Skip to Content.

cat-users - RE: [[cat-users]] [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


RE: [[cat-users]] [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app


Chronological Thread 
    < Chronological >      < Thread >
  • From: Linchuan Yang <linchuan.yang AT concordia.ca>
  • To: CANARIE Tickets System <tickets AT canarie.ca>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: RE: [[cat-users]] [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app
  • Date: Thu, 5 Aug 2021 14:46:10 +0000
  • Accept-language: en-CA, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=concordia.ca; dmarc=pass action=none header.from=concordia.ca; dkim=pass header.d=concordia.ca; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qai59WtAVUkDVPbR2Jb16glI0nv9w7zmUUa4oIL/ljc=; b=hbuJDn5J3fHajUNhuAeB5ebATw0m40IF/nayWztzgcfbSfwLtcjNyYJS+WtPjejFYqI0AA5B/6Jva5dbGubo73XXOQHMC9lw2/kKvT1tClCLjvDHxVVmmWh9yDykxluMZDRuMCQj38RVJeAspOBCT0H3346eUiuTewr9ESjE/oj3rQ+/xhj10pFzyRqpwEiBHKsZKKNDZ0lzYB1aJefGJMF5ClCcdnniZTstswQtSpU4YfEEQjtm80EaWzHLgVpYhli798Lw97u1bo/z289NhKZD9NVCtqDM1qc5LD3SMtoYOZrOnmkOvCIIdRtrp3zY1PBgu0y9sIGSQGlmWa5H/A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bfpAP9DklHThBshh6IfnfJ2vtGqAhujQPGJ81ip5e93jFyksXm0T4Nv+6cxw6ySWp4S3sINEEN6b76Zg5sqV5Va1+EDWMrWMgTbVWCGle9E5UbkhTtBM4Awzvhmvn+5NJdORXjtjRUEEb9C6hGqStnXrg0sZwuBbeAYYnOFNvuppJYvNp6XxL+PEfB4jZF7UdcYWNpFTzRoU2el6wimvqUjCMTy/tXayZRhWoKw0Eb9lT+TLgieBFrB0slppN7HF4FHjD229r3a00YpCbGxo09VBzuM1JTWzNhZoxLO51hN4mzjH2SOtlOsUMpSmG2rkruCe9vPGrGvYnpifmLQatg==
  • Authentication-results: canarie.ca; dkim=none (message not signed) header.d=none;canarie.ca; dmarc=none action=none header.from=concordia.ca;
  • Importance: high

Dear Chris and All

 

Our radius servers could not be reached from outside, that might be the reason. In fact, we have two wireless authentication system (Aruba and Cisco), and there are 5 servers. All of these servers use the same CA “wireless.concordia.ca” for the radius authentication. So for the part of “EAP Details for this profile”, shall we put “wireless.concordia.ca” as the “Name (CN) of Authentication Server”?

 

Thank you, and have a nice day.

 

Yours,

Linchuan Yang (Antony)
CCIE# 61220

Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664

 

 

 

From: Linchuan Yang
Sent: Sunday, August 1, 2021 10:54 PM
To: CANARIE Tickets System <tickets AT canarie.ca>
Subject: RE: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app

 

Thank you for your help, Chris

 

I did the test, and got the same result as yours. Does that mean the users could not be authenticated by our radius servers? Do you know what could be the possible reason? As I remembered, one of our retired employee asked to enable his account to login eduroam SSID from other country last month, and he confirmed that he can login after we enable his account.

 

Have a good night.

 

Yours,

Linchuan Yang (Antony)
CCIE# 61220

Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664

 

 

 

From: CANARIE Tickets System <tickets AT canarie.ca>
Sent: Friday, July 30, 2021 3:46 PM
To: Linchuan Yang <linchuan.yang AT concordia.ca>
Subject: Re: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app

 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'exterieur du domaine de concordia.ca

 

 

Hi Linchuan..
I tried this via cat.eduroam.org and the appropriate profile and it failed to connect.
Have you been able to test from the cat live login test interface?





 

Chris Phillips

CANARIE | Canadian Access Federation support
https://www.canarie.ca/identity/



07/23/2021 10:20 - Linchuan Yang wrote:

Thank you for your help, Chris
 
The testing account is canarie AT concordia.ca/!q2w3e4R
 
Please let me know your testing result.
 
Have a nice day.
 
Yours,
Linchuan Yang (Antony)
CCIE# 61220
Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
 
 
 
From: CANARIE Tickets System <tickets AT canarie.ca>
Sent: Thursday, July 29, 2021 5:56 PM
To: Linchuan Yang <linchuan.yang AT concordia.ca>
Subject: Re: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app
 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'exterieur du domaine de concordia.ca

 

 

Linchuan,
Thanks for being persistent in reaching out.

I have time at 10 to 10:30 tomorrow to connect.
There are a few things to review/examine about your use of the profile as it is not using the anonymous profile.

Please see this:
https://www.canarie.ca/document/enabling-anonymous-outer-identity-with-eduroam-cat-and-nps/

As for provisioning the 2nd SSID and problems authenticating do you have test accounts that can be used? This can be used right in the live tests in CAT which would ensure things can be checked.

Thanks!




