The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> I'm confused, how can you expect your client supplicants to trust a
> RADIUS server they know nothing about? 

It is the main purpose of the installer to provision the trust settings
in the device.

So, the device certainly doesn't "know nothing about" the server - by
the time the installer has run, all is set.

Stefan

> 
> Aaron
> 
> On Jan 31, 2017, at 15:22, Tomasz Wolniewicz 
> <twoln AT umk.pl
> <mailto:twoln AT umk.pl>>
>  wrote:
> 
>> Hi,
>>
>>    the option you are mentioning is absolutely crucial for security. I
>> understand that with this option disabled, your users are warned about
>> unexpected authentication server and you expect them to override this
>> warning. This opens the possibility of stealing users' credentials
>> trough fake eduroam networks.
>>
>> There must be a discrepancy between your CAT settings and your server
>> settings. I suggest that you use the CAT testing facility "Check realm
>> reachability" this will run a connection test and should show all
>> possible errors.
>>
>> Cheers
>>
>> Tomasz
>>
>>
>>
>> W dniu 31.01.2017 o 20:58, Aaron Wyatt pisze:
>>> Hello fellow CAT users-
>>>
>>> I was wondering if anyone can clarify:  Is there a way to specify
>>> custom PEAP-MSCHAPv2 configuration settings for the auto-generated
>>> Windows CAT config?  Specifically I'm interested in changing the
>>> DisableUserPromptForServerValidation option.  In my testing with
>>> Windows 10 this must be set to false in order for users to get on the
>>> network.
>>>
>>> Aaron
>>>
>>> _________________________
>>> Aaron Wyatt
>>> Collaborative Services
>>> Boston College IT Services
>>> aaron.wyatt AT bc.edu
>>>  
>>> <mailto:aaron.wyatt AT bc.edu>
>>> 617.552.1278
>>> _________________________
>>> To unsubscribe, send this message:
>>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>>> Or use the following link:
>>> https://lists.geant.org/sympa/sigrequest/cat-users
>>
>> -- 
>> Tomasz Wolniewicz    
>>           
>> twoln AT umk.pl
>>         http://www.home.umk.pl/~twoln
>>
>> Uczelniane Centrum Informatyczne       Information&Communication 
>> Technology Centre
>> Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
>> pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
>> tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: 
>> +48-693-032-576
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature