The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Marcolino PIRES <marcolino.pires AT ac-paris.fr>]

Hello.

We progress !

Network profiles are now created !

The problem comes with inserting credentials in the profiles. I suppose that .exe files are not allowed to execute from AppData\Local\Temp\ directory.

Question : Why creating 2 eduroam profiles "eduroam" and "eduroam via partner" ?

Best regards

Le 13/02/2024 à 19:05, Tomasz Wolniewicz a écrit :

Hi,

There is one thing worth trying first. The geteduroam application, which you probably know for Android, also has a Windows version - see https://www.geteduroam.app/

Perhaps it will just run without any problems and install the profiles for everyone.

If that does not work you can try the CAT installer with my recent fix.

I have added a small change which will go over the problem with wlan_test, but I strongly suspect that the restrictions you have for your users might cause some more errors. This installer is calling one more utility which installs user's credentials, it this gets blocked as well then there could be one more option, just let me know.

The CAT installers are cached, but tomorrow the cache will most likely be cleared.

Cheers

Tomasz

W dniu 13.02.2024 o 15:34, Marcolino PIRES pisze:

I have this problem for all my users who are not in the group of local administrators.

Best regards

Le 13/02/2024 à 15:28, Tomasz Wolniewicz a écrit :

But are you sure that this problem will appear for all these users? If so, I can prepare a quick fix, but since this is the first time it was reported I thought that this really is a very special case.

Tomasz

W dniu 13.02.2024 o 14:48, Marcolino PIRES pisze:

Hi.

Thanks for the feedback.

The Wireless interfaces is totally functional on another SSID. The problem comes with wlan_test.exe witch requires more rights to execute without errors.
I can configure manually the eduroam SSID but I want to use eduroam CAT because it's easier to my thousand of users.

Maybe can I do more exhaustive investigations with you help ?

Best regards

Le 13/02/2024 à 11:54, Tomasz Wolniewicz a écrit :

So,

  the whole mess is caused by the failure with wlan_test.exe. I never saw this problem before. The program gets banned and the result recorded by the installer is not recognised, therefore on the one hand it keeps going but on the other it does not install any wireless profiles.

The only cause for running wlan_test is to check if there are any wireless interfaces installed on the system. I suppose the lesson to be learned from this example is to take another look at wlan_test and possible problems it might cause.

If this error is not causing any major problem for your university, I will for now put it on my TODO list

Cheers

Tomasz Wolniewicz

W dniu 13.02.2024 o 09:18, Marcolino PIRES pisze:

Hi.

I have executed the installer with -DEBUG=4 parameter.
I got the CAT.log file in attachment.

I have a look at it. I try to execute C:\Users\mpires\AppData\Local\Temp\wlan_test.exe and I got a message saying that this program was blocked by my administrator.

Best regards

Le 12/02/2024 à 20:47, Tomasz Wolniewicz a écrit :

I have tested your profile installer with a user without any admin privileges and it went just fine.

You could try to run the installer in a command window with an option -DEBUG=4. The installer will then create a log file with additional info. I will also leave undeleted XML profiles, including the one with the user password, so you might test it with some fake user data.

Cheers

Tomasz

W dniu 12.02.2024 o 11:54, Marcolino PIRES pisze:

OK.

I expect for your feedback.

Le 12/02/2024 à 11:52, Tomasz Wolniewicz a écrit :

Windows installers normally run without admin privileges except for the case when a wired network profile is supposed to be installed as well (but this is something that institution administrators set very rarely).

The installers have been used very many times and users do not have such problems. I will test your installer later, even without a valid account it is possible to veriy the installation results.

Yours

Tomasz Wolniewicz

W dniu 12.02.2024 o 11:45, Marcolino PIRES (via cat-users Mailing List) pisze:

Hello everyone.

The CAT installer is very practical.
I'm encountering a recent difficulty that I can't resolve because I'm not a Microsoft expert.

When I use CAT for Windows 10, if I am not a local administrator of my machine, the installer runs without errors but does not create any entries in known Wifi networks.

When I use CAT for Windows 10, as local administrator of my machine, the installer also runs without problems and the connection to the eduroam Wifi is established automatically. Two entries are created in the known Wifi networks "eduroam(R) via partner" and "eduroam(R)".

