The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi,

Wiadomość napisana przez Martin Pauly <pauly AT hrz.uni-marburg.de> w dniu 06.10.2021, o godz. 13:47:

Hi,

W dniu 05.10.2021 o 12:07, Thorsten Fritsch pisze:

we have reports from several Linux users (ie. Ubuntu 18.0.4, Linux
Mint 20.1) that the Certificates no longer get installed when
running the CAT Installer. In our case the QuoVadis Certs are not
to be found in /etc/ssl/certs after running the installer.
Could it be related to the recent upgrade to CAT 2.0.4 ?

On 05.10.21 18:09, Tomasz Wolniewicz wrote:

AT never installed certificates to the main store. It copies it to
.cat_installer in user's home directory and points the NetworkManager
to this location. It has always been like that. This way we do not
interfere with the trust settings for anything else then this
particular network profile.

I just had to (remotely) support an Ubuntu 20.04 from another German university this morning.
Basically, it works for standard installs of the Debian/Ubuntu family. technically, it's as simple as Tomasz'
description.
The most common issues are:
1. make the installer script executable after download
  AFAIK this has to be done via CLI because GNOME 3 simply removed this item from the file properties dialog

The easiest way is just ta call it as python3 script_name. Takes a lot less time than making it executable.

2. You have to call python2 where modern installs usually default to python3
Not really sure about the last one, though.
@ Stefan, Tomasz: Would it make sense to add a popup hint (like the one used with .ONC e.g.)
for the Linux installer mentioning these details?

I believe we have dropped support for python2. If you call the script with python2 then it will try o execute itself with python3 instead and fail if it cannot find it. Therefore I do not understand the issue here.

OTOH, from all graphical supplicant interfaces, Network Manager's is the best by far (compare it to
the nightmarish Windows dialogs...)
So if you happen to auth against a public CA, configuring things manually really is no big deal.
IMO, the only glitch is to call the Outer Identity "Anonymous Identity", this is a bit misleading.

Well, with a public CA, the server name becomes the crucial element of security so that you do not trust just any server with the given CA behind. And this is something that the GUI will not even let you to add, I think.

Tomasz

Cheers, Martin

--
 Dr. Martin Pauly     Phone:  +49-6421-28-23527
 HRZ Univ. Marburg    Fax:    +49-6421-28-26994
 Hans-Meerwein-Str.   E-Mail: pauly AT HRZ.Uni-Marburg.DE
 D-35032 Marburg

—

Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uniwersyteckie Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika         Nicolaus Copernicus University,
pl. Rapackiego 1, Torun                pl. Rapackiego 1, Torun, Poland
            tel: +48-56-611-2750; tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: S/MIME cryptographic signature