cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] CAT fixes for Windows
- Date: Thu, 19 Jan 2023 15:59:33 +0100
- Dkim-filter: OpenDKIM Filter v2.11.0 smtp.umk.pl D213F202BF
OK,
I should read carefully before replying.
What you describe is indeed an expected behaviour. When you read the PEAP spec, it turns out that they only allow assigning the user part in the AnonymousUserName
and this is how Microssoft are implementing this. They just take the realm from the enetered user identifier, replacing the user part with the string set in AnonymousUserName. Everyone else obviously considers this to be silly and they are implementing PEAP allowing to set the full name, but in fact they are violating the original spec.
If your org want the behaviour they expect they should switch to TTLS. Here Microsof allows you to enter the full anonymous user.
Tomasz
W dniu 19.01.2023 o 15:19, Matthew Slowe (via cat-users Mailing List) pisze:
On 19/09/2022 11:06, Tomasz Wolniewicz (via cat-users Mailing List) wrote:1. For PEAP - there was a problem manifesting itself for organisations which have defined the empty username part of the outer name. This was causing an installation error.
Hi Tomasz,
I have a member organisation that's using the "Enable Anonymous Outer Identity" setting (set to an empty string, so we expect " AT example.edu" as an outer identity).
During install users enter an internal only UPN into the username box (eg. user AT example.local) to be used in the Inner credential exchange. This works fine on macos, iOS and Android.
They're reporting a problem on Windows (specifically Windows 10 but may not be limited to that) where it's setting the "Enable Identity Privacy" setting in the PEAP settings but the outer username is being sent as:
@example.local
It appears to be getting it _half_ right... anonymous yes, but wrong outer realm!
Not sure if this is related to your fixes in September, but it's suspiciously close!
Any ideas?
Thanks,
--
Tomasz Wolniewicz
twoln AT umk.pl http://www.home.umk.pl/~twoln
Uniwersyteckie Centrum Informatyczne Information&Communication Technology
Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750; tel kom.: +48-693-032-576
- Re: [[cat-users]] CAT fixes for Windows, Matthew Slowe, 01/19/2023
- Re: [[cat-users]] CAT fixes for Windows, Tomasz Wolniewicz, 01/19/2023
- Re: [[cat-users]] CAT fixes for Windows, Chris Phillips, 01/19/2023
- Re: [[cat-users]] CAT fixes for Windows, Daniele Albrizio, 01/20/2023
- Re: [[cat-users]] CAT fixes for Windows, Matthew Slowe, 01/20/2023
- Re: [[cat-users]] CAT fixes for Windows, Daniele Albrizio, 01/20/2023
- Re: [[cat-users]] CAT fixes for Windows, Chris Phillips, 01/19/2023
- Re: [[cat-users]] CAT fixes for Windows, Tomasz Wolniewicz, 01/19/2023
- Re: [[cat-users]] CAT fixes for Windows, Matthew Slowe, 01/19/2023
- Re: [[cat-users]] CAT fixes for Windows, Tomasz Wolniewicz, 01/19/2023
Archive powered by MHonArc 2.6.19.