Skip to Content.

cat-users - Re: [[cat-users]] Certificate provided by linux script does not work

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Certificate provided by linux script does not work


Chronological Thread 
    < Chronological >      < Thread >
  • From: Paul Dekkers <paul.dekkers AT surf.nl>
  • To: Carlos de Manuel Clemente <Carlos.deManuel AT uclm.es>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
  • Cc: Julián de la Morena Borja <Julian.delaMorena AT uclm.es>
  • Subject: Re: [[cat-users]] Certificate provided by linux script does not work
  • Date: Fri, 9 Feb 2024 14:54:02 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=eGKhJjVAkO7xk5ebOwDi6ktCaQKyMf4n/gsD/5GQXSc=; b=RWCxGQ4+Tufq2lqF75VzJyFzFqWJnbEIV1IZzhrWNyYqDJqzEAZRw4K1WQ4pbCi7n+MDNS+u+VX5S1NAVOCqg/xa5jv+O12X/hW9hTflJz/u0e/8oKB5PiQXG+6JjJjexY7y7ZL7nDU6SXd4kQNki81I2nKJce6VcrvRC4j3J5Us5kEUE1jV7J63p4aFrlzaZpAyAubJ1TvKZzU6B20FfBztISwQqd0k8Q2DFYHV/mIZgygBikNo9BPzLTlqQmuzqbCyOSKll0hsLc3RsM50Tn45BCST5qvZ2GpDh6yDdJscZc+mQVQp0bMMslzKOslmzPSZJLu+nXbUx8MIfUzBiw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DoIboNIn+tbFA4BCj7IOt3D5NWReTNtQkKdgywjf3fAZl+/0/MBDcdj40G2O9yf9OrLKbHt3i3IoofSTovw/Km95MphtI8//eqqG1hcMV++bgdw1heGFqX+MoTSN7xDQWorHdMhmPLr70eCNLcq1yxNigqnCTnWQG3Wikm3izYaaG+F3O9J6NC28okxszy4fkiszx1RYG00ys5Ju7K4fN+9+v/cTgTya3WY6SpWyd/1eN3+1CEx9Y2j5ThQ7LBaV6OVu0jaX1F4BvbrJByPRGT0J6ETu9yOkM7783QHmMMmDheaexUnCp5YZsal5LsMsp3QL5js+yRSuQXdWarUtlQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;
  • Autocrypt: addr=paul.dekkers AT surf.nl; keydata= xsDNBFzP6HIBDADK8Wn7ods1w4ysf5c/GeUkDm2doxOZRUU3ZSMM0aG9aN2jqpZB11xoTuAv k+J3kOpRY542rbHTxkbdiIYFiKS5ff9bAPfn1MUOy+XErLPUzZ/Z3GO6kCpTkcHYKVN2Iehd QCdn7UbNRRzygiVHiRWi8jkhutBWBHHy7hcVWXtHfxb5Ot7I6Z9F2Aso6sB543UrQVxEl0h1 AuNN2HXVW536LaGh+ZRTPPPj99nR8UvNnJ4Q/Jh9a6/C9TB1vGm/4oTWG2gnFcq9CBQB9+E0 GZ7S9ddyKzXE97wziJdhC4e14s9aSiG9Du98C62ilTzOk4muOV6XU0JZOy3jwIt6bS2m9zGf yUxhKs5mNwrCUeBqt5uKgUXAG0MnQ70lMmiGyMNwUkCXuHiScvzB7rdXM0h2pvfrMMsQ1BA5 +0Zb1hkkq5eYVUE+e9xJID82ShdMOTievgSdc4JP4lJuUAjVf30u5uUe/uxsDxc1zfnZsp30 ezTIhp2SxszZcWjzTnn7tSEAEQEAAc0jUGF1bCBEZWtrZXJzIDxwYXVsLmRla2tlcnNAc3Vy Zi5ubD7CwQ4EEwEIADgWIQQ3Xw/6ofYHVAb73o89O9GpKK14OgUCXM/ocgIbIwULCQgHAgYV CgkICwIEFgIDAQIeAQIXgAAKCRA9O9GpKK14OsHaDACFjL2wGvcSxecAVjShtnOwHgi5iO+r MUQiplP7/dD8awcBxuj1ihv/kZoatI0tSxsXs6OqYqG/ivJfCaXX51dYANDfDI4E8FLN+eCj v3ndVJHEWdixNrVH+sdS4itZt0omQ28dbMpJc7opOw42o5xMmypMMzo4enHZcaYr4fktAu5B 2E3eekw8aXOHPSrTmIAZjhaKCdZ5CtOotgoUGnrQbHIVlPh7PJBCUTlNXDynjLdznhYJjvBN GnT9B+PPfJ0TQMBv0gqWlfJA+GSKl//pz+Jqh1ByyRFXZaG0imE4eLaODSb+3aoD36pWMrdV 31m+qeEzB2V6I40vdBmZEtpX+01l3kuIPa/ZpJ3MCaeVlQ2ADkZwz1DVEV4aasOkKL2hAlMz bSChFnSA6OhOS+2L+7HAtI62OPj0VkXERqeFPpOWFG0OzqJUCBB5x/OdhoMiVjI2KNtMDxoD Y4L+u1MeNwm7fPYrdQn8aDN0Lc5tEdw29mwWwBLjiu+u8jCEyGnOwM0EXM/ocgEMALdymAvx UsfhoNnNR+SaJCUVwmBMjt9spGs1E27yqHMs7jDnZ87uh2B220GmZGKFkf4SbRHUJhPGX+rg Ez2vvlBwZonBKDY1SyCPRI6ffaivoz9hw+GXpQYQwIZ1gJWN7MvhzIbG+b+Y6pRMRsWSjThA ImieLS2+K2oR6XenxKG/dZg8qO/Uv5Qvb66rWtFM9D48iurcUu3ndotJPAkKetUg3dny4nzp D1wT26RcqEh8huJfZK8JdML+9Q1dHoMhtwRzTTWQ4rxwEr2X1ymaF4QaG8LbuT4/Owrp5vGd YI7Wh2Lwjwn6tJE715eePcoahQwgBBwsKBCkRDOQ3dA8bUO/G8p7SRTj/CAymx5unis3H6O/ jQmi3cgVLNg6CYwPGptFRrLxqT/eWsNy/2Dpd8VHajjVKQ6bC0MNz+lHoFkNMc/CaTY8BQix xM4mtm5rbbogX9pBPSUx5vVgd1Vbw8sQT2wFxUI3Q3r4KaKD5MVucDTg3OxcMNQxRTLDdonI owARAQABwsD2BBgBCAAgFiEEN18P+qH2B1QG+96PPTvRqSiteDoFAlzP6HICGwwACgkQPTvR qSiteDqo6gwAqIpD/D4lNkUehSf+U8l9lTpkWNAEfB9PgAMIFrFQ3YUuEmhFlv8uKi6Y7apX 89tmrVUgc5RLglf7e4geYv69wLY4R7jMIUs0g9cv/g71rhfszjDJGe/4ppa+qHTk69Uq556d B9nMtFF2YWvq77Y1WBKv/r3hmJLQYNZBaCBSPI9OpZ0UCw3hp0ip/LUejVXLRkU+ZAb6jeEt gd2zoIiXOHCazaGD6EGvLQxzuwPVPXPLU6kahtJoJAa/OOWyzSnd+Ipio6Vi6tdDVLEXbTVn AjnVOlEnGc6dhh1TOxPv/lHslYxfSTrCoBRIKcXS/5bkxvTOZpgSRyKsksh1fgD1IIPjLqs2 K7KOXgocNG+iIOMcLbSsp8R7GRUMmzeTIPHnW1xC9OIgU16KSxaDWa6tX6NOcY5iHRlRXw5Q 9WVGgnHIbfR/2hoyXzbVMzM2uiTEJ9qG4+GtMUBeLdEo8DsbX+QdP71NgcCcBUtUe9LfDEJ+ yZ0Nj/dbF6RX3MTEJRiy

Hi,


On 09/02/2024 14:43, Carlos de Manuel Clemente (via cat-users Mailing List) wrote:
PR3PR01MB6506D3CA0B2A12911FE297C0E44B2 AT PR3PR01MB6506.eurprd01.prod.exchangelabs.com">
Hello

Certificate provided by linux script does not work

Organization: University of Castilla-La Mancha
Administrator: carlos.demanuel AT gmail.com
Affected profiles: all
Operating system: Linux

We have detected that computers with linux (specifically we have tested with Linux Mint and Ubuntu) do not connect correctly with eduroam after executing the configuration script downloaded from https://cat.eduroam.org.
We have noticed that the linux installer incorporates the ca.pem certificate that includes an empty line after the "End Certificate" line. Removing that empty line the equipment connects correctly.

I attach both files. CA.pem provided by the installer, and radius-eduroam2023.crt which is the one we provide for manual configuration and for the installer profile.

This line added at the end causes a connection failure on Ubuntu computers.  
Our RADIUS alert is: EAP-PEAP: fatal alert by client - internal_error
eap-tls: Error in establishing TLS session.

I am not aware of any other devices being affected. I also don't know since when this problem has been happening.

Can you make the script generate the ca.pem file without the last empty line?  Or tell me another solution if there is one.


I was not inclined to answer and leave the answer to someone else, until you asked for "another solution if there is one" ;-)


You could also use/try the geteduroam client for Linux. We're very curious about feedback, the client is relatively new:


The CLI is available at:

https://github.com/geteduroam/linux-app/releases/tag/nightly


The GUI at:

https://github.com/geteduroam/linux-app/releases/tag/0.2


Despite that, I'm sure someone will look at your report, and it's great you found out in detail what is wrong with the installer for you.


Regards,
Paul



PR3PR01MB6506D3CA0B2A12911FE297C0E44B2 AT PR3PR01MB6506.eurprd01.prod.exchangelabs.com">
Thank you.
Best regards



Logotipo UCLM

Logotipo sello de excelencia investigadora HR

Carlos de Manuel Clemente
Técnico I - Analista de Sistemas y Redes
RECTORADO DE LA U.C.L.M. | Edificio CTIC C/ Altagracia, 50 | 13003 Ciudad Real
Tfno: 926 295 202  | Móvil: 680 222 092  |  Correo: Carlos.deManuel AT uclm.es
Mensaje Instantáneo  |   https://www.linkedin.com/in/carlosdemanuel/

 

Por favor, no imprima este documento si no es estrictamente necesario. Cuidar el medioambiente es responsabilidad de todos.
Este mensaje de correo electrónico puede contener información confidencial de la UCLM, siendo para uso exclusivo del destinatario.
Si usted lo ha recibido por error y no es el destinatario del mensaje, le rogamos que no difunda su contenido y lo comunique al remitente.

 

Please do not print this document unless absolutely necessary. Environmental protection is in our hands.
This e-mail may contain confidential information of the UCLM and is exclusively intended for the addressee.
If you have received it by mistake and are not the intended recipient, do not send the contents and please notify the sender.

 

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

Archive powered by MHonArc 2.6.24.

Top of Page