cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: "Schwartz, Roger J" <rschwart AT uthsc.edu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool
- Date: Mon, 9 Sep 2019 20:58:58 +0200
- Autocrypt: addr=twoln AT umk.pl; prefer-encrypt=mutual; keydata= mQENBEvhYBEBCADIlSk8hnUtSfZ1hLbuqiUxTiBtm65lM6OlxjYnWEsH/boOsVS/WdFZebwK 53eg280UcX9VDjFjy5rimsknCvxabnxk13AF//t9mN9tq5MmIkIcRIpLrtqc8Q0s0E84cNzB bDMtRzAd7JUTmKyAnkKE9i2R9FJKzeR9TTeKtBdgXHtUKPHPGOdxUUv8UWKxsj9AYi2CgN98 jiWLx6lTIpaWegWxIyih7WUKSf43Bpi6wFxhfOxteLyQUpIlGg4CasTVGpFsha8KzlupXOLG Tl3hXtQFWvE0tl1GidvTyuQlOzsZ1vjTNEzI25VTkOIgP4IYcWSkP74p/a239ZcTOHhZABEB AAG0IFRvbWFzeiBXb2xuaWV3aWN6IDx0d29sbkB1bWsucGw+iQE4BBMBAgAiBQJL4WARAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA8PEwxkb+lPgkeB/9NAGlmopLel6EEDFz2 ra3KLBx8kXT3G1K/YYyrjDwNjCkAmm0evzQx8g9vPX2OzvE6Ai2Xi9hPd2K/ShPFPcgJzzjr h9H1XYfBb2N/tRwN9tb4XO5i9Tsa4jP+SG8h2yQY57QOeFy16joDmIZiZrAEIGpqqSV24PrX FSo2d1E4dMswqDXlEYk9hwbdW9H4zOQrnDZeRlRx/RW/cmWTd8r5C12dKhlT/D/fBkL3eYT7 rnjHtS+ArnMUsxu2Z/q6bmxqRyv4Vn4pR0n699iLa0ol2hWeQJFaZyTA7JksW8zWu/Zasd9K Dw3jM59vs/SXVdG8pMexAzH5jmEEAgwYwUbVuQENBEvhYBEBCACgAz/z7VTnCsPSBUrjCLyS j+eRtr2tQzSU48Qa5hOcIxAKQJQNgOOqs0Mq9fT9lV+OttaYyKtijt1+G2dVMETVFkdZmM0c g8pVJp398993v89U/iwjfvNoqCM/9z312Poha/oL/EOk+gWYxZbyQ18SY69va2WHr6Pl3bzR 6BQpb86W85MreQ2lxd76b6BgjOXA/b39YyU/fMeFQd+wDpT3K1fUr89dYRnyzQIxTBSPOMLQ ShHKc/S8dStbNlLNcnaiyBOsH4A7b6IizQGqyVHBeL7u05X0/ZVdEIgsO3NmQouqY0/WjBdV qg4EsI1VvvgwXKWafP1MryLy4ZcnNjQZABEBAAGJAR8EGAECAAkFAkvhYBECGwwACgkQPDxM MZG/pT6lUQf8DC3i15okq3VycbpTYuH6f1lQkqanMS0z4z8F6xtCeXq0DBFk0ZzAU/mCwc3V PdUVGtRKGjouSAB1HDeTvAth1vY0oOJG3kXBwkcui3QxM3sxksNCRLLwcZVnsK9rt6UVp5aG qBwKf44BSApGyHNuKDhCfMCQHueqlfhJYfXocw6KDObvTkwygHLmw93ohV66v26yNvGo6+q2 qTDykGyuicACPDTyJTWFh2IwwZFAdzcc7St8aKkXFk0zWvoriWHeTLUnuFw7HN640IJkG74a 4NGco2yPc7Cz6q59rgE9xydOOXRdmnfiuJu0kQvQocD1rVLjW3qXdnxPd2/FhO4vWg==
- Openpgp: preference=signencrypt
|
Could it be that you have two RADIUS servers running and only one has the new cert? If so then depending which one you hot you het an accept or reject. Tomasz
W dniu 09.09.2019 o 20:50, Schwartz,
Roger J pisze:
I get this during the test
eduroamTL dk Connected to eduroam.uthsc.edu. elapsed time: 3381 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some configuration errors were observed; the list is below. The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication. At least one certificate is outside its validity period (not yet valid, or already expired)! The EAP server name does not match any of the configured names in your profile!
Subject:
CN=eduroam.uthsc.edu,OU=ITS
Network Services,O=University of
Tennessee,street=800 Andy Holt
Tower,L=Knoxville,ST=TN,postalCode=37996-1711,C=US
Issuer:
This cert is no longer in use and I have uploaded the new certs
with a new tool.
eduroamTL nl Connected to ise-admin1.netsrv.uthsc.edu. elapsed time: 15096 ms. Test partially successful: a bidirectional RADIUS conversation with multiple round-trips was carried out, and ended in an Access-Reject as planned. Some properties of the connection attempt were sub-optimal; the list is below. The certificate chain includes the root CA certificate. This does not serve any useful purpose but inflates the packet exchange, possibly leading to more round-trips and thus slower authentication. The certificate contained a CN or subjectAltName:DNS which contains a wildcard ('*'). This can be problematic on some supplicants. If the certificate also contains names which are wildcardless, and you only use those for your supplicant configuration, then you can safely ignore this notice. This is the correct information.The live login fails, we are having some latency issues with our internet pipe.
Roger Schwartz
Senior Wireless Network Technician The University of Tennessee Health Science Center Network Services Alexander Building Room 724 877 Madison Ave MEMPHIS, TN 38103 rschwart AT uthsc.edu t: 901.448.2236 From: Tomasz
Wolniewicz <twoln AT umk.pl>
Sent: Monday, September 9, 2019 1:39 PM To: Schwartz, Roger J <rschwart AT uthsc.edu>; cat-users AT lists.geant.org <cat-users AT lists.geant.org> Subject: [Ext] Re: [[cat-users]] Cisco WLC failing auth with cat tool This really looks like a certificate mismatch problem. If you are an admin of your CAT IdP you could run the RADIUS tests from the admin interface and see what it tells you. Tomasz
W dniu 09.09.2019 o 19:30,
Schwartz, Roger J pisze:
I have created a new cat tool for our school as we are moving to Cisco ISE radius servers to authenticate. I am able to connect manually to eduroam, but using the cat tool I keep failing authentication. I have been using the cat tool to connect to our free-radius with no issues. Has anyone seen this or something like it? Thanks Roger
Roger Schwartz
To unsubscribe, send this message:
mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-usersSenior Wireless Network Technician The University of Tennessee Health Science Center Network Services Alexander Building Room 724 877 Madison Ave MEMPHIS, TN 38103 rschwart AT uthsc.edu t: 901.448.2236 Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users --
Tomasz Wolniewicz
twoln AT umk.pl http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
--
Tomasz Wolniewicz
twoln AT umk.pl http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
|
- [[cat-users]] Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] Cisco WLC failing auth with cat tool, Tomasz Wolniewicz, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Hunter Fuller, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Tomasz Wolniewicz, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] [Ext] Re: Cisco WLC failing auth with cat tool, Schwartz, Roger J, 09/09/2019
- Re: [[cat-users]] Cisco WLC failing auth with cat tool, Tomasz Wolniewicz, 09/09/2019
Archive powered by MHonArc 2.6.19.