The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Venkat Reddy Banda <venkat.banda AT lsbm.ac.uk>]

Hi Stefan,

Thanks for the email. We managed to work it out. The cat tool is working now.

Thank you.

Regards,
Venkat Reddy Banda
London School of Business and Management.

-----Original Message-----
From: Stefan Winter 
[mailto:stefan.winter AT restena.lu]
 
Sent: 14 November 2017 08:02
To: Venkat Reddy Banda 
<venkat.banda AT lsbm.ac.uk>;
 
cat-users AT lists.geant.org
Subject: Re: [[cat-users]] Eduroam CAT Tool Configuration

Hi,

well, this is a warning, and it's qutie explicitly telling you that this is 
harmless and expected if you are using a RADIUS server which rejects requests 
based on outer identity.

Do you maybe have a RADIUS server which rejects users based on outer 
identity? The default config for Microsoft NPS does exactly that. In that 
case, there is nothing to worry about (so long as actual end user 
authentications work, of course).

If you want the checks to get past this, you can configure an outer identity 
which the RADIUS server "lets through" - i.e. in NPS, a user identifier which 
actually exists in the AD.

Greetings,

Stefan Winter



Am 13.11.2017 um 16:10 schrieb Venkat Reddy Banda:
> Hi Stefan,
> 
>  
> 
> We are getting below errors in realm check.
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Thank you.
> 
>  
> 
> Regards,
> 
> Venkat Reddy Banda
> 
> London School of Business and Management.
> 
>  
> 
>  
> 
> -----Original Message-----
> From: Stefan Winter 
> [mailto:stefan.winter AT restena.lu]
> Sent: 13 November 2017 12:10
> To: Venkat Reddy Banda 
> <venkat.banda AT lsbm.ac.uk>;
>  
> cat-users AT lists.geant.org
> Subject: Re: [[cat-users]] Eduroam CAT Tool Configuration
> 
>  
> 
> Hello,
> 
>  
> 
>> Thanks for the reply.
> 
>>
> 
>> We are listed on https://cat.eduroam.org. Currently we are testing 
>> the
> tool.
> 
>>
> 
>> The question I have is : Which CA files I need to upload in to tool.
> 
>>
> 
>> Our Server certificate is from https://www.thawte.com/. I have
> uploaded CA certificates from this site. When it comes to 
> authentication on the server its rejecting.
> 
>>
> 
>> I thought there is something in the tool I have misconfigured. Could
> you help us?
> 
>  
> 
> There are many CA certificate in Thwate's portfolio.
> 
>  
> 
> You only need to upload
> 
>  
> 
> a) the (one) root CA certificate that issued your server cert
> 
> b) optionally, but recommended, all the intermediate CAs that make up 
> the certification path from said root CA to your server cert.
> 
>  
> 
> If you'd post the "Subject" part of your server cert (or send the 
> entire thing, please WITHOUT the private key of course) then it's 
> fairly simple to look up which CAs you need.
> 
>  
> 
> Even though I'm surprised you weren't given those certificates on the 
> same download page that gave you the server cert itself - all these 
> belong together.
> 
>  
> 
> Greetings,
> 
>  
> 
> Stefan Winter
> 
>  
> 
> --
> 
> Stefan WINTER
> 
> Ingenieur de Recherche
> 
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale 
> et de la Recherche 2, avenue de l'Université
> 
> L-4365 Esch-sur-Alzette
> 
>  
> 
> Tel: +352 424409 1
> 
> Fax: +352 422473
> 
>  
> 
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the 
> recipient's key is known to me
> 
>  
> 
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
> 


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche 2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's 
key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66