The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

that's good to hear :-)

For the time being, as the per-profile override is not in deployment
yet, you can also

* set production-ready off in your profile(s)
* add the extra SSID inst-wide
* download the new installers from your "Fine-Tuning" page
* remove the extra SSID again
* set production-ready on again

That way you have the installers available locally, and no end user got
to see them.

As it happens, this means the end user download page will not list your
inst/profile for the say 5 min it takes to do the above - but since you
say it's silent over there at your place, this can possibly be tolerated.

Greetings,

Stefan Winter


Am 17.08.2016 um 11:42 schrieb Morris, Andi:
> Hi Stefan,
> That seems perfect. I understand that eduroam needs to always be there, 
> it's an eduroam configuration tool after all. :)
> 
> Cheers,
> Andi
> 
> -----Original Message-----
> From: Stefan Winter 
> [mailto:stefan.winter AT restena.lu]
> Sent: 17 August 2016 10:41
> To: Morris, Andi 
> <amorris AT cardiffmet.ac.uk>;
>  Jon Agland 
> <Jon.Agland AT jisc.ac.uk>;
>  
> cat-users AT lists.geant.org
> Subject: Re: [[cat-users]] pre-prod environment
> 
> Hi,
> 
> FWIW, the next release of CAT will have per-profile overrides of the SSID.
> 
> So then you can set up a profile with the extra SSID, while leaving the 
> normal profile as it is.
> 
> This will /not/ remove the "eduroam" SSID though; that one is always added 
> to all profiles.
> 
> So, when you download the extra-SSID profile, after installation you would 
> need to delete the SSID configuration for "eduroam" manually if you want to 
> prevent the client from jumping onto the proper SSID.
> 
> Greetings,
> 
> Stefan Winter
> 
> Am 17.08.2016 um 10:47 schrieb Morris, Andi:
>> Hi Jon,
>>
>> Thanks for the reply.
>>
>>
>>
>> That’s an interesting idea, however it’s not quite how I want to test
>> this. I want to have a pre-prod server using our currently live radius
>> certificate, which mimics what our users see at the moment. I would
>> then add the secondary certificate to the test cat profile and test
>> with devices how this affects them being able to connect to the
>> preprod server, and then finally, change the certificate on the
>> preprod server to match the secondary certificate being deployed by
>> the test cat user profile.
>>
>>
>>
>> If I connect to the eduroam SSID still my request will just get sent
>> to my production radius server.
>>
>>
>>
>> I’m not so worried about the ORPS side of things at the moment, as
>> that’s working how I have it, and is just a simple proxy.
>>
>>
>>
>> As it’s a quiet time of year here, I may be able to use the secondary
>> SSID setting in the site wide options without it affecting too many users.
>>
>>
>>
>> Cheers,
>>
>> Andi
>>
>>
>>
>> *From:*Jon Agland 
>> [mailto:Jon.Agland AT jisc.ac.uk]
>> *Sent:* 16 August 2016 09:54
>> *To:* Morris, Andi 
>> <amorris AT cardiffmet.ac.uk>;
>> cat-users AT lists.geant.org
>> *Subject:* RE: [[cat-users]] pre-prod environment
>>
>>
>>
>> Hi Andi,
>>
>>
>>
>> Could you not utilise a second realm e.g. test.cardiffmet.ac.uk to
>> conduct this testing?  That way you can still configure the devices
>> with the SSID eduroam, but use a different profile in CAT.  You can
>> configure at the eduroam UK support server, an ORPS as a test server,
>> this will configure the NRPS to send requests for
>> test.cardiffmet.ac.uk to the ORPS test server?  You may need to do
>> some tweaking to your existing server to either send
>> test.cardiffmet.ac.uk to the ORPS test server or to the NRPS.
>>
>>
>>
>> That way you get to continue to use ‘eduroam’ on those devices and do
>> your testing, you also don’t affect existing users who may end up with
>> this additional SSID being configured on all profiles.
>>
>>
>>
>> eduroam (UK) support team (based at Loughborough University) are
>> usually around on this list..
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Jon
