cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Thomas Andersen <than AT itu.dk>
- To: Daniel Ehlers <ehlers AT rz.uni-kiel.de>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: RE: [[cat-users]] google playstore whitelist for captive portal
- Date: Thu, 17 Oct 2019 10:14:16 +0000
- Accept-language: da-DK, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=itu.dk; dmarc=pass action=none header.from=itu.dk; dkim=pass header.d=itu.dk; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7NPm2X7fZaoW/+Y5CRHIQgOAZ+KDbYXSqUAgAYSiJ8Q=; b=jHAdERQU403QukV0+TdYdzgHryFLcIzqbrVV9vQbgchDFdB9nK1SgYXnPQLNBQPezmpydjC0/DSl++QtgnR3oDlJSZ1KQi5dRBKi5inTUkUpWZohmXYJbheSOnAM+TnArV+VlKfyu6Q5GgrF8njnngvPlXiZ+mpRXAAtojpcYxRBidgPm7PYBxJLCt/jx8slrQ14/7DQ3W/D0hoSDjby2ium1yvpDFucCsiMjiOopOkI31g56dezgJG3m+IlmAaYC+KXZT6IMtOYMfPyGir4PSb30iT02da6JJVvVjyuwA69ob5jEaNZ15Aip6NDy3PxKMiWfCC4IyHlb9zB6yFyMw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WWVX2DTKrMTlhem0AlzCLadw1e+vTj+nBj/jI5NfJ/p92EOg8LfvzA3FXTmhXtvTYiMuLgUawvuFDW1FSLtFLA5YFw3j+LbxFrnm0zvlv//ZU9CWcJaMSUvHBgruQ9DokcQGTfmhTjabw0LWfC5aPybnLI/6ZTEob9nhEMBBypMJRAVQLWdTBGOHejrxQCOSwjUYUKyB17HPnjAV2PWRTmfIG6D7lsHmpRCvwckKJ/8MaduNPp3gqZzde9BIjcngkdTrBbw2thmCh77rl8rh0AmvfkI3lFCb1DcOMO5GuX92i5PHgSHZHznyIGWhLZIJZgDMGpEXNuDjDE8B5x0b9w==
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=than AT itu.dk;
Hi,
Just a few thoughts:
Personally I find it difficult and unstable to maintain and rely on a list
like that.
Chances are, that google will reorganize and your onboarding will break.
We already have a guest network, where people register and we send a txt
message back with username/password for the guest network.
From there they have full internet access but very limited internal access,
hence they are forced to make an 802.1x connection.
As a side note, we have whitelisted cat.eduroam.org in our CWP, so they can
download for computers and iOS without registration, since only the android
are depending on play store.
Br,
Thomas
-----Original Message-----
From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org>
On Behalf Of Daniel Ehlers
Sent: 17. oktober 2019 11:09
To: cat-users AT lists.geant.org
Subject: Re: [[cat-users]] google playstore whitelist for captive portal
Hi,
> I recommend my users to download it via their mobile providers.
That is possible for some, but many of our students, especially those on
erasmus exchange,
don't have access to local mobile providers. We also use the setup wifi to
guide the users
to the matching installation guide, currently differentiates between android
and apple devices.
> I found this list for Aruba Wireless, maybe it's already enough:
> https://github.com/aruba/clearpass-cloud-service-whitelists/blob/master/onboard/onboard_android.md
That is a very unrestricted, especially "www.google.com" is a no go. The
connectivitycheck subdomains
are those you need to redirect (302), so the captive portal catch mechanism
works reliable.
Maybe I paste what we have so far, all the domains have an implicit wildcard
on the left:
android.l.google.com
android.clients.google.com
play.google.com
ggpht.com
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
clients5.google.com
clients6.google.com
photos-ugc.l.google.com
googleusercontent.com
ajax.googleapis.com
play-fe.googleapis.com
play.google-apis.com
play.googleapis.com
googleapis.l.google.com
apis.google.com
gstatic.com
wallet.google.com
checkout.google.com
gvt1.com
gvt2.com
regards Daniel
> -----Original Message-----
> From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org>
> On Behalf Of Daniel Ehlers
> Sent: Wednesday, October 16, 2019 3:57 PM
> To: 'cat-users AT lists.geant.org' <cat-users AT lists.geant.org>
> Subject: [[cat-users]] google playstore whitelist for captive portal
>
> Hi,
>
> we are running a captive portal / setup wifi network for device boarding,
> as suggested in the about section of [1].
> Sadly the given recommended list for google play is far from complete and
> thus we have extended that list over
> time. Does anyone know of any complete/official list of hostnames forr a
> whitelist for accessing google play?
>
> regards
>
> Daniel Ehlers
>
> [1] https://cat.eduroam.org/
>
--
Daniel Ehlers
Christian-Albrechts-Universität zu Kiel
Rechenzentrum
Abteilung Netze und Infrastruktur
Ludewig-Meyn-Str. 4
D-24118 Kiel
Tel: +49 (0)431 880-1982
Fax: +49 (0)431 880-1523
ehlers AT rz.uni-kiel.de
www.uni-kiel.de
- [[cat-users]] google playstore whitelist for captive portal, Daniel Ehlers, 10/16/2019
- RE: [[cat-users]] google playstore whitelist for captive portal, Oberli Patrick, 10/16/2019
- Re: [[cat-users]] google playstore whitelist for captive portal, Daniel Ehlers, 10/17/2019
- RE: [[cat-users]] google playstore whitelist for captive portal, Thomas Andersen, 10/17/2019
- Re: [[cat-users]] google playstore whitelist for captive portal, Daniel Ehlers, 10/17/2019
- Re: [[cat-users]] google playstore whitelist for captive portal, Alan Buxey, 10/17/2019
- Re: [[cat-users]] google playstore whitelist for captive portal, Mikael Bak, 10/17/2019
- RE: [[cat-users]] google playstore whitelist for captive portal, Thomas Andersen, 10/17/2019
- Re: [[cat-users]] google playstore whitelist for captive portal, Daniel Ehlers, 10/17/2019
- RE: [[cat-users]] google playstore whitelist for captive portal, Oberli Patrick, 10/16/2019
Archive powered by MHonArc 2.6.19.