The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Marcin Balcerzyk" <mbalcerzyk AT us.es>]

Dear All.

 

Recently Windows 10 Mobile got an update in WiFi section. I missed the actual moment possibly a month ago, but now I can connect to Eduroam in University of Seville with my Lumia 640 XL. Do not use WiFi (Legacy), but the new one WiFi in settings. I use version 1607 and a built for Insiders: 10.0.14965.1000. I connect as simple as from Windows 10 PC. You put only the ID with @us.es and a password accepting a certificate. I did not try to log in from other universities yet.

 

I attach the screen of settings from my phone. Please diffuse the message among Windows 10 Mobile users. I cannot log in to foros.eduroam.es, I am not allowed with my UVUS account, although previously I could.

 

Kind regards

 

Marcin Balcerzyk, Ph.D.
Unidad Ciclotron,
Centro Nacional de Aceleradores,
Universidad de Sevilla-CSIC-Junta de Andalucia,
Parque Tecnólogico Cartuja 93,
c/Thomas Alva Edison Nº 7,
41092 Sevilla (Spain),
Tel.: (+34) 954 460 553 ext. 236,
Fax: (+34) 954 460 145,
mobile:(+34) 697 322 126
Skype: balcerzm

 

From: Marcin Balcerzyk [mailto:mbalcerzyk AT us.es]
Sent: martes, 26 de enero de 2016 11:24
To: Jose Manuel Macias Luna <jmanuel.macias AT rediris.es>; 'Stefan Winter' <stefan.winter AT restena.lu>
Cc: 'Daniel Daza Muñoz' <daniel AT us.es>; 'Alan Buxey' <A.L.M.Buxey AT lboro.ac.uk>; cat-users AT lists.geant.org; 'Gustavo A. Rodriguez' <gusrodri AT us.es>; 'Carmen Lopez (Nené)' <carmen AT us.es>
Subject: RE: [[cat-users]] Installation of Eduroam for Windows Phone 8.1 and10

 

Hi

 

First of All thank you for all input. I hope that one day my WP10 will get connected to Eduroam and lots of people who have this system will finally get to Eduroam.

 

You can manually configure WiFi in Windows 10 PC. Eduroam of US.ES just asked me for the password and ID with Windows 8.1 PC, so it seems it negotiated the configuration. WP10 has limited parameters to configure. Cat.eduroam.org has a profile for unknown systems, but WP10 doesn’t know what to do with this XML file.

 

I used US.ES CSIC.ES and UCM.ES credentials and none worked.

 

Regards

Marcin Balcerzyk

 

From: Jose Manuel Macias Luna
Sent: lunes, 25 de enero de 2016 13:35
To: Marcin Balcerzyk; 'Stefan Winter'
Cc: 'Daniel Daza Muñoz'; 'Alan Buxey'; cat-users AT lists.geant.org; 'Gustavo A. Rodriguez'; 'Carmen Lopez (Nené)'
Subject: Re: [[cat-users]] Installation of Eduroam for Windows Phone 8.1 and10

 

 

Hi Marcin,

 

  it is not clear for me if you are using US credentials or not. US

implements EAP-TTLS+PAP only (unless Daniel or Gustavo –they are

administrators there– say a different thing).

 

For what I know, in Windows Phone, only PEAP+MSCHAPv2 and TTLS+MSCHAPv2

are available, but the second is different of TTLS+PAP, and requires the

home institution of the user having the password stored in certain

format (I think in that line is the response by Gustavo).

 

On the other hand, apart from manually configuring the device in those

cases where that possibility exists (that's what UA did, I guess), in

order for eduroam CAT to support that platform, it's also necessary that

the vendor implements some way of configuring/provisioning the network

in an unattended way. That is available for certain Windows Desktop

versions, but –again, I'm not sure if that's the case– not for Windows

Phone... maybe Stefan/Tomasz could confirm this.

 

But maybe I'm wrong in some of the assertions in this message... :)

 

Jose.