>>
>>
>>
>> Jisc <http://www.jisc.ac.uk/>
>>
>> *Jon Agland* 
>> <mailto:jon.agland AT jisc.ac.uk>
>>  Subject specialist
>> (network technologies and infrastructure)
>>
>> T 02038198207
>> M 07443984222
>>
>> Skype jon_agland <skype:jon_agland?call>**
>>
>> Twitter @jon_agland <http://twitter.com/jon_agland> One Castlepark,
>> Tower Hill, Bristol, BS2 0JA**
>>
>> *jisc.ac.uk* <http://www.jisc.ac.uk/>
>>
>>
>>
>>
>>
>> Jisc is a registered charity (number 1149740) and a company limited by
>> guarantee which is registered in England under Company No. 5747339,
>> VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark,
>> Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>>
>>
>>
>> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
>> limited by guarantee which is registered in England under company
>> number 2881024, VAT number GB 197 0632 86. The registered office is:
>> One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>>
>>
>>
>> *From:*Thomas Andersen 
>> [mailto:than AT itu.dk]
>> *Sent:* 15 August 2016 20:27
>> *To:* Morris, Andi 
>> <amorris AT cardiffmet.ac.uk
>> <mailto:amorris AT cardiffmet.ac.uk>>;
>>  
>> cat-users AT lists.geant.org
>> <mailto:cat-users AT lists.geant.org>
>> *Subject:* Re: [[cat-users]] pre-prod environment
>>
>>
>>
>> Hi Andi,
>>
>>
>>
>> You cannot remove eduroam from the CAT, however, you can add
>> additional SSID’s in IdP wide settings -> Media Properties.
>>
>> However, since they are IdP wide, it will be added to all profiles.
>>
>>
>>
>> Br,
>>
>> Thomas
>>
>>
>>
>> *From: *"Morris, Andi" 
>> <amorris AT cardiffmet.ac.uk
>> <mailto:amorris AT cardiffmet.ac.uk>>
>> *Reply-To: *"Morris, Andi" 
>> <amorris AT cardiffmet.ac.uk
>> <mailto:amorris AT cardiffmet.ac.uk>>
>> *Date: *Monday 15 August 2016 at 17:56
>> *To: 
>> *"cat-users AT lists.geant.org
>>  
>> <mailto:cat-users AT lists.geant.org>"
>> <cat-users AT lists.geant.org
>>  
>> <mailto:cat-users AT lists.geant.org>>
>> *Subject: *[[cat-users]] pre-prod environment
>>
>>
>>
>> Hi all,
>>
>> Is there a way I can configure CAT to configure an SSID other than
>> ‘eduroam’? I’m trying to setup a new eduroam environment here, and I’m
>> at the preprod stage at the moment. I want to test CAT with this
>> environment and how different devices react when CAT is setup with two
>> different CAs for an eventual CA migration, however I can only seem to
>> get CAT to configure ‘eduroam’ which is obviously the name of my
>> production SSID. It would be ideal if I could tweak this somehow to
>> reflect my preprod SSID name.
>>
>>
>>
>> Cheers,
>>
>> Andi
>>
>>
>>
>> -------------------------------------
>>
>> Andi Morris
>>
>> IT Security Officer
>> Cardiff Metropolitan University
>>
>> T: 02920 205720
>> E: 
>> amorris AT cardiffmet.ac.uk
>>  
>> <mailto:amorris AT cardiffmet.ac.uk>
>>
>> --------------------------------------
>>
>>
>>
>> ----------------------------------------------------------------------
>> --
>>
>>
>> ardiff Metropolitan University - Queens Anniversary Prizes 2015
>> <http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognise
>> d-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>
>>
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
>>
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
>>
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
> 
> 
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
> la Recherche 2, avenue de l'Université
> L-4365 Esch-sur-Alzette
> 
> Tel: +352 424409 1
> Fax: +352 422473
> 
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the 
> recipient's key is known to me
> 
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
> ________________________________
> 
> [Cardiff Metropolitan University - Queens Anniversary Prizes 
> 2015]<http://www.cardiffmet.ac.uk/news/Pages/Cardiff-Met-research-recognised-in-Queens-Anniversary-Prizes-for-Higher-and-Further-Education.aspx>
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature