Skip to Content.
Sympa Menu

cat-users - RE: [[cat-users]] Eduroam CAT Tool Configuration

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

RE: [[cat-users]] Eduroam CAT Tool Configuration


Chronological Thread 
  • From: Venkat Reddy Banda <venkat.banda AT lsbm.ac.uk>
  • To: Stefan Winter <stefan.winter AT restena.lu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: RE: [[cat-users]] Eduroam CAT Tool Configuration
  • Date: Tue, 14 Nov 2017 09:48:16 +0000
  • Accept-language: en-GB, en-US
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=lsbm.onmicrosoft.com
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=venkat.banda AT lsbm.ac.uk;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi Stefan,

Thanks for the email. We managed to work it out. The cat tool is working now.

Thank you.

Regards,
Venkat Reddy Banda
London School of Business and Management.

-----Original Message-----
From: Stefan Winter
[mailto:stefan.winter AT restena.lu]

Sent: 14 November 2017 08:02
To: Venkat Reddy Banda
<venkat.banda AT lsbm.ac.uk>;

cat-users AT lists.geant.org
Subject: Re: [[cat-users]] Eduroam CAT Tool Configuration

Hi,

well, this is a warning, and it's qutie explicitly telling you that this is
harmless and expected if you are using a RADIUS server which rejects requests
based on outer identity.

Do you maybe have a RADIUS server which rejects users based on outer
identity? The default config for Microsoft NPS does exactly that. In that
case, there is nothing to worry about (so long as actual end user
authentications work, of course).

If you want the checks to get past this, you can configure an outer identity
which the RADIUS server "lets through" - i.e. in NPS, a user identifier which
actually exists in the AD.

Greetings,

Stefan Winter



Am 13.11.2017 um 16:10 schrieb Venkat Reddy Banda:
> Hi Stefan,
>
>  
>
> We are getting below errors in realm check.
>
>  
>
>  
>
>  
>
>  
>
> Thank you.
>
>  
>
> Regards,
>
> Venkat Reddy Banda
>
> London School of Business and Management.
>
>  
>
>  
>
> -----Original Message-----
> From: Stefan Winter
> [mailto:stefan.winter AT restena.lu]
> Sent: 13 November 2017 12:10
> To: Venkat Reddy Banda
> <venkat.banda AT lsbm.ac.uk>;
>
> cat-users AT lists.geant.org
> Subject: Re: [[cat-users]] Eduroam CAT Tool Configuration
>
>  
>
> Hello,
>
>  
>
>> Thanks for the reply.
>
>>
>
>> We are listed on https://cat.eduroam.org. Currently we are testing
>> the
> tool.
>
>>
>
>> The question I have is : Which CA files I need to upload in to tool.
>
>>
>
>> Our Server certificate is from https://www.thawte.com/. I have
> uploaded CA certificates from this site. When it comes to
> authentication on the server its rejecting.
>
>>
>
>> I thought there is something in the tool I have misconfigured. Could
> you help us?
>
>  
>
> There are many CA certificate in Thwate's portfolio.
>
>  
>
> You only need to upload
>
>  
>
> a) the (one) root CA certificate that issued your server cert
>
> b) optionally, but recommended, all the intermediate CAs that make up
> the certification path from said root CA to your server cert.
>
>  
>
> If you'd post the "Subject" part of your server cert (or send the
> entire thing, please WITHOUT the private key of course) then it's
> fairly simple to look up which CAs you need.
>
>  
>
> Even though I'm surprised you weren't given those certificates on the
> same download page that gave you the server cert itself - all these
> belong together.
>
>  
>
> Greetings,
>
>  
>
> Stefan Winter
>
>  
>
> --
>
> Stefan WINTER
>
> Ingenieur de Recherche
>
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale
> et de la Recherche 2, avenue de l'Université
>
> L-4365 Esch-sur-Alzette
>
>  
>
> Tel: +352 424409 1
>
> Fax: +352 422473
>
>  
>
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
> recipient's key is known to me
>
>  
>
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
>


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche 2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's
key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66



Archive powered by MHonArc 2.6.19.

Top of Page