cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT

From: Aaron Wyatt <wyattaa AT bc.edu>
To: Tomasz Wolniewicz <twoln AT umk.pl>
Cc: Aaron Wyatt <aaron.wyatt AT bc.edu>, cat-users AT lists.geant.org
Subject: Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT
Date: Wed, 1 Feb 2017 06:34:41 -0500
Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=bc-edu.20150623.gappssmtp.com

Hi Tomasz-

I've run the connection test and get no errors, only the warning about not needing to include our root CA in the chain presented by our RADIUS server.

I'm confused, how can you expect your client supplicants to trust a RADIUS server they know nothing about?

Aaron

On Jan 31, 2017, at 15:22, Tomasz Wolniewicz <twoln AT umk.pl> wrote:

Hi,

the option you are mentioning is absolutely crucial for security. I understand that with this option disabled, your users are warned about unexpected authentication server and you expect them to override this warning. This opens the possibility of stealing users' credentials trough fake eduroam networks.

There must be a discrepancy between your CAT settings and your server settings. I suggest that you use the CAT testing facility "Check realm reachability" this will run a connection test and should show all possible errors.

Cheers

Tomasz

W dniu 31.01.2017 o 20:58, Aaron Wyatt pisze:

Hello fellow CAT users-

I was wondering if anyone can clarify: Is there a way to specify custom PEAP-MSCHAPv2 configuration settings for the auto-generated Windows CAT config? Specifically I'm interested in changing the DisableUserPromptForServerValidation option. In my testing with Windows 10 this must be set to false in order for users to get on the network.

Aaron

_________________________
Aaron Wyatt
Collaborative Services

Boston College IT Services
aaron.wyatt AT bc.edu
617.552.1278
_________________________

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne       Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Aaron Wyatt, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, A . L . M . Buxey, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Stefan Winter, 02/01/2017
  - Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Aaron Wyatt, 02/01/2017
    - Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Stefan Winter, 02/01/2017