Skip to Content.

cat-users - Re: [[cat-users]] CAT for Chrome OS

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] CAT for Chrome OS


Chronological Thread 
    < Chronological >      < Thread >
  • From: wifi-master AT univ-fcomte.fr
  • To: Stefan Winter <stefan.winter AT restena.lu>
  • Cc: MARC HAMELIN <marc.hamelin AT univ-fcomte.fr>, cat-users <cat-users AT lists.geant.org>, wifi-master <wifi-master AT univ-fcomte.fr>
  • Subject: Re: [[cat-users]] CAT for Chrome OS
  • Date: Fri, 22 Jul 2022 17:33:53 +0200 (CEST)
Hello and sorry for the late reply.

Yes, I can confirm you that the omission of the ['Inner'] => 'PAP' parameter
is indeed the cause of our problem.
Actually, if we manually modify the content of the .onc file by adding this
parameter, the configuration of the connection is then successful.

Yours sincerly

--
Emmanuel Aubert

--
Equipe WIFI
wifi-master AT univ-fcomte.fr
Direction des Systèmes d'Information et du Numérique
Pole Operations & infrastructures - Domaine Reseaux & Telecoms
Universite de Franche-Comte Tel : 03
81 66 69 68
Bureau 132 - Batiment metrologie B E.A. : 65 27
16, route de GRAY M.H. : 61 66
25 030 Besancon

----- Mail original -----
De: "Stefan Winter" <stefan.winter AT restena.lu>
À: "MARC HAMELIN" <marc.hamelin AT univ-fcomte.fr>, "cat-users"
<cat-users AT lists.geant.org>
Cc: "wifi-master" <wifi-master AT univ-fcomte.fr>
Envoyé: Mardi 5 Juillet 2022 14:21:22
Objet: Re: [[cat-users]] CAT for Chrome OS

Hello,


> When we redid our CAT profiles for our new eduroam Radius servers, we
> specified TTLS-PAP as the EAP method.
> On ChromeOS, we were surprised to discover that the configuration created
> did not allow eduroam connection.
>
> In particular the authentication method phase 2 was not configured.
> By checking the file generated by CAT (.onc) the PAP option (EAP inner)
> does not appear.
>
> On a file of our colleagues Bourgignon, the MSCHAPv2 option appears well in
> EAP inner.
> In an Apple profile, EAP inner also appears.
>
> Is there a reason why this option (EAP inner) is not present on the ONC
> file of ChromeOS?
> If not, is it possible to correct it?


TTLS does not (necessarily) do EAP on the inside; PEAP always does.


When omitted, the ONC file spec states that the inner (non-EAP) method
is then "automatic", and we've never heard of issues that way.


Are you sure that the omission of the explicit ['Inner'] => 'PAP' is
what causes the configuration to not work?


E.g. if you download the .onc file, add the line about PAP to it, and
then configure a client with that - does it work?


Greetings,


Stefan Winter

--
This email may contain information for limited distribution only, please
treat accordingly.

Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Archive powered by MHonArc 2.6.19.

Top of Page