Skip to Content.

cat-users - Re: [[cat-users]] EAP-TTLS and Windows 10

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] EAP-TTLS and Windows 10


Chronological Thread 
    < Chronological >      < Thread >
  • From: Tomasz Wolniewicz <twoln AT umk.pl>
  • To: "Workman, John Robert" <john.workman AT mnsu.edu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] EAP-TTLS and Windows 10
  • Date: Tue, 4 Dec 2018 21:04:15 +0100

Hi,

   I did signal the problem in one of my previous mails. There seems to be no documentation regarding user credential XML profiles for native Windows TTLS or alternative methods for setting the credentials. I was asking the list if anyone has seen something on the subject and got no replies. Both PEAP and TLS are documented and we are using that (unfortunately the EAP credentials schema is marked as legacy). There can be alternative methods but we just did not find anything useful, so for now we are stuck on native TTLS and need to depend on the Windows credentials prompt on the first connection.

Tomasz



W dniu 04.12.2018 o 18:04, Workman, John Robert pisze:

I've had a chance to test the new changes on Windows 10.

One issue I noticed is that when using EAP-TTLS:

If "Use builtin TTLS supplicant for Windows 10" is enabled, the "User credentials" entry dialog doesn't display during the install.

If "Use builtin TTLS supplicant for Windows 10" is not enabled, The "User credentials" entry dialog IS displayed.


When using EAP-PEAP, the "User credentials" entry dialog always is displayed.

This is the dialog box I am referring to:



On 11/26/18 4:09 PM, Tomasz Wolniewicz wrote:

The change WITHOUT the 1803 testing will be available this week, together with some more updates to the system.

We will announce when this gets done.

Tomasz


W dniu 26.11.2018 o 16:38, Workman, John Robert pisze:

I think this would be a really good option. It would be nice if the installer checked that the Windows 10 version is 1803 or newer and warned the user that an upgrade is necessary when they launch the CAT tool.

Any guess to when this change would be available? I'd be happy to help with testing.



On 11/21/18 3:56 AM, Tomasz Wolniewicz wrote:
It would be quite easy to program the Prefer Built-In Supplicant so that all Windows10 installers get the built-in supplicants and I am ready to provide that on the condition that the IdP admin who sets this option is aware that it means that some unpatched W10 systems may have a problem.

Tomasz


W dniu 20.11.2018 o 20:34, Workman, John Robert pisze:

Greetings,

Is there a way to disable bundling the GEANTLink supplicant in the CAT installer when using EAP-TTLS? I don't see any device-specific or eap-type specific options in the Idp admin pages.

I know there are issues with the Microsoft EapTtls supplicant in Windows 10 prior to 1803. We are not concerned with non-updated Windows 10 machines. We'd prefer the user not have to use admin privileges to connect to eduroam.

I remember sometime in October there was discussion on this list about adding a "Prefer Built-In Supplicant" EAP-Type specific option so that the GEANTLink supplicant wouldn't get installed. Is that still on the roadmap to implement? Ideally there would be an option to never bundle GEANTLink, and then display an error message on install if they aren't running 1803 or newer.



-- 
John Workman (john.workman AT mnsu.edu) 
Networking Engineer 
Information and Technology Services 
Minnesota State University, Mankato 
3010 Memorial Library 
Mankato, MN  56001 
Office: 507-389-1337 
Mobile: 507-514-0604 
Fax: 507-389-6115
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users 
-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576
-- 
John Workman (john.workman AT mnsu.edu) 
Networking Engineer 
Information and Technology Services 
Minnesota State University, Mankato 
3010 Memorial Library 
Mankato, MN  56001 
Office: 507-389-1337 
Mobile: 507-514-0604 
Fax: 507-389-6115
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users 
-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576
-- 
John Workman (john.workman AT mnsu.edu) 
Networking Engineer 
Information and Technology Services 
Minnesota State University, Mankato 
3010 Memorial Library 
Mankato, MN  56001 
Office: 507-389-1337 
Mobile: 507-514-0604 
Fax: 507-389-6115
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users 
-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun            pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Attachment: png62jB6BX1bP.png
Description: PNG image


Archive powered by MHonArc 2.6.19.

Top of Page