cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: Amadeu HUBY-COELHO <amadeu.huby-coelho AT dauphine.fr>, eduroam.fr-corres AT groupes.renater.fr, cat-users AT lists.geant.org
- Cc: support reseau <support.reseau AT dauphine.fr>, Jean-Christophe GAY <jean-christophe.gay AT dauphine.fr>
- Subject: Re: [[cat-users]] Problème connexion Eduroam Université Paris Dauphine
- Date: Wed, 1 Mar 2017 13:29:19 +0100
- Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,
> Nous rencontrons des problèmes d'authentifications sur plusieurs OS
> différents. Les OS impactés sont ceux d'Apple et Windows 7. Pas de
> soucis constatés sous Android ou Ubuntu.
That's an odd combination of problems. Apple installers specifically are
"very different" from Windows ones.
Any information about Windows 8 and 10?
> Le message que nous avons sur l'outil de diagnostiques Windows 7 est le
> suivant :
> 2017-02-21 12:32:09.711095 8864 4900 GÉANTLink Error 0x322 in EAP-TTLS
> peer (Reason 0): eap::method_tls::verify_server_trust Name provided in
> server certificate is not on the list of trusted server names. <null>
>
> Tandis que le "Tests statiques de connectivité" est OK sur le portail
> cat.eduroam.org. Les certificats sont correctement déposés dans la
> définition de l'IdP ainsi que les noms des serveurs radius.
>
> Nous avons vérifié l'ensemble de nos certificats et tous sont à jour et OK.
Yes, you are using TCS certificates from DigiCert and there is really
"nothing special" about it.
> Pouvez-vous nous apporter votre aide dans la résolution de problème ?
Well, there are two things worth trying out to isolate the problem.
I see that you are configuring four different server names:
[0] => radius1.dauphine.fr
[1] => radius2.dauphine.fr
[2] => as1.dauphine.fr
[3] => as2.dauphine.fr
Since you seem to be using only [0], could you delete the other three
from your CAT config and see if the then generated installers behave
better in either all or at least one of the OSes?
As the second thing to try, the O attribute of your server certificate
contains the accented e character. I find it hard to believe that Apple
devices have a problem with a non-ASCII character, but it is not
entirely impossible. For Win 7, GEANTlink could have those same
problems. If Win 8 and 10 are not having problems, then that would be
because we are not making use of GEANTlink there (hence my initial
question about additional data points on Win 8 and 10).
The only way to test this though is to get a certificate from DigiCent
on the O name of "University of Paris 9 - Dauphine" (I believe the org
vetting from DigiCert allows for English spellings in addition to the
"canonical" ones).
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [[cat-users]] Problème connexion Eduroam Université Paris Dauphine, Amadeu HUBY-COELHO, 02/21/2017
- Re: [[cat-users]] Problème connexion Eduroam Université Paris Dauphine, Stefan Winter, 03/01/2017
Archive powered by MHonArc 2.6.19.