The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Martin Pauly <pauly AT hrz.uni-marburg.de>]

Hello,

> > That indeed sounds like you still get 1.x installers from cat.eduroam.de.
Stefan Winter is right. Your MPI has not yet migrated its profile
to cat.eduroam.org. (Simply search for "Kohlenforschung" on both sites.)
You may ask your local IT admins about that.
But you do not necessarily have to wait to uesr eduroam.

Am 06.02.19 um 13:43 schrieb Nico Spiller:
> I am running ubuntu 18.04 and tested on two separate machines.
The modern installer form cat.eduroam.org does nothing magic but
closely resembles the manual setup provided by NetworkManager:
On an Ubuntu 18.04, it creates a new connection entriy (i.e. config
snippet as text file) in /etc/NetworkManager/system-connections.
Looking at your MPI's other profiles, they do EAP-TTLS/PAP,
i.e. EAP-TTLS for Phase 1, and PAP for Phase 2.
As CA cert, configure /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem

After manual Setup with NetworkManager, you will find the textfile
named after the connection in said location. There's one important
difference, though: The new CAT Linux installer adds a line that
triggers a check for the correct server name. Without this check,
an attacker who possesses a valid cert from the same commercial CA
could still fool your PC to connect his false "eduroam" infrastructure,
thus stealing your password. But checking the cert at all is THE
first step to secure eduroam. So you can try to connect now and
run the new CAT installer for added security once your MPI is on
cat.eduroam.org.

OT to everyone: This missing item in the GNOME NM dialog seems a
major flaw to me -- or am I missing something?

Regards, Martin


--
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: pauly AT HRZ.Uni-Marburg.DE
   D-35032 Marburg

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature