The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Marc Fradin <Marc.Fradin AT imt-atlantique.fr>]

Hi

yes it works fine with your EAP TTLS Plugin GEANTlink (login or username without @realm , like under Linux),
thanks

would not it be better to specify that @realm is mandatory at the end of the installation of a windows profile (PEAP Mschapv2) ,
here for example ?

Greetings,

Marc

On 24/08/2018 08:55, Stefan Winter wrote:

Hello,

it seems that under Windows (7,10) it is /mandatory /to specify
id*@realm* in the "internal" identity whereas it is not the case under
Android or Ios if *anonymous@realm *is set in the profile

in this case, is it not necessary to specify it at the time of
configuration?

The Windows built-in supplicant behaves like that, yes. We can only
configure it within its own limits, and not change that behaviour.

The root cause is that anon ID configuration in that supplicant only
allows you to specify the local part before the @ - the suffix, which is
required to be there in eduroam, is inferred from the actual inner
identity. Which in turn means the inner identity needs to have the
suffix in it.

An alternative is to enable the EAP type TTLS on your server, and to let
CAT produce TTLS installers - in those, we include our our own EAP
plug-in called GEANTlink which doesn't have such an "interesting"
limitation.

Greetings,

Stefan Winter