Why does this installer not work correctly when the user is not in the local Administrators group ?

Thanks for you help.

Best regards

--

Marcolino PIRES
Chef de service
RSSI • Responsable de la sécurité des systèmes d'information
DSI • Direction des systèmes d'information

Rectorat de l'académie de Paris
Site Visalto • 12 boulevard d'Indochine 75019 Paris
Bureau : 3053 | Téléphone : 01 44 62 45 73 | Mobile : 06 33 45 58 65

www.ac-paris.fr | | | | www.sorbonne.fr | |

-- 
Tomasz Wolniewicz

--

Marcolino PIRES
Chef de service
RSSI • Responsable de la sécurité des systèmes d'information
DSI • Direction des systèmes d'information

Rectorat de l'académie de Paris
Site Visalto • 12 boulevard d'Indochine 75019 Paris
Bureau : 3053 | Téléphone : 01 44 62 45 73 | Mobile : 06 33 45 58 65

www.ac-paris.fr | | | | www.sorbonne.fr | |

-- 
Tomasz Wolniewicz

--

Marcolino PIRES
Chef de service
RSSI • Responsable de la sécurité des systèmes d'information
DSI • Direction des systèmes d'information

Rectorat de l'académie de Paris
Site Visalto • 12 boulevard d'Indochine 75019 Paris
Bureau : 3053 | Téléphone : 01 44 62 45 73 | Mobile : 06 33 45 58 65

www.ac-paris.fr | | | | www.sorbonne.fr | |

-- 
Tomasz Wolniewicz

--

Marcolino PIRES
Chef de service
RSSI • Responsable de la sécurité des systèmes d'information
DSI • Direction des systèmes d'information

Rectorat de l'académie de Paris
Site Visalto • 12 boulevard d'Indochine 75019 Paris
Bureau : 3053 | Téléphone : 01 44 62 45 73 | Mobile : 06 33 45 58 65

www.ac-paris.fr | | | | www.sorbonne.fr | |

-- 
Tomasz Wolniewicz

--

Marcolino PIRES
Chef de service
RSSI • Responsable de la sécurité des systèmes d'information
DSI • Direction des systèmes d'information

Rectorat de l'académie de Paris
Site Visalto • 12 boulevard d'Indochine 75019 Paris
Bureau : 3053 | Téléphone : 01 44 62 45 73 | Mobile : 06 33 45 58 65

www.ac-paris.fr | | | | www.sorbonne.fr | |

-- 
Tomasz Wolniewicz

--

Marcolino PIRES
Chef de service
RSSI • Responsable de la sécurité des systèmes d'information
DSI • Direction des systèmes d'information

Rectorat de l'académie de Paris
Site Visalto • 12 boulevard d'Indochine 75019 Paris
Bureau : 3053 | Téléphone : 01 44 62 45 73 | Mobile : 06 33 45 58 65

www.ac-paris.fr | | | | www.sorbonne.fr | |

Platform:x64
Detected Windows 10:8:19045
Checking for wireless interfaces
Exec: C:\Users\mpires\AppData\Local\Temp\wlan_test.exe
wlan_test.exe returned error
Wireless check OK
testing for EAP: 88
EAP test returned: 
Symantec test returned: 0
Entering WiredConfirm with wireless_result=0; wired=0
locating certificate  SHA=d1eb23a46d17d68fd92564c2f1f1601764d8e349 Level=root
Testing machine store root
Execute: certutil -store root d1eb23a46d17d68fd92564c2f1f1601764d8e349
certutil returned -2146893807
Testing machine store authroot
Execute: certutil -store authroot d1eb23a46d17d68fd92564c2f1f1601764d8e349
certutil returned 0
Found AUTHROOT
locating certificate  SHA=d89e3bd43d5d909b47a18977aa9d5ce36cee184c Level=ca
Testing machine store root
Execute: certutil -store root d89e3bd43d5d909b47a18977aa9d5ce36cee184c
certutil returned -2146893807
Testing machine store authroot
Execute: certutil -store authroot d89e3bd43d5d909b47a18977aa9d5ce36cee184c
certutil returned -2146893807
Testing machine store ca
Execute: certutil -store ca d89e3bd43d5d909b47a18977aa9d5ce36cee184c
certutil returned -2146893807
Testing user store root
Execute: certutil -store -user root d89e3bd43d5d909b47a18977aa9d5ce36cee184c
certutil returned -2146893807
Testing user store root
Execute: certutil -store -user authroot d89e3bd43d5d909b47a18977aa9d5ce36cee184c
certutil returned -2146893807
Testing user store ca
Execute: certutil -store -user ca d89e3bd43d5d909b47a18977aa9d5ce36cee184c
certutil returned 0
Found USER CA
locating certificate  SHA=c2826e266d7405d34ef89762636ae4b36e86cb5e Level=ca
Testing machine store root
Execute: certutil -store root c2826e266d7405d34ef89762636ae4b36e86cb5e
certutil returned -2146893807
Testing machine store authroot
Execute: certutil -store authroot c2826e266d7405d34ef89762636ae4b36e86cb5e
certutil returned -2146893807
Testing machine store ca
Execute: certutil -store ca c2826e266d7405d34ef89762636ae4b36e86cb5e
certutil returned -2146893807
Testing user store root
Execute: certutil -store -user root c2826e266d7405d34ef89762636ae4b36e86cb5e
certutil returned -2146893807
Testing user store root
Execute: certutil -store -user authroot c2826e266d7405d34ef89762636ae4b36e86cb5e
certutil returned -2146893807
Testing user store ca
Execute: certutil -store -user ca c2826e266d7405d34ef89762636ae4b36e86cb5e
certutil returned 0
Found USER CA
Unpacking WLANSetEAPUserData
Checking for profile eduroam®
Exec: C:\Windows\sysnative\netsh wlan show profiles eduroam®
netsh returned 0
found profile eduroam®
Checking for profile eduroam® via partner
Exec: C:\Windows\sysnative\netsh wlan show profiles eduroam® via partner
netsh returned 0
found profile eduroam® via partner
Execute: C:\Windows\sysnative\netsh wlan delete profile "eduroam®"
netsh returned 0
Profile eduroam® deleted
Execute: C:\Windows\sysnative\netsh wlan add profile C:\Users\mpires\AppData\Local\Temp\wlan_prof-0.xml
netsh returned 0
Profile eduroam® created
Checking for profile eduroam
Exec: C:\Windows\sysnative\netsh wlan show profiles eduroam
netsh returned 1
profile eduroam not found
pushing install_wireless_credentials 1
Execute: C:\Windows\sysnative\netsh wlan delete profile "eduroam® via partner"
netsh returned 0
Profile eduroam® via partner deleted
Execute: C:\Windows\sysnative\netsh wlan add profile C:\Users\mpires\AppData\Local\Temp\wlan_prof-1.xml
netsh returned 0
Profile eduroam® via partner created
pushing install_wireless_credentials 1
Additional Deletes
Checking for profile eduroam (TKIP)
Exec: C:\Windows\sysnative\netsh wlan show profiles eduroam (TKIP)
netsh returned 1
profile eduroam (TKIP) not found
Checking for profile Établissement Custom Network
Exec: C:\Windows\sysnative\netsh wlan show profiles Établissement Custom Network
netsh returned 1
profile Établissement Custom Network not found
Installing wireless credentials 1
installing credentials for profile eduroam®
Creating PEAP user profile
Execute: "C:\Users\mpires\AppData\Local\Temp\WLANSetEAPUserDatax64.exe" "eduroam®" 0 "C:\Users\mpires\AppData\Local\Temp\user_cred.xml" /i
credentials setting returned error
installing credentials for profile eduroam® via partner
Creating PEAP user profile
Execute: "C:\Users\mpires\AppData\Local\Temp\WLANSetEAPUserDatax64.exe" "eduroam® via partner" 0 "C:\Users\mpires\AppData\Local\Temp\user_cred.xml" /i
credentials setting returned error
writing C:\Users\mpires\Downloads\inst_cat.cmd

Attachment: smime.p7s
Description: Signature cryptographique S/MIME