The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Lukas Wringer <Lukas.Wringer AT rz.uni-augsburg.de>]

Hi,

are there any updates on this?

Greetings, Lukas

Am Montag, den 15.10.2018, 11:11 +0200 schrieb Stefan Winter:
> Hello,
> 
> (** questions ** inside)
> 
> as you have possibly read in recent mailing list traffic, we have
> received word that the Windows 10 built-in supplicant for TTLS is
> again
> functional (it was functional in the original release, broke
> somewhere
> along the way in a feature upgrade, and has now apparently come back
> with the 1803 update; there are separate patch updates for 1703 and
> 1709
> apparently).
> 
> Ever since Windows 10's breakage, we introduced GEANTlink for all
> TTLS
> configurations in Windows 10, which is a viable workaround.
> 
> GEANTlink has the drawback of requiring admin rights during
> installion.
> It has the upside of having much better logging, and the distinctive
> feature that it actually works :-).
> 
> We are in a situation where many of you have gotten used to
> GEANTlink.
> I'm sure some/many of you like the features of it; OTOH I'm almost as
> sure that there are some/many among you who don't like the fact of
> requiring admin rights during installation.
> 
> The thing is: with a Windows 10 built-in supplicant actually working,
> we
> now have a choice of two things we can do: configure the built-in
> supplicant (forgetting about GEANTlink) or continued use of GEANTlink
> (forgetting about built-in).
> 
> A subtlety in this is that a user might have an un-updated Windows 10
> version which still has the broken built-in supplicant. In those
> cases,
> there is no choice and we will keep using GEANTlink.
> 
> ** Do you think we should care about non-updated machines? **
> 
> Since both supplicants have their pros and cons, our current thinking
> is
> that we want to give the choice to you, the IdP admins.
> 
> The plan is: by default, keep things are they are today (principle of
> least surprise) - Windows 10 TTLS installers setup and configure
> GEANTlink - but provide an option on the "Fine-Tuning" level for the
> EAP
> type TTLS: "Prefer Built-In Supplicant" (boolean, check-box). It's
> going
> to be labelled "Prefer" because the installer might have to use
> GEANTlink anyway depending on the release of Windows 10 it finds on
> the
> end-user's machine (unless you tell us that we can ignore un-updated
> systems, in which case the built-in will always be chosen).
> 
> That way, admins who don't take action are not subject to a
> potentially
> nasty surprise and get unchanged behaviour, but those who do care can
> make an informed decision.
> 
> There's a subtlety in that, too, though: so far on Windows 8 we did
> not
> use GEANTlink because the built-in supplicant works there. Once we
> have
> an option to prefer the built-in supplicant or not, we will also
> honour
> it there, meaning that unless an admin configures the "Prefer Built-
> In
> Supplicant" option, the behaviour WILL change towards GEANTlink. So
> much
> for least surprise there, but Windows 8 has a very small footprint
> these
> days, so I don't think there is much of an impact there.
> 
> ** Please let us know by replying to this mail if you see issues with
> this course of action, and if you care much about non-updated Windows
> 10
> systems and/or the behaviour change in Windows 8 installers. **
> 
> Greetings,
> 
> Stefan Winter
> 
-- 
Lukas Wringer

Universität Augsburg
Rechenzentrum
Beratungs- und Servicezentrum "ZEBRA"
86135 Augsburg

Besucheradresse und Servicezeiten:
Universitätsstraße 8
Gebäude L2, Raum 2034
Montag bis Donnerstag von 9.00 bis 14.30 Uhr
Freitag von 9.00 bis 12.00 Uhr

Telefon 0821/598-2020
Telefax 0821/598-2010
Lukas.Wringer AT rz.uni-augsburg.de
https://www.rz.uni-augsburg.de/zebra

Attachment: signature.asc
Description: This is a digitally signed message part