FYI, in case any of you run into the same mistake I made, see below:
From: Hunter Fuller <hf0002 AT uah.edu>
Sent: Tuesday, March 23, 2021 2:41 PM
To: Stephen Rasmussen <srasmussen AT sfasu.edu>
Subject: Re: [External] [[cat-users]] Question about CAT for my site
WOW! I did not know that was case sensitive. I am definitely gonna keep that one in my back pocket. You may want to share with the list. I don't think it's stupid at all, anyone could make this mistake.
--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
Hunter,
Following up, it turns out the entirety of my issue was stupid. I defined the server name (host name) in CAT as upper case letters for the host portion of the fqdn, and the cert
was for lower case. D’oh!
Thanks for all your help,
Stephen
From: Hunter Fuller <hf0002 AT uah.edu>
Sent: Monday, March 22, 2021 12:44 PM
To: Stephen Rasmussen <srasmussen AT sfasu.edu>
Subject: Re: [External] [[cat-users]] Question about CAT for my site
It isn’t immediately ringing any bells. If you can send the entire log that’d be great. But to be honest, you may also need to loop the list back in, if I can’t figure it out.
Hunter,
Taking your advice and enabling those logs, I am getting several instances of this:
Error 82 Find Security Catalog for File Result Element not found
I’ve no idea what that means. Thoughts?
Thanks,
|
|
Stephen Rasmussen
System Network Administrator, Telecommunications and Networking
SFA | Information Technology Services
P.O. Box 6095, SFA. Nacogdoches, TX 75962-6095
Office 936.468.1246
srasmussen AT sfasu.edu
| www.sfasu.edu
|
The views and opinions expressed in this message are my own and do not necessarily reflect the
views and opinions of Stephen F. Austin State University, its Board of Regents or the State of Texas.
From: Hunter Fuller <hf0002 AT uah.edu>
Sent: Monday, March 22, 2021 12:17 PM
To: Stephen Rasmussen <srasmussen AT sfasu.edu>
Cc: cat-users AT lists.geant.org
Subject: Re: [External] [[cat-users]] Question about CAT for my site
If your RADIUS server doesn't even see the request, then your client is probably not trusting the server certificate.
Try this part:
"The CAPI2 event log is useful for troubleshooting certificate-related issues. By default, this log isn't enabled. To enable this log, expand Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2, select and hold (or right-click) Operational,
and then select Enable Log."
Then view that log and hopefully it will shed some light.
It may also be possible to enable more verbose logging on the RADIUS server, in which case you may see an aborted TLS setup with this client, every time you try to connect using
the CAT-installed profile.
--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
Hunter,
Thanks for the reply. To address your second question, yes, I have access to the realm test thingy; my realm has been working for weeks, and there are no errors. Now to your first
comment…
There are no RADIUS server messages, because the OS reports I cannot even join the SSID in order to SEND a RADIUS request. Here’s what it looks like to me. If I don’t use the
CAT and simply right-click on the “eduroam” SSID in the bottom right of my Windows OS, one option is to connect. When I click “Connect”, it prompts for username and password. I put both in, and all is well. However, when I use the CAT, a part of the configuration
dialog is:
Username:
Password:
Confirm password:
However, when I click “Install”, in the bottom right of the OS it says, “Password required for eduroam. Connect?” Even though I put in the username, the password, and confirmed
password. It is as if the password is not being saved and passed to the OS by the CAT. Then, the OS doesn’t allow for the input of ONLY the password. It just says, “Can’t connect to this network”. I’m puzzled….
Thanks,
|
|
Stephen Rasmussen
System Network Administrator, Telecommunications and Networking
SFA | Information Technology Services
P.O. Box 6095, SFA. Nacogdoches, TX 75962-6095
Office 936.468.1246
srasmussen AT sfasu.edu
| www.sfasu.edu
|
The views and opinions expressed in this message are my own and do not necessarily reflect the
views and opinions of Stephen F. Austin State University, its Board of Regents or the State of Texas.
From: Hunter Fuller <hf0002 AT uah.edu>
Sent: Monday, March 22, 2021 11:50 AM
To: Stephen Rasmussen <srasmussen AT sfasu.edu>
Cc: cat-users AT lists.geant.org
Subject: Re: [External] [[cat-users]] Question about CAT for my site
Generally the "Action needed" means that Windows either doesn't have the auth information it needs to connect, or it tried the auth that was saved (by CAT in this case) and it didn't
work. Debugs from your RADIUS server would be helpful. I'm also curious whether the eduroam testing thingy (https://www.anyroam.net/test/realm)
reports any warnings, if you have access to that.
--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
Hello,
I do not know if this is an issue related to the upgrade to version 2.0.4 or not, but need to report something or ask where I can get help.
I have been configuring CAT for our tool, and am NEARLY done, but having a problem with a test. The issue I have is that, for example if I run the CAT which I downloaded onto a
Windows 10 machine and answer the dialog questions appropriately, it tells me it is finished, but I get a popup in the bottom right which says “Action needed”. The only choice I have (for eduroam) is “connect”, and that fails. However, if I forget the eduroam
network, and then join it manually, as I’ve done all through testing, it works fine. So, something is wrong with my CAT setup, I think, as it is not a configuration issue with my SSID, or my RADIUS server. Is this something that you folks can help me with?
Or point me in a direction as to why I am getting “Action needed”?
Thanks,
|
|
Stephen Rasmussen
System Network Administrator, Telecommunications and Networking
SFA | Information Technology Services
P.O. Box 6095, SFA. Nacogdoches, TX 75962-6095
Office 936.468.1246
srasmussen AT sfasu.edu
| www.sfasu.edu
|
The views and opinions expressed in this message are my own and do not necessarily reflect the
views and opinions of Stephen F. Austin State University, its Board of Regents or the State of Texas.
--
--
Hunter Fuller (they)
Router Jockey
VBH Annex B-5
+1 256 824 5331
Office of Information Technology
The University of Alabama in Huntsville
Network Engineering
|