Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] eduroam failed to reconnect

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] eduroam failed to reconnect


Chronological Thread 
  • From: Martin Stanislav <ms AT uakom.sk>
  • To: xenakiac AT ece.auth.gr
  • Cc: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] eduroam failed to reconnect
  • Date: Fri, 15 Mar 2024 16:26:42 +0100

Dear Argyro,

As you've already noticed, Aristotle university of Thessaloniki
currently doesn't publish any configuration profile at eduroam CAT
portal to aid its users in setting up their devices for eduroam access.

Please, contact your home org's support an ask for help or even better
for a solution (e.g. for a set of configuration profiles) that would
serve users with various types of devices.

https://it.auth.gr/contact/

Kind regards,
Martin

PS Below comments contemplate on possible issues that can constrain
you from succesfully connecting your device to eduroam.

A client device is supposed to verify authenticity of a respective
home server while establishing an encrypted session and before
proceeding with authentication. A so called chain of trust provided
along with the EAP Server certificate, i.e. radius.auth.gr [1], by your
home server includes two intermediates [2] [3] pointing at a root CA
certificate [4] (not included), that has been removed from Mozilla's
root store [5] two year ago [6]. Meanwhile, one of the two intermediates
has been introduced into the Mozilla root store eight years ago [7]
as a self-signed root CA [8] [9]. So the old chain of trust no longer
points to a public CA (as viewed by a majority of modern client devices),
only the new cross-signed chain of trust does. Past experience suggests
it's better to not rely on various client devices ability of sorting out
variations in chains of trust with a cross-signed option to pick from.
Also, recent changes in client device supplicant software make setting up
network access without aid of a signed configuration profile rather tedious.
Especially so in case a home server certificate is issued by a private
certificat authority (as perceived by a client device).

[1] https://crt.sh/?id=9107966796
[2] https://crt.sh/?id=6136793298
[3] https://crt.sh/?id=25022159
[4] https://crt.sh/?id=1877101
[5] https://wiki.mozilla.org/CA/Included_Certificates
[6] https://bugzilla.mozilla.org/show_bug.cgi?id=1759815
[7] https://bugzilla.mozilla.org/show_bug.cgi?id=1256494
[8] https://crt.sh/?id=12731951
[9] https://repo.harica.gr/rep_dyn.php

On Wed, Mar 13, 2024 at 01:26:13PM +0200, xenakiac AT ece.auth.gr wrote:
> Greetings, 
>
> My name is Argyro Xenaki and I'm a student at Aristotle university of
> Thessaloniki, Greece. For the past two month I have not been able to connect
> to eduroam, like I did the previous months. The problem doesn't seem to go
> away even though, no matter what I tried. I tried to forget the network and
> reconnect, find the CAT profil but it seems like it's not available or
> published yet and no matter how many times I try to connect with my data
> nothing happens. I did an semester abroad and I suspect that this has
> something to do with the trusted servers of eduroam, however i reconnected
> just fine for the first months i was back. I would appriciate your help to
> solve this problem. Thank you in advance!
>
> Best regards,
> A. Xenaki
> Electrical and computer engineering student AUTh
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users



Archive powered by MHonArc 2.6.24.

Top of Page