 

Chris Phillips

CANARIE | Canadian Access Federation support
https://www.canarie.ca/identity/



07/23/2021 10:20 - Linchuan Yang wrote:

Dear Chris and All
 
After we removed the server certificate (wireless.concordia.ca) from our profile as you suggested in the previous e-mail. The Android client can download and install the profile with the app “geteduroam”. However, when they tried to login both “eduroam” and “ConcordiaUniversity” SSID, they got an error message that the password is wrong. In fact, they input the correct password.
 
Meanwhile, we also tested the app “eduroam CAT” on the Android devices, it can download and install the profile. And the clients can login “eduroam” SSID right away after the installation. However, as I mentioned in the previous e-mail, the app “eduroam CAT” for Android devices can only push the configuration of one SSID “eduroam” to the device, and could not push the configuration of “ConcordiaUnviersity” to the device, and we have to manually configure “ConcordiaUniversity” SSID.
 
Could you please help us to solve this problem as well?
 
Thank you, and have a nice day.
 
Yours,
Linchuan Yang (Antony)
CCIE# 61220
Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
 
 
 

From: Linchuan Yang
Sent: Wednesday, July 28, 2021 9:47 AM
To: CANARIE Tickets System <tickets AT canarie.ca>
Cc: cat-users AT lists.geant.org
Subject: RE: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app

 
Good morning, Chris and all
 
Do you have time to help us to check the problem of “missing realm”?
 
Thank you, and have a nice day.
 
Yours,
Linchuan Yang (Antony)
CCIE# 61220
Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
 
 
 

From: Linchuan Yang
Sent: Tuesday, July 27, 2021 10:06 AM
To: CANARIE Tickets System <tickets AT canarie.ca>
Cc: cat-users AT lists.geant.org
Subject: RE: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app

 
Good morning, Chris
 
Could you please help us to solve the problem of missing realm?
 
Thank you, and have a nice day.
 
Yours,
Linchuan Yang (Antony)
CCIE# 61220
Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
 
 
 

From: Linchuan Yang
Sent: Monday, July 26, 2021 11:47 AM
To: CANARIE Tickets System <tickets AT canarie.ca>
Subject: RE: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app

 
Thank you so much for your help, Chris
 
I removed the server certificate in our profile. However, for the Outer ID Handling, I input the info as the following:
 

 
 
and the system gave an error:
 

 
 
Could you please show me how to configure the realm in our profile? What Realm name should we use?
 
Thank you, and have a nice day.
 
Yours,
Linchuan Yang (Antony)
CCIE# 61220
Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
 
 
 
From: CANARIE Tickets System <tickets AT canarie.ca>
Sent: Monday, July 26, 2021 10:45 AM
To: Linchuan Yang <linchuan.yang AT concordia.ca>
Subject: Re: [CANARIE-20210723101] Please help with the error of Android devices by using geteduroam app
 

Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'exterieur du domaine de concordia.ca

 

 

Linchuan Yang,

Thanks for your request. I called and left you a voicemail this morning. Here's the follow up on it!

We've consulted with geteduroam.app's team and reviewed your current profile.
Based on that we have these recommendations for the profile and then regression test things to ensure they are being provisioned as expected:
1.     checkbox the anonymous profile and use 'anonymous384135 AT concordia.ca' as the anonymous outer id that appropriately fingerprints the traffic. The '384135 portion is unique 
2.     remove the server cert as shown in red it is likely causing the problem and the server name is appropriately handled with the cn=wireless.concordia.ca
3.     One 1 and 2 are taken care of, please retest and include the additional SSID processing. Note that it too will need to handle the anonymous384135 AT concordia.ca outer id settings too.

Let us know if you have questions. The adjustments to the realm and cert are only a few clicks to adjust. 



 

Chris Phillips

CANARIE | Canadian Access Federation support
https://www.canarie.ca/identity/



07/23/2021 10:20 - Linchuan Yang wrote:

Dear Sir/Madam
 
We found that after switching the app from “eduroam CAT” to “geteduroam” for the Android devices, the end users get the error message (please find the screenshot in the attached file) after they selecting “Concordia University” and inputting the username and password. We tried with “eduroam CAT” app with the same steps, and everything is good for all of the Android clients. Furthermore, we tested the “geteduroam” app for iPhone, and the user can install the profile without any problem. Could you please help to solve this problem for the Android clients?
 
We also have another question: we setup two SSID (eduroam and ConcordiaUniversity) in the profile. For other systems (e.g. Win10, Macbook, iPhone, etc.), the profile push both eduroam and ConcordiaUnviersity configuration to the devices of end users. However, for Android devices (we tested with the app “eduroam CAT” because “geteduroam” does not work), the profile only push the configuration of eduroam to the Android devices, and we have to manually configure ConcordiaUniversity SSID on the Android devices. Is it possible to modify the profile for Android devices to push both SSID to the devices of end users?
 
Thank you, and have a nice day.
 
Yours,
Linchuan Yang (Antony)
CCIE# 61220
Cisco Certified Specialist # CSCO13331076
Wireless Networking Analyst
Network Assessment and Integration,
IITS-Concordia University
Tel: (514)848-2424 ext. 7664
 


Archive powered by MHonArc 2.6.19.

Top of Page