The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Morris, Andi" <amorris AT cardiffmet.ac.uk>]

Hi Darren,

I had thought of proxying the request from the production server to the preprod, however if possible I wanted to avoid making any changes to the production server. It’s definitely a viable option though.

 

The second option could be possible, I’d need to speak to the networking guys to work out whether it’s possible without affecting the rest of the Aps on the controller.

 

Thanks.

 

Cheers,

Andi

 

From: Darren Wheatcroft [mailto:Darren.Wheatcroft AT nottingham.ac.uk]
Sent: 17 August 2016 10:21
To: Morris, Andi <amorris AT cardiffmet.ac.uk>; Jon Agland <Jon.Agland AT jisc.ac.uk>; cat-users AT lists.geant.org
Subject: Re: [[cat-users]] pre-prod environment

 

Just a thought – but depending on your internal production RADIUS server, could you not set a rule along the lines of

IF <test device MAC, test username or realm>

THEN <proxy to pre-prod RADIUS server>

In its RADIUS config?

 

That way if you hit your own local eduroam SSID with a test device, your prod-RADIUS will push the request to the pre-prod RADIUS

 

Or, set up a single AP/AP group with a ‘new’ SSID called eduroam that uses your pre-prod RADIUS server but in all other respects is identical to the live SSID. Affects whoever connects to that AP, but you can use a spare and stick it in your office J

 

That should work.

 

HTH

Darren

 

--

Darren Wheatcroft

Senior Systems Development Officer: Infrastructure & Network Change

Global IT Services, Information Services 
The University of Nottingham

Kings Meadow Campus

 

From: "Morris, Andi" <amorris AT cardiffmet.ac.uk>
Reply-To: "Morris, Andi" <amorris AT cardiffmet.ac.uk>
Date: Wednesday, 17 August 2016 at 09:47
To: Jon Agland <Jon.Agland AT jisc.ac.uk>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
Subject: RE: [[cat-users]] pre-prod environment

 

Hi Jon,

Thanks for the reply.

 

That’s an interesting idea, however it’s not quite how I want to test this. I want to have a pre-prod server using our currently live radius certificate, which mimics what our users see at the moment. I would then add the secondary certificate to the test cat profile and test with devices how this affects them being able to connect to the preprod server, and then finally, change the certificate on the preprod server to match the secondary certificate being deployed by the test cat user profile.

 

If I connect to the eduroam SSID still my request will just get sent to my production radius server.

 

I’m not so worried about the ORPS side of things at the moment, as that’s working how I have it, and is just a simple proxy.

 

As it’s a quiet time of year here, I may be able to use the secondary SSID setting in the site wide options without it affecting too many users.

 

Cheers,

Andi

 

From: Jon Agland [mailto:Jon.Agland AT jisc.ac.uk]
Sent: 16 August 2016 09:54
To: Morris, Andi <amorris AT cardiffmet.ac.uk>; cat-users AT lists.geant.org
Subject: RE: [[cat-users]] pre-prod environment

 

Hi Andi,

 

Could you not utilise a second realm e.g. test.cardiffmet.ac.uk to conduct this testing?  That way you can still configure the devices with the SSID eduroam, but use a different profile in CAT.  You can configure at the eduroam UK support server, an ORPS as a test server, this will configure the NRPS to send requests for test.cardiffmet.ac.uk to the ORPS test server?  You may need to do some tweaking to your existing server to either send test.cardiffmet.ac.uk to the ORPS test server or to the NRPS.

 

That way you get to continue to use ‘eduroam’ on those devices and do your testing, you also don’t affect existing users who may end up with this additional SSID being configured on all profiles.

 

eduroam (UK) support team (based at Loughborough University) are usually around on this list..

 

Cheers,

 

Jon

 

Jon Agland
Subject specialist (network technologies and infrastructure)

T 02038198207
M 07443984222

Skype jon_agland

Twitter @jon_agland
One Castlepark, Tower Hill, Bristol, BS2 0JA

jisc.ac.uk

 

 

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

 

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.

 

From: Thomas Andersen [mailto:than AT itu.dk]
Sent: 15 August 2016 20:27
To: Morris, Andi <amorris AT cardiffmet.ac.uk>; cat-users AT lists.geant.org
Subject: Re: [[cat-users]] pre-prod environment

 

Hi Andi,

 

You cannot remove eduroam from the CAT, however, you can add additional SSID’s in IdP wide settings -> Media Properties.

However, since they are IdP wide, it will be added to all profiles.

 

Br,

Thomas

 

From: "Morris, Andi" <amorris AT cardiffmet.ac.uk>
Reply-To: "Morris, Andi" <amorris AT cardiffmet.ac.uk>
Date: Monday 15 August 2016 at 17:56
To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
Subject: [[cat-users]] pre-prod environment

 

Hi all,

Is there a way I can configure CAT to configure an SSID other than ‘eduroam’? I’m trying to setup a new eduroam environment here, and I’m at the preprod stage at the moment. I want to test CAT with this environment and how different devices react when CAT is setup with two different CAs for an eventual CA migration, however I can only seem to get CAT to configure ‘eduroam’ which is obviously the name of my production SSID. It would be ideal if I could tweak this somehow to reflect my preprod SSID name.

 

Cheers,

Andi

 

-------------------------------------

Andi Morris

IT Security Officer
Cardiff Metropolitan University

T: 02920 205720
E: amorris AT cardiffmet.ac.uk

--------------------------------------

 

---

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

This message and any attachment are intended solely for the addressee

and may contain confidential information. If you have received this

message in error, please send it back to me, and immediately delete it. 

Please do not use, copy or disclose the information contained in this

message or in any attachment.  Any views or opinions expressed by the

author of this email do not necessarily reflect the views of the

University of Nottingham.

This message has been checked for viruses but the contents of an

attachment may still contain software viruses which could damage your

computer system, you are advised to perform your own checks. Email

communications with the University of Nottingham may be monitored as

permitted by UK legislation.