Skip to Content.

cat-users - Re: [[cat-users]] Eduroam Not working

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Eduroam Not working


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Chris Nelson <cnelson AT ceg-uk.com>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] Eduroam Not working
  • Date: Thu, 27 Oct 2016 09:04:08 +0200
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,

> We set it up Eduroam a while back so that our users can authenticate to
> Eduroam but we don’t have it available on our sites.
>
> We had it working but it seems to have stopped working properly or at
> least is flaky as it is authenticating for some users that I believe are
> on iphone but not others (sometimes ios but mostly having issues with
> android I believe).
>
> I was wondering if it would be possible to find out what the best set up
> was for authentication?
>
> We currently have our radius reverse proxy receiving requests and
> passing it onto our dc which is doing nps.
>
> The strange thing is that some requests come through fine and are
> authenticated but others are not.
>
> For authentication we're using windows nps and it's using Peap-MSCHAP v2
> for authentication.
>
> For setting up the service on devices we're currently using
> cat.eduroam.org to get the settings onto remote users kit but success of
> connection has been varied.
>
> Has anyone else experienced this?

You are serving a self-signed certificate (which is BTW going to expire
in less than a year).

Some of its settings are not optimal, like having a CRL distribution
point which cannot be reached from the internet
(http://catscamb07.ceg.local ).

From what I see, CAT serves the installers like it should and there is
no problem on the provisioning side. For consultancy regarding
optimisation of your server setup, please get in touch with your
National Roaming Operator (in your case JISC).

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page