Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] installers for use on eduroam-test (local non-production SSID)

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] installers for use on eduroam-test (local non-production SSID)


Chronological Thread 
  • From: David Andrus <david_andrus AT byu.edu>
  • To: "stefan.winter AT restena.lu" <stefan.winter AT restena.lu>, IAM David Bantz <db AT alaska.edu>
  • Cc: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] installers for use on eduroam-test (local non-production SSID)
  • Date: Tue, 16 Oct 2018 06:40:55 +0000
  • Accept-language: en-US
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=byu.edu

Short answer because I'm on mobile:

There are a lot of benefits for users and your support group.

First of all manual configuration on Android sucks if you're a non-technical person. Heck even some of our IT people struggle with it.

Second I've seen first hand plenty of Windows machines that couldn't connect and then running the CAT installer had them working perfectly with no significant troubleshooting required. It's actually one of our first troubleshooting steps after making sure the username/password are correct to the extent we can.

Third there are a lot of security benefits to using a trusted installer like Stefan mentioned.

If you want to talk more about my experience with CAT feel free to call me during business hours mountain time on Tuesday. Phone number is in my email signature.

--
David Andrus
Network Product Manager
Brigham Young University
O: 801-422-0969
C: 385-312-7414




On Tue, Oct 16, 2018 at 12:20 AM -0600, "IAM David Bantz" <db AT alaska.edu> wrote:

Thank you for this response Stefan Winter.

To expand a bit on our need for testing CAT installers with multiple devices: in our case, testing is demonstrate to networking and user support groups that CAT installers are a viable approach to client configuration. Our network and user support groups are skeptical of relying on CAT installers, while confident that simplest manual configuration (providing scoped username and password to native supplicants) is adequate; downloading and installing CAT profile installers is regarded as unnecessary more complex configuration they fear will be less robust and require additional support. 

David Bantz
U Alaska

On Mon, Oct 15, 2018 at 2:03 AM Stefan Winter <stefan.winter AT restena.lu> wrote:
Hello,

> I've generated installers for a new RADIUS and local eduroam deployment,
> currently broadcasting on eduroam-test so as not to interfere with
> ongoing eduroam connections relying on legacy infrastructure.
>
> I configured eduroam-test as additional SSID. That requires user entry
> of full credentials twice (once for eduroam, again for eduroam-test) and
> disrupts device connection to the real eduroam network (which relies on
> different RADIUS servers and different user authN method).
>
> Is it possible to configure installers ONLY for eduroam-test? I
> understand the supplicants would not be functional for roaming, but
> that's not an issue at this stage of testing.

CAT is a tool to facilitate configuration of eduroam and its roaming
use; and so we always include the SSID eduroam in all installers.

However if you want to do local testing, you may not even need CAT - if
you are testing on a small number of select devices, these can just as
well be configured by hand?

If the test device population is larger and/or diverse and you really
want/need to include CAT installers in the testing phase, I'd suggest:

- create a second deployment profile for your IdP
- only in that profile add the additional SSID eduroam-test
- if you want to enable download of these installers on the CAT UI: in
the profile description, include text to say that this is for testing
purposes and may disturb normal eduroam operations
- if you do not want to enable public download: do not set the
"Production-Ready" flag - then only you as an administrator can download
the installers in the "Fine-Tuning" page and distribute to the testers
via your own means.

Greetings,

Stefan Winter


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users



Archive powered by MHonArc 2.6.19.

Top of Page