Skip to Content.
Sympa Menu

cat-users - RE: [[cat-users]] Apple Proxy Settings

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

RE: [[cat-users]] Apple Proxy Settings


Chronological Thread 
  • From: Daniel Sheppard <da.sheppard AT uwinnipeg.ca>
  • To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: RE: [[cat-users]] Apple Proxy Settings
  • Date: Wed, 24 Nov 2021 17:15:47 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uwinnipeg.ca; dmarc=pass action=none header.from=uwinnipeg.ca; dkim=pass header.d=uwinnipeg.ca; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LkFeC8Tr5iLrRP9zCqQBLUgw5dyEx4a7RFLpxOnGezE=; b=BiayheiJ8MyNt+983y3E2gaJV22oNitzGATDmfU6Fz21ch1yeG86XwDerOg09KFy9zga3Dw1wZjOT1HQqA7i8rDW/azsRuQLiLrRDX3rXGWv0ZcaUzxpiMq0gjOnl1E68cyy50swQqy9J1/PwjTvG2P5Umb1p/K0euyD5RZxEIemQnTIWbpMAxJ+iYcm6/wvNJcVMy6tb2GI54fuNM+wP4zRj+kOR3EhH6M2OGyL2lk4Osb1X0B2AYxIrKAY5zGgMF/e14yD5JFIFu9ZCu6+1lmJWgZLxC7Ne8NB56aChjKCGoUI7tlcxGteMLgEM8RuKSOFJedqNK/i/dQ75qo8+w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c3aUjY91X1mfdDytpfOLLwtR2Q/SX7jEXIK7b3WOunMsDeRYUppefmhR82YVQ9tetbI/He58+HRAcgPUghVnXW/RbNVE9rW1uoEW2soyz7RszoaPPzDO25n46jRTsy6/HXiIeAW942EleJM1KOnWn55f4sZTmv5jCUi1fb3yLUqMDbwUfQv7b0WaudLLG8D6NOaXAVOgrl3eoupoC4pRRAP1DfQMA+guVI6Lkt5vL5OuCjTfYujimZRHDs8A7QFFXSCdeH1X4oLevXCV0vSKDc+o+vCDnehV91PbXEY7u5u+chm4bG5URI4I650DCojZHE5OBej+J11wDtt0ucJtzQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uwinnipeg.ca;

I dug back into this issue.

 

Here is what specifically was happening:

 

·         The user had Google Nest WiFi at home

·         The system would send a request to wpad.lan

·         At home (where it failed) this would return a REFUSED

·         At the institution (where it worked) or using cloudflare DNS (which also works) it sent a NXDOMAIN

 

For those that were having issues, did it query against institutional DNS?  Did it return a NXDOMAIN or REFUSED?  I am thinking of opening a issue for this as it appears to be something that definitely isn’t intended.

 

 

Thanks,
---

Daniel Sheppard

Senior Network Analyst – Core

Technology Solutions

 

P 204.789.1402

E da.sheppard AT uwinnipeg.ca

 

515 Portage Avenue 
Winnipeg, Manitoba, Canada
R3B 2E9

 

uwinnipeg.ca

 

http://uwinnipeg.ca/branding/images/uw-esig-logo.png

 

 

 

From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org> On Behalf Of Daniel Sheppard
Sent: Monday, November 22, 2021 08:30
To: cat-users AT lists.geant.org
Subject: RE: [[cat-users]] Apple Proxy Settings

 

Notice: This is external email. Verify the sender and use caution with any content.

 

We are experiencing this problem too, however the issue isn’t so much with our own network but when the user roams to home for whatever reason the proxy being set to auto breaks his home connection.

 

We ended up giving the user a manual profile that removed these settings (the issue isn’t that you choose Auto, On or Off, but that they are deployed at all).  The solution is to not deploy these keys into the profile config, or allow configuration of them but also allow a non-option to not deploy them.

 

 

From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org> On Behalf Of Perry, Matthew
Sent: Monday, November 22, 2021 07:23
To: Higgs, Russell <Russell.Higgs AT city.ac.uk>; cat-users AT lists.geant.org
Subject: RE: [[cat-users]] Apple Proxy Settings

 

Notice: This is external email. Verify the sender and use caution with any content.

 

I ended up using Apple Configurator 2 to create a new profile for our Apple devices that has the proxy turned off and well as adding a KB article to our site for how to disable the proxy.  I still haven’t figured out what is happening.  We have search out DHCP and DNS settings and there are no entries for WPAD in there. 

 

From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org> On Behalf Of Higgs, Russell
Sent: Monday, November 22, 2021 5:04 AM
To: cat-users AT lists.geant.org
Subject: RE: [[cat-users]] Apple Proxy Settings

 

: This message has originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email.

We have same issue, and we can’t find any setting to change this either. I downloaded the profile for another University during testing, which seems to have the same settings and indicate it’s possibly not configurable. For now, we’ve had to update our instructions to the users to tell them to turn this setting off which is still an inconvenience as not all users see this instruction.

 

Thanks

 

Russell Higgs

Senior Network Analyst, Information Technology

City, University of London

Northampton Square

London EC1V 0HB

T: +44 (0)20 7040 8199

M: +44 (0)7391 868225

www.city.ac.uk

 

 

From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org> On Behalf Of Perry, Matthew
Sent: 16 November 2021 13:51
To: cat-users AT lists.geant.org
Subject: [[cat-users]] Apple Proxy Settings

 

CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and believe the content to be safe.

 

We have recently noticed that the cat installer is setting the Proxy Settings on apple products both iOS and MacOS to Automatic.  This seems to be suddenly breaking those devices from working until the user goes in can manually edits this setting to Off.  Am I missing a setting in the ieduroam Configuration Tool?  I don’t have any proxy setting set in there.   I tried setting the “Mandatory Content Filtering Proxy” to off but it looks like that only accepts and IP address as a value.

 

Thanks,

 

Matthew Perry

Lesley University

Network Systems Engineer

 




Archive powered by MHonArc 2.6.19.

Top of Page