The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Visser,Ramon R.D." <r.visser AT fontys.nl>]

Hi Stefan,

 

in the attachment the requested certs.

 

I have to find an ChromeBook to give you the exact details.

 

 

Ramon Visser • Virtueel Security Cluster Coördinator, Dienst IT • Fontys Hogescholen

Het Eeuwsel 2, 5612 AS • Gebouw S1, kamer /flex • Postbus 347, 5600 AH Eindhoven

r.visser AT fontys.nl +31618390398

 

-----Oorspronkelijk bericht-----
Van: Stefan Winter [mailto:stefan.winter AT restena.lu]
Verzonden: donderdag 31 augustus 2017 15:51
Aan: Visser,Ramon R.D. <r.visser AT fontys.nl>; cat-users AT lists.geant.org
Onderwerp: Re: [[cat-users]] ChromeOS eduroam CAT config

 

Hello,

 

> We have an question about de configuration file for ChromeOS

> devices.>> In the IdP we configured the EAP details for this profile:>

> Although after downloading and importing the .ONC (see attachment)

> into an ChromeOS device the CA fields are empty and not containing the

> specific information about the publisher of our radius wifi.fontys.nl

> certificate:

> 

> Is this correct?

 

No, it's not: after installing the ONC file and clicking on the network for the first time, you should see a pre-filled form which only misses username/password settings.

 

It looks like the ONC file was either not imported correctly (you can verify by looking at the list of "Preferred Networks" - eduroam should be in that list once you installed the ONC file), or for some reason ChromeOS thinks that the network you are connecting to does not match the one configured (e.g. we install eduroam as WPA2 network - if the network is a, shudder, WEP network, it is too different to be considered a config match).

 

So, can you please find out if eduroam is in the list of preferred networks after installation?

 

Also, independently of the issue at hand, are you sure that this CA is really the one that has issued your server certificate? I believe the "Assured ID Root CA" issues client certificates for email signing (S/MIME), but no server certificates. If you want to, you can send me the server cert off-list (NOT the key of course). I tried to grab it via EAP from the @fontys.nl eduroam server, but it seems to be an MS IAS which rejects me before it even sends a certificate.

 

Greetings,

 

Stefan Winter

 

--

Stefan WINTER

Ingenieur de Recherche

Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université

L-4365 Esch-sur-Alzette

 

Tel: +352 424409 1

Fax: +352 422473

 

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me

 

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

========================================================== Op deze e-mail zijn de volgende voorwaarden van toepassing: http://www.fontys.nl/disclaimer The above disclaimer applies to this e-mail message.