Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT


Chronological Thread 
  • From: Aaron Wyatt <wyattaa AT bc.edu>
  • To: Stefan Winter <stefan.winter AT restena.lu>
  • Cc: Tomasz Wolniewicz <twoln AT umk.pl>, Aaron Wyatt <aaron.wyatt AT bc.edu>, cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT
  • Date: Wed, 1 Feb 2017 07:59:18 -0500
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=bc-edu.20150623.gappssmtp.com

Alan, Stefan-- thanks for your explanations.

So if I'm not getting any errors from the CAT config test, do you know how I
might go about troubleshooting this?

Could it be that we have multiple RADIUS servers that may be responding? The
RADIUS cert we use contains the SAN dns name of each server's fqdn, but could
this cause "confusion" on the part of the supplicant?

Aaron

> On Feb 1, 2017, at 07:06, Stefan Winter
> <stefan.winter AT restena.lu>
> wrote:
>
> Hi,
>
>> I'm confused, how can you expect your client supplicants to trust a
>> RADIUS server they know nothing about?
>
> It is the main purpose of the installer to provision the trust settings
> in the device.
>
> So, the device certainly doesn't "know nothing about" the server - by
> the time the installer has run, all is set.
>
> Stefan
>
>>
>> Aaron
>>
>> On Jan 31, 2017, at 15:22, Tomasz Wolniewicz
>> <twoln AT umk.pl
>> <mailto:twoln AT umk.pl>>
>> wrote:
>>
>>> Hi,
>>>
>>> the option you are mentioning is absolutely crucial for security. I
>>> understand that with this option disabled, your users are warned about
>>> unexpected authentication server and you expect them to override this
>>> warning. This opens the possibility of stealing users' credentials
>>> trough fake eduroam networks.
>>>
>>> There must be a discrepancy between your CAT settings and your server
>>> settings. I suggest that you use the CAT testing facility "Check realm
>>> reachability" this will run a connection test and should show all
>>> possible errors.
>>>
>>> Cheers
>>>
>>> Tomasz
>>>
>>>
>>>
>>> W dniu 31.01.2017 o 20:58, Aaron Wyatt pisze:
>>>> Hello fellow CAT users-
>>>>
>>>> I was wondering if anyone can clarify: Is there a way to specify
>>>> custom PEAP-MSCHAPv2 configuration settings for the auto-generated
>>>> Windows CAT config? Specifically I'm interested in changing the
>>>> DisableUserPromptForServerValidation option. In my testing with
>>>> Windows 10 this must be set to false in order for users to get on the
>>>> network.
>>>>
>>>> Aaron
>>>>
>>>> _________________________
>>>> Aaron Wyatt
>>>> Collaborative Services
>>>> Boston College IT Services
>>>> aaron.wyatt AT bc.edu
>>>>
>>>> <mailto:aaron.wyatt AT bc.edu>
>>>> 617.552.1278
>>>> _________________________
>>>> To unsubscribe, send this message:
>>>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>>>> Or use the following link:
>>>> https://lists.geant.org/sympa/sigrequest/cat-users
>>>
>>> --
>>> Tomasz Wolniewicz
>>>
>>> twoln AT umk.pl
>>> http://www.home.umk.pl/~twoln
>>>
>>> Uczelniane Centrum Informatyczne Information&Communication
>>> Technology Centre
>>> Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
>>> pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
>>> tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.:
>>> +48-693-032-576
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
>
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
> de la Recherche
> 2, avenue de l'Université
> L-4365 Esch-sur-Alzette
>
> Tel: +352 424409 1
> Fax: +352 422473
>
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
> recipient's key is known to me
>
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
> <0x8A39DC66.asc>



Archive powered by MHonArc 2.6.19.

Top of Page