 

 

El 25/01/16 a las 10:29, Marcin Balcerzyk escribió:

> Dear Stefan

>

> I attach the original of the explanation of why I cannot authenticate

> to Eduroam via University of Seville. It is in Spanish, and I include

> the corrected automatic translation:

>

> " Although WP 10 says that it supports EAP-TTLS-PAP to authenticate,

> i.e. when the user enters their credentials so that access point

> starts the authentication process, WP10 send them in a format that is

> not understood by the server that has to make the verification,

> radius server, so it does not work, this has nothing to do with the

> certificate, therefore the problem is that your device sends a format

> that, in theory, should be EAP-TTLS-PAP but in reality it is not, we

> have other devices that send the data correctly and that there are no

> problems. What is the possible solution? Apparently it is enough to

> add PEAP as the authentication protocol, but this solution neither is

> immediate nor easy, because it implies among other things the LDAP

> directory store keys in a different format to which it does it now,

> what we do not know if it is possible; We will investigate it and try

> if it is possible to implement it"

>

> " Estimado Sr., soy Gustavo Rodríguez, responsable del Área de

> Comunicaciones en la que está integrado Daniel Daza con el que ha

> estado en contacto por los problemas de conexión que tiene para

> acceder a eduroam desde el dispositivo que menciona en su correo, voy

> a intentar resumirle de manera breve las razones de esa imposibilidad

> desde nuestra institución. Aunque WP 10 dice que soporta EAP-TTLS-PAP

> para autenticarse, es decir cuando el usuario introduce sus

> credenciales para que el punto de acceso inicie el proceso de

> autenticación, las envía en un formato que no entiende el servidor

> que ha de hacer la verificación, servidor radius, por lo tanto no

> funciona, esto no tiene nada que ver con el certificado, por lo tanto

> el problema radica en que su dispositivo envía un formato que en

> teoría debería de ser EAP-TTLS-PAP pero que en realidad no lo es,

> tenemos otros dispositivos que lo envían correctamente y con los que

> no hay problemas. ¿Cuál es la posible solución? Aparentemente

> bastaría con añadir PEAP como protocolo de autenticación, pero esta

> solución ni es inmediata ni es fácil, porque implica entre otras

> cosas que el directorio, LDAP, almacene las claves en un formato

> distinto al que ahora tiene, lo que no sabemos si es posible; vamos a

> investigarlo e intentar si fuera posible su puesta en marcha.

>

> Atentamente.

>

> Gustavo A. Rodríguez. Dtor. Técnico Área de omunicaciones. Servicio

> de Informática y Comunicaciones. Universidad de Sevilla."

>

>

> Stefan, I hope the explanation is now much more clear. I am not sure

> if cat.eduroam.org can implement WP10 solution for just several

> institutions, but I assure you that Univesity of Alicante in Spain

> did it somehow:

> http://si.ua.es/en/wifi/eduroam/peap/eduroam-installation-for-windows-phone-8.html.

>

>

> Waiting for your reply.

>

> Kind regards

>

> Marcin Balcerzyk, Ph.D. Unidad Ciclotron, Centro Nacional de

> Aceleradores, Universidad de Sevilla-CSIC-Junta de Andalucia, Parque

> Tecnólogico Cartuja 93, c/Thomas Alva Edison Nº 7, 41092 Sevilla

> (Spain), Tel.:  (+34)  954 460 553 ext. 226, Fax:  (+34)   954 460

> 145, mobile:(+34) 697 322 126 Skype: balcerzm

>

>

>

> -----Original Message----- From: Stefan Winter

> [mailto:stefan.winter AT restena.lu] Sent: 22 January 2016 12:52 To:

> Marcin Balcerzyk <mbalcerzyk AT us.es>; 'Alan Buxey'

> <A.L.M.Buxey AT lboro.ac.uk>; cat-users AT lists.geant.org Cc: 'Daniel Daza

> Muñoz' <daniel AT us.es> Subject: Re: [[cat-users]] Installation of

> Eduroam for Windows Phone 8.1 and 10

>

> Hello,

>

>> It did not work. This is my local university (University of

>> Seville). I ask IT an person and they said that the way EAP

>> certificate is stored in the directory is incompatible with Windows

>> Phone 10 setting and they do not want to do anything about it (I

>> think that I understood it well).

>

> Well... If they tell you they don't want to make this work for you,

> then I'm not sure how we can be of much help?

>

> I see that their server cert does not contain a Extension CA:FALSE

> (which some OSes seem to like). That would certainly be easy to fix,

> but only they can do that. IF that is the actual issue.

>

>> I tried also logging in with credentials of CSIC.ES and UCM.ES,

>> where I have accounts, hoping for  the authentication slight

>> differences, but non worked. The description of the eduroam

>> settings are here

>>

>>

>>

>> UCM.ES: https://www.ucm.es/ssii/eduroam

>

> At least this one has a certificate which is very well-behaved and

> does not raise any warnings. If Windows Phone doesn't like that

> certificate, then all shame is on Windows 10 IMHO.

>

> Your earlier comment on the us.es IT staff seems to indicate that

> they actually know what exactly Windows Phone dislikes about the

> certificate. That's great - I don't :-) If you can get the admins to

> tell us what the issue is, we may be able to add checks for that

> condition in our tools...

>

>> CSIC.ES does not have a clear description of their authentication

>> method.

>

> I have browsed through some documentation on their website and they

> have TTLS-PAP as one supported method; they are using the TCS service

> for their server certificates (just like ucm.es)

>

>> I have found on Spanish Eduroam forum a link to Microsoft that

>> states that EAP-TTLS (PAP) is supported on WP8.1 but it seems it is

>> not: https://msdn.microsoft.com/en-us/library/dn643706.aspx.

>

> I don't understand. That article lists TTLS-PAP just fine? But then

> again, why are you now talking about WP 8.1 now? Earlier you say that

> you have WP 10?

>

>> Any suggestion?

>

> More and clearer information would be nice.

>

> Greetings,

>

> Stefan Winter

>

>>

>>

>>

>> Kind regards

>>

>>

>>

>> Marcin Balcerzyk, Ph.D.

>>

>> Unidad Ciclotron,

>>

>> Centro Nacional de Aceleradores,

>>

>> Universidad de Sevilla-CSIC-Junta de Andalucia,

>>

>> Parque Tecnólogico Cartuja 93,

>>

>> c/Thomas Alva Edison Nº 7,

>>

>> 41092 Sevilla (Spain),

>>

>> Tel.:  (+34)  954 460 553 ext. 226,

>>

>> Fax:  (+34)   954 460 145,

>>

>> mobile:(+34) 697 322 126

>>

>> Skype: balcerzm

>>

>>

>>

>> *From:*Alan Buxey [mailto:A.L.M.Buxey AT lboro.ac.uk] *Sent:* sábado,

>> 12 de diciembre de 2015 18:06 *To:* Marcin Balcerzyk

>> <mbalcerzyk AT us.es>; cat-users AT lists.geant.org *Subject:* Re:

>> [[cat-users]] Installation of Eduroam for Windows Phone 8.1 and 10

>>

>>

>>

>> Just install the CA as per your organisation's requirements and

>> then use your username/password as per requirements. It'll work,

>> securely, with no need for CAT App (which is a long long way away)

>>

>> alan

>>

>> To unsubscribe, send this message:

>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users Or use

>> the following link:

>> https://lists.geant.org/sympa/sigrequest/cat-users

>

>

> -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau

> Téléinformatique de l'Education Nationale et de la Recherche 2,

> avenue de l'Université L-4365 Esch-sur-Alzette

>

> Tel: +352 424409 1 Fax: +352 422473

>

> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the

> recipient's key is known to me

>

> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

>

> To unsubscribe, send this message:

> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users Or use

> the following link:

> https://lists.geant.org/sympa/sigrequest/cat-users

>

 

 

Attachment: wp_ss_20161201_0001.png
Description: PNG image