
> With this value the WLAN profile does not work:

As the name of the option gives away, this parameter is only meant to be
meaningful for the EAP type *EAP-TLS*. It does not / is not supposed to
have any effect on *EAP-TTLS*.

> netsh wlan add profile filename="wlan_prof-0.xml" user=current
>
> But if i edit the file wlan_prof-0.xml directly and change the
> parameter to:
>
> <DisablePrompt>false</DisablePrompt>
>
> AN delete the WLAN profile and import again, the Eduroam works again
>
> there is a solution in the cat tool to prepare the installer so it gets
> the correct value in the WLAN profile
>
> <DisablePrompt>false</DisablePrompt>
>
> Thanks in advance

Well, never touching that option is extremely likely going to make
things work.

Now, since you have deleted it but it still does not work, maybe there
was a residue left, and maybe the installers still consider that residue
when they should not.

Quite frankly, you shouldn't have set this option in the first place.
But of course it should not do any harm if set, because it's about
another EAP type.

As a first workaround, you could delete the *profile* (not the entire
IdP) and create it anew, without setting the EAP-TLS option.

In a second step, we'll investigate where those side-effects come from.
Our developer for the Windows installers, Tomasz Wolniewicz, will get
back to you when he's back in his office.

Greetings,

Stefan Winter
>
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page