The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

There seems to be a huge difference between these two scenarios. With WPA2 PSK the key is tied to the network and the client can immediately tell that the key is wrong. With WPA2 Enterprise the network is fine, it is just the home server saying that it does not like this particular user. Another difference is that when the CAT installer generated the network profile it also generates the user profile containing the password and installs it via WLANSetEAPUserData$Platform.exe. 

I am not sure how Windows would behave if we just installed the network profile and left the username and password to the Windows on the first connection. And, by the way, the same thing will happen with EAP-TLS personal certificates. the profile points to a fingerprint of the selected certificate, therefore if this expires, the user needs to do the reinstallation.

Tomasz

W dniu 24.01.2024 o 09:17, Philippe Taurines (via cat-users Mailing List) pisze:

Why would this be specific to the operation of Windows and not eduroam?

 

Because when connecting to an access point with a simple SSID such as “WPA2 PSK”, Window asks you to re-enter the password security key.

 

Which would suggest that in WPA2-Enterprise / AES / PEAP mode it behaves differently?

 

This could not be due to the fact that the Freeradius server does not indicate to the Windows client that the password is invalid?

 

Good day

 

De : Tomasz Wolniewicz <twoln AT umk.pl>
Envoyé : mardi 23 janvier 2024 16:43
À : Philippe Taurines <Philippe.Taurines AT crous-toulouse.fr>; cat-users AT lists.geant.org
Objet : Re: [[cat-users]] Eduroam : Password Update

 

Unfortunately this is how Windows works now, if you run the installer again it will remove the profile and install everything again. You could also "forget" the eduroam network, but this would result in the same thing - the need to run the installer again.

Yours

Tomasz Wolniewicz

 

W dniu 23.01.2024 o 16:07, Philippe Taurines (via cat-users Mailing List) pisze:

Good morning,

 

After eduroam configuration of the Windows machine (10/11) via “eduroamCAT” or “geteduroam”, the connection works.

 

On the other hand, when our users change the password in our directory, they are refused the connection.

 

But the Windows client never offers to enter the new password, so there are two questions belows:

 

• Why this behavior?

• How to force Windows clients to ask for the new password?

 

Sincerely,

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

 

      To
        unsubscribe, send this message:
        mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
        Or use the following link:
        https://lists.geant.org/sympa/sigrequest/cat-users
    
-- 
Tomasz Wolniewicz

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME