cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: "Downton, Sam" <samuel.downton AT metoffice.gov.uk>
- To: Stefan Winter <stefan.winter AT restena.lu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: RE: [[cat-users]] TLS Failures from Android
- Date: Mon, 14 Jan 2019 07:49:47 +0000
- Accept-language: en-GB, en-US
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=metoffice.onmicrosoft.com
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=samuel.downton AT metoffice.gov.uk;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hi Stefan,
Thanks for your response.
> And is the client Android maybe a rather old version? Sometimes TLS
> versions from the future confuse clients from the past. :-)
The opposite is true unfortunately! The clients we are experiencing the issue
on are Google Pixel 2 phones running Android 9. They have no issue connecting
to our eduroam implementation when configured manually, so it would appear to
be a configuration issue rather than a lack of compatibility with the
infrastructure.
Kind regards,
Sam.
Sam Downton IT Practitioner - Network Services
Met Office Fitzroy Road Exeter EX1 3PB UK
Tel: +44(0)330 135 2306 Fax 0870 9005050
E-Mail: samuel.downton AT metoffice.gov.uk Website: http://www.metoffice.gov.uk
-----Original Message-----
From: Stefan Winter <stefan.winter AT restena.lu>
Sent: 14 January 2019 06:47
To: Downton, Sam <samuel.downton AT metoffice.gov.uk>; cat-users AT lists.geant.org
Subject: Re: [[cat-users]] TLS Failures from Android
Hello,
> I am certain that we have all the authentication parameters correct,
> and the correct CA cert, but when configuring the device using the
> tool, all authentications fail with an error on the RADIUS server:
> "EAP-PEAP:
> fatal alert by client - internal_error".
>
> iPhone and Windows profiles seem to work as designed.
>
> Is this something any one has had issues with?
I haven't come across this exact error message yet. What I can say is that it
is unusual - a "simple" cert rejection would be logged on the RADIUS side
with a clear error message indicating that the client does not like the
server cert, not an "internal error".
A shot into the blue: is your server using (only) newest TLS versions?
And is the client Android maybe a rather old version? Sometimes TLS versions
from the future confuse clients from the past. :-)
In any case, from the looks of it this seems to be an interop issue CAT can
not do much about. Can you detail which device or Android version this is?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche 2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's
key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
- [[cat-users]] TLS Failures from Android, Downton, Sam, 01/11/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
- RE: [[cat-users]] TLS Failures from Android, Downton, Sam, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Alan Buxey, 01/14/2019
- RE: [[cat-users]] TLS Failures from Android, Downton, Sam, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
- RE: [[cat-users]] TLS Failures from Android, Downton, Sam, 01/14/2019
- Re: [[cat-users]] TLS Failures from Android, Stefan Winter, 01/14/2019
Archive powered by MHonArc 2.6.19.