Skip to Content.

cat-users - Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Paetow <Stefan.Paetow AT jisc.ac.uk>
  • To: Giuseppe Mainardi <giuseppe.mainardi AT unifg.it>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?
  • Date: Fri, 3 Nov 2023 14:14:00 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jisc.ac.uk; dmarc=pass action=none header.from=jisc.ac.uk; dkim=pass header.d=jisc.ac.uk; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AlflxBMhdvP4M6PqMrjWG1WO2tZ7CbRQz44NPX2lPbM=; b=Ckh66GzQL1WcXvECPf6HrrSuOZB/4PUsioTRDwaGeZg+HAb4rto2IcgKSwiWZIKA/i/QqPx69JynutvGmYsju1XO+Ta7q5VrzoC9Ro+pdv4/wpuLb/uCDNeJ1QHgP2gHlQTn4ykyAKZMlYZU1NAIX4FhCJfu4voZ3E/GBl41bmL9PRj7v4fg7zugW62mhD2M/aWa3wrVBcVnXshRWE1UHNyryDeUF1zQyp25serAl4AUbp6qb0OnG4eVfUtM4KWdkq97685enCvVQIvK0lzZxEm2WDi7GEy7ds2ALOxiY8Arjq90Pdiqzz5g7T5X/oap10UT79sz86m7zn9Fqk6AGA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LoJivD7tG9LlxQ0bfQiuPD1KrAWbFxiH3PAT0UtKGV5XI7c407ZyB4KYsNVx2Cs+kRc8P/vIcQjNZZuAByiqKePXfl4NvtLqMqroH3rWk5eVZ6OCz+grDuholDC+tX3ui3TbBSnl/xhhk0/rRq5IyPKtWqi0D209oYQ6NI3Z/WcIDbdQ7edNkOwwNi5z7Ku2MsXpEIis28/dmsX02ws/s+7FcTgozUJdlx3ZzJwM/DEgFXUPCUsEyqDKQPywZFwh4rlk8zt5M9cjedDUkTWI79XoD94f8uDg9L2xKOv6aYamfk03TQadNoNAfFpNvEtZhiSp81evOQ37SThxJ6LtoQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jisc.ac.uk;

Hi Giuseppe,

 

Yes, the labelling is not quite clear (and is a potential place for confusion), and we also have had to explain to our admins that it is only the ‘CN=’ part of the Subject, as a hostname, which should be entered there, and which must also have a corresponding ‘dNSName’ in the SubjectAlternativeName portion of the certificate.

 

Also, the old ‘eduroam CAT’ app in the Play Store does work with Android 5.0.1, but I have found that you must only use one certificate (not a chain), and you must also be very specific about the settings to make sure it works. The old app is arguably horrible to use, so there are some of our members who provide the root certificate blob as a file to download and install manually, followed by manual instructions for specifically the old versions out there.

 

Kind regards

 

Stefan Paetow

Federated Roaming Technical Specialist

eduroam(UK), Jisc

 

email/teams: stefan.paetow AT jisc.ac.uk

gpg: 0x3FCE5142

 

For eduroam support, please contact the eduroam team via help AT jisc.ac.uk and mark it for eduroam’s attention.

On Wednesdays and Fridays, I am not available between 12:00 and 15:00.

 

jisc.ac.uk

 

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, BS1 6NB Tel: 020 3697 5800.

 

 

From: <cat-users-request AT lists.geant.org> on behalf of Giuseppe Mainardi <cat-users AT lists.geant.org>
Organisation: Università di Foggia
Reply to: Giuseppe Mainardi <giuseppe.mainardi AT unifg.it>
Date: Tuesday, 24 October 2023 at 09:18
To: "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
Subject: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?

 

Positive.

  1. I set up     Name (CN) of Authentication Server  = freeradius.unifg.it
  2. I checked the field realm on the client (android 13). It contained      freeradius.unifg.it
  3. but using the APP the configuration worked as well (android 5 and android 13).

Thanks for the help.

Giuseppe

 

 

Il 20/10/2023 13:17, Giuseppe Mainardi ha scritto:

Greetings to all,
I'm trying CAT for the first times and I see an unexpected behaviour.
When I build CAT I set     Name (CN) of Authentication Server  = CN=freeradius,DC=unifg,DC=it
because that is the radius server to use for that profile (Eduroam-AD). We have two profiles, but only this one is production-published.

When I load the eap-config file into getEduroam, the field "realm" gets the value "CN=freeradius,DC=unifg,DC=it" and the authentication doesn't work.
If I change the value, typing "unifg.it", as it is supposed to be, the authentication works.

Looking into the config file, the only place where that value is mentioned is: <ServerID>CN=freeradius,DC=unifg,DC=it</ServerID>

Where is the realm mentioned in the config file? Nowhere, unless... <InnerIdentitySuffix>unifg.it</InnerIdentitySuffix> but that setting is related to "Enforce realm suffix in username".

Is it my fault that I didn't understand what is "Name (CN) of Authentication Server" purpose?

Is there a more detailed documentation in order to better understand what values to set up for a fully functioning CAT config?

Trials made on Android 13 last update.

 

Second request:

is eduroamCAT fully compatible with Android 5.0.1? The first tests with that O.S. are negative. It is impossible to choose the SSID to connect with, the only SSID given by eduroamCAT is "eduroam" which is not the one we have to use in this test phase.

 

Thanks in advance.

-- 
Giuseppe Mainardi
Università di Foggia
Area Sistemi Informativi
Servizio Amministrazione di sistemi informativi, accounting e single-sign-on (Resp.)
Via Gramsci, 89/91 - 71122 Foggia
Tel.: 0881/338440
-- 
Giuseppe Mainardi
Università di Foggia
Area Sistemi Informativi
Servizio Amministrazione di sistemi informativi, accounting e single-sign-on (Resp.)
Via Gramsci, 89/91 - 71122 Foggia
Tel.: 0881/338440

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users


Image removed by sender.


  • Re: [[cat-users]] [cat] [android] why does the "realm" field gets the "Name (CN) of Authentication Server"?, Stefan Paetow, 11/03/2023

Archive powered by MHonArc 2.6.24.

Top of Page