The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Denis Mirassou <denis.mirassou AT univ-tlse3.fr>]

That could be that.

I renewed the eduroam radius certificate on late september...

Customers are -strongly- advised to use Get or CATeduroam but the information doesn't spread efficiently and we have numerous personal wireless terminals here.

Thanks Thomasz !

Regards,

---

De: "Tomasz Wolniewicz" <twoln AT umk.pl>
À: "Denis Mirassou" <denis.mirassou AT univ-tlse3.fr>, "cat-users" <cat-users AT lists.geant.org>
Envoyé: Jeudi 28 Novembre 2024 13:04:02
Objet: Re: [[cat-users]] CAT Eduroam suddenly forget previously saved login+password

Hi,

  all the CAT installer does is install a Windows WiFi profile. There its action ends. CAT does not run anything in the background. If there are any prompts for credentials then they come from Windows itself not anything that CAT does. I have never heard of a case like you describe.

The only case that I can think about would concern an eduroam WiFi connection created without the use of the CAT installer. It is possible to tell Windows to just connect to eduroam. It will ask the user if it is safe to connect to a given server (as if the user could know that) then it will prompt for credentials and save them together with the fingerprint of the server certificate. As long as nothing changes, Windows will keep connecting without prompting. If, however the server certificate changes for some reason (could be a fake eduroam or a normal change of the real server certificate) then the question about connecting will pop up again. This is in fact a big security issue, users accepting such cases might send their credentials to an attacker.

The difference between what I described above and what CAT does is that CAT tells Windows which root CA to trust and what is the name of the server (as in the server certificate). It also tells Windows not to prompt the user when connecting to servers that do not fulfil the requirements. This gives the organisations freedom to renew server certificates - clients will still accept this as long as the name stays the same and in the same time give user's security against fake networks.

Yours

Tomasz Wolniewicz

W dniu 28.11.2024 o 10:43, Denis Mirassou (via cat-users Mailing List) pisze:

Hi,

We have some customers feedback related to CAT Eduroam asking (again) for login & password on previously working CAT eduroam terminals.

Customers have been, sometimes long ago, successfully working with CAT eduroam saved password and we wonder why CAT is asking for that another time.

We worked with W10, may be a Microsoft udate that flushed eduroam saved login & password ?

All works fine so far since customers re-enter login & password.

Did you notice that ?

Thanks

--

---

Denis Mirassou

Administrateur réseau

Université Toulouse III Paul Sabatier
Direction des Systèmes d'Information (DSI)
Département Infrastructure, Service Réseau & Télécommunications
Tél: (+33)561366005
http://www.univ-tlse3.fr

Assistance utilisateur : le Guichet Unique du Numérique (GUN)
Tél: (+33)561558989 (5 8989 en interne)
https://guichet-numerique.univ-tlse3.fr/

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

-- 
Tomasz Wolniewicz

--

---

Denis Mirassou

Administrateur réseau

Université Toulouse III Paul Sabatier
Direction des Systèmes d'Information (DSI)
Département Infrastructure, Service Réseau & Télécommunications
Tél: (+33)561366005
http://www.univ-tlse3.fr

Assistance utilisateur : le Guichet Unique du Numérique (GUN)
Tél: (+33)561558989 (5 8989 en interne)
https://guichet-numerique.univ-tlse3.fr/