Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Eduroam CAT Tool Configuration

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Eduroam CAT Tool Configuration


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Venkat Reddy Banda <venkat.banda AT lsbm.ac.uk>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] Eduroam CAT Tool Configuration
  • Date: Tue, 14 Nov 2017 09:01:31 +0100
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hi,

well, this is a warning, and it's qutie explicitly telling you that this
is harmless and expected if you are using a RADIUS server which rejects
requests based on outer identity.

Do you maybe have a RADIUS server which rejects users based on outer
identity? The default config for Microsoft NPS does exactly that. In
that case, there is nothing to worry about (so long as actual end user
authentications work, of course).

If you want the checks to get past this, you can configure an outer
identity which the RADIUS server "lets through" - i.e. in NPS, a user
identifier which actually exists in the AD.

Greetings,

Stefan Winter



Am 13.11.2017 um 16:10 schrieb Venkat Reddy Banda:
> Hi Stefan,
>
>  
>
> We are getting below errors in realm check.
>
>  
>
>  
>
>  
>
>  
>
> Thank you.
>
>  
>
> Regards,
>
> Venkat Reddy Banda
>
> London School of Business and Management.
>
>  
>
>  
>
> -----Original Message-----
> From: Stefan Winter
> [mailto:stefan.winter AT restena.lu]
> Sent: 13 November 2017 12:10
> To: Venkat Reddy Banda
> <venkat.banda AT lsbm.ac.uk>;
>
> cat-users AT lists.geant.org
> Subject: Re: [[cat-users]] Eduroam CAT Tool Configuration
>
>  
>
> Hello,
>
>  
>
>> Thanks for the reply.
>
>>
>
>> We are listed on https://cat.eduroam.org. Currently we are testing the
> tool.
>
>>
>
>> The question I have is : Which CA files I need to upload in to tool.
>
>>
>
>> Our Server certificate is from https://www.thawte.com/. I have
> uploaded CA certificates from this site. When it comes to authentication
> on the server its rejecting.
>
>>
>
>> I thought there is something in the tool I have misconfigured. Could
> you help us?
>
>  
>
> There are many CA certificate in Thwate's portfolio.
>
>  
>
> You only need to upload
>
>  
>
> a) the (one) root CA certificate that issued your server cert
>
> b) optionally, but recommended, all the intermediate CAs that make up
> the certification path from said root CA to your server cert.
>
>  
>
> If you'd post the "Subject" part of your server cert (or send the entire
> thing, please WITHOUT the private key of course) then it's fairly simple
> to look up which CAs you need.
>
>  
>
> Even though I'm surprised you weren't given those certificates on the
> same download page that gave you the server cert itself - all these
> belong together.
>
>  
>
> Greetings,
>
>  
>
> Stefan Winter
>
>  
>
> --
>
> Stefan WINTER
>
> Ingenieur de Recherche
>
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
> de la Recherche 2, avenue de l'Université
>
> L-4365 Esch-sur-Alzette
>
>  
>
> Tel: +352 424409 1
>
> Fax: +352 422473
>
>  
>
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
> recipient's key is known to me
>
>  
>
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
>


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page