cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: "Schwartz, Roger J" <rschwart AT uthsc.edu>
- To: Tomasz Wolniewicz <twoln AT umk.pl>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool
- Date: Mon, 9 Sep 2019 18:50:04 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uthsc.edu; dmarc=pass action=none header.from=uthsc.edu; dkim=pass header.d=uthsc.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CuJ/U5l++iizYPLQg4YtwBIb5jKFM6WXl0AhD/evQLo=; b=Zd2EhVwyAlcK1VhBvaL52+vAgyS+Ucts0rdHB+tT67NM25s4cmZAuvAMB/kbTiC9uCEKupqaR8Sc4rOkvj5LEFvA56hPLEBmuHBh6nIkfAreekgfRADlwweE6VZ/qq9T8FpHYGKMSH6IatAKhQZFDAGDeQTjpk4qD2Dvg278/AEQIw1eqvLB9Nx3oC75Gs9ziq7Qkb1nVJoNI+xpc7Bd8wYcEjx7wVHidx/GAI/Qr4kYfn9b2k2qmu7jqydBxFwQ8WQhy413Kj5jf/yxbH+sQeS+yxu26kpu1Kv0NNV6me0ZfgwOdNG8+g2SSI4HnltvioCYOM20Q51js5A/7EsXsg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PceyhyeSNAX3wEbBK0QTpvA/tPM4KGfkNperBC6ro3UmXoR4Z82JwSXj65G0rk12h9PP5Cmi9QnRAZDoDI/pIPSGXFRX0277z/X8HkZYiYdZVUf6TJYhRv+2aMwRG5dojMlVOF+h6nEnNAjMZNirlt7SmhbSS1Fuub3+yFXCQOCEPMHiL0c3jd6a+8sqAmFPl5cLZlZejEoWOahhJtjDk4JhOXsOuJ1g7cxQ+y1pqwGTJ8RTIbm/3LAtplHHOSqMbev7Q0EBuJEZ31k6sle7tsK9SuuAXIWlubsIpDiTHYM7zp6GyEOLSMSDN40ohNs7NpMwLTP75YFtUcJDQy0eew==
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=rschwart AT uthsc.edu;
Connected to eduroam.uthsc.edu. elapsed time: 3381 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some configuration errors were observed; the list is below. |
||
The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication. | ||
At least one certificate is outside its validity period (not yet valid, or already expired)! | ||
The EAP server name does not match any of the configured names in your profile! | ||
|
Connected to ise-admin1.netsrv.uthsc.edu. elapsed time: 15096 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below. |
||
The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication. | ||
The certificate contained a CN or subjectAltName:DNS which contains a wildcard ('*'). This can be problematic on some supplicants. If the certificate also contains names which are wildcardless, and you only use those for your supplicant configuration, then you can safely ignore this notice. |
Roger Schwartz
Senior Wireless Network Technician
The University of Tennessee Health Science Center
Network Services
Alexander Building Room 724
877 Madison Ave
MEMPHIS, TN 38103
rschwart AT uthsc.edu
t: 901.448.2236
Sent: Monday, September 9, 2019 1:39 PM
To: Schwartz, Roger J <rschwart AT uthsc.edu>; cat-users AT lists.geant.org <cat-users AT lists.geant.org>
Subject: [Ext] Re: [[cat-users]] Cisco WLC failing auth with cat tool
This really looks like a certificate mismatch problem. If you are an admin of your CAT IdP you could run the RADIUS tests from the admin interface and see what it tells you.
Tomasz
I have created a new cat tool for our school as we are moving to Cisco ISE radius servers to authenticate. I am able to connect manually to eduroam, but using the cat tool I keep failing authentication. I have been using the cat tool to connect to our free-radius with no issues. Has anyone seen this or something like it?
ThanksRoger
Roger Schwartz
Senior Wireless Network TechnicianThe University of Tennessee Health Science Center
Network Services
Alexander Building Room 724
877 Madison Ave
MEMPHIS, TN 38103
rschwart AT uthsc.edu
t: 901.448.2236
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users
-- Tomasz Wolniewicz twoln AT umk.pl http://www.home.umk.pl/~twoln Uczelniane Centrum Informatyczne Information&Communication Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University, pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- [[cat-users]] Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] Cisco WLC failing auth with cat tool, Tomasz Wolniewicz, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Hunter Fuller, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Tomasz Wolniewicz, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] Cisco WLC failing auth with cat tool, Tomasz Wolniewicz, 09/09/2019
Archive powered by MHonArc 2.6.19.