Skip to Content.
Sympa Menu

geteduroam - Re: New geteduroam app misconfigures EAP type

Subject: An open discussion list for topics related to the geteduroam service

List archive

Re: New geteduroam app misconfigures EAP type


Chronological Thread 
    < Chronological >      < Thread >
  • From: Paul Dekkers <paul.dekkers AT surf.nl>
  • To: Simon Hess <simon.hess AT bzpflege.ch>, "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
  • Subject: Re: New geteduroam app misconfigures EAP type
  • Date: Tue, 19 Dec 2023 18:46:07 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jVLD/ZTkeVUPheoO6QlSfCH2N68gVLXHXR/Bx+fWQg8=; b=HKJYCenf1dI3yM8yDd7mEU8TZgjj8rS8fbAruxmWaQXwgFKPdYyGGkLSn0gA4F8MgJjzujQ0dozrQv1bS+jHpHGwE3p+REr1+pAuIJo2yZnajjsy8PsLLQZe0FayOrCxSbwb9GRgX49CFWQznfvlyHCy62OtUqCI986oE2xSD8piAeQtVqNHZYwF4UzEIQSAybVu1oN1OqsjIsxI6jAk8sXASVefM9gpmgtLxnyDcbCOLAmfgCqswip9DLnkB3nnHOByEVk48q16VTWzXmK8bke7IPlFZCNnSqzpZHFYx71gHESGCBhItTKWKijIJTWhpAnRpjFb1LfL+dyq08KiCw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZJBJAs1LxLVa0roPHgo879R3FFVqp6KnpzLWcs5OG2DH4X6uu0oUQjcfgs4OvU+duWrHB/pdB7HpssuHZrQo8eAGxs6quQkHcS2JywxDeC8sUE43VgJjQUjwA76/mu/WjatSus1jyVZ+52wR6LTrYObIUpJoBbZQOVFEAqWxRW+sfXnXNBJUig7ZezhPCR2wZzh8dWlXUWHpb7pJa+wxHKPJRn78RstUsWDC31RbC5B7sgdMA3sLsNhtjs+D2V5dImZHRMK7Fszfudy8fJQFluFAwiJzqW4kwHXjuD5l9pstlOuC5OLpNour1TXX8ecXS1m7nQ2a017pVPjjdLC71A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=surf.nl;
Hi Simon,

Thanks for checking and reporting; we’ll look into this!

Regards,
Paul
Van: geteduroam-request AT lists.geant.org <geteduroam-request AT lists.geant.org> namens Simon Hess <geteduroam AT lists.geant.org>
Verzonden: Tuesday, December 19, 2023 5:35:29 PM
Aan: geteduroam AT lists.geant.org <geteduroam AT lists.geant.org>
Onderwerp: New geteduroam app misconfigures EAP type
 

Hi all,

 

I am about to verify the new geteduroam app for Android and may have found a configuration issue.

 

We must use the EAP-TTLS protocol with an inner method of PAP to authenticate against Microsoft Entra ID. I have set TTLS-PAP as the only supported type in our CAT profile accordingly (see attached screenshot and https://cat.eduroam.org/?idp=2296&profile="8368). This has worked for almost a year now without any problems.

 

However, the new geteduroam app (v2.0) configures the wireless network with MSCHAPv2 as inner method regardless of the actual setting in the CAT profile (see attached screenshot). The device then obviously fails to connect to eduroam with the