Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?


Chronological Thread 
  • From: Martin Stanislav <ms AT uakom.sk>
  • To: Giuseppe Mainardi <giuseppe.mainardi AT unifg.it>
  • Cc: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?
  • Date: Sun, 22 Oct 2023 12:57:41 +0200

Hi Giuseppe,

Try to fill the ‘Name (CN) of Authentication Server’ field [1] with value
freeradius.unifg.it if this value is also present in CN attribute within
SubjectDN as well as in SubjectAltName:DNS (X.509 extension) of your EAP
authentication server certificate.

Kind regards,
Martin

[1] A guide to eduroam CAT for IdP administrators

https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators#AguidetoeduroamCATforIdPadministrators-EAPDetails

On Fri, Oct 20, 2023 at 01:17:36PM +0200, Giuseppe Mainardi wrote:
> Greetings to all,
> I'm trying CAT for the first times and I see an unexpected behaviour.
> When I build CAT I set     Name (CN) of Authentication Server  =
> CN=freeradius,DC=unifg,DC=it
> because that is the radius server to use for that profile (Eduroam-AD). We
> have two profiles, but only this one is production-published.
>
> When I load the eap-config file into getEduroam, the field "realm" gets the
> value "CN=freeradius,DC=unifg,DC=it" and the authentication doesn't work.
> If I change the value, typing "unifg.it", as it is supposed to be, the
> authentication works.
>
> Looking into the config file, the only place where that value is mentioned
> is: <ServerID>CN=freeradius,DC=unifg,DC=it</ServerID>
>
> Where is the realm mentioned in the config file? Nowhere, unless...
> <InnerIdentitySuffix>unifg.it</InnerIdentitySuffix> but that setting is
> related to "Enforce realm suffix in username".
>
> Is it my fault that I didn't understand what is "Name (CN) of Authentication
> Server" purpose?
>
> Is there a more detailed documentation in order to better understand what
> values to set up for a fully functioning CAT config?
>
> Trials made on Android 13 last update.
>
>
> Second request:
>
> is eduroamCAT fully compatible with Android 5.0.1? The first tests with that
> O.S. are negative. It is impossible to choose the SSID to connect with, the
> only SSID given by eduroamCAT is "eduroam" which is not the one we have to
> use in this test phase.
>
>
> Thanks in advance.
>
> --
> Giuseppe Mainardi
> Università di Foggia
> Area Sistemi Informativi
> Servizio Amministrazione di sistemi informativi, accounting e
> single-sign-on (Resp.)
> Via Gramsci, 89/91 - 71122 Foggia
> Tel.: 0881/338440
>
>
> --
>
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users



Archive powered by MHonArc 2.6.24.

Top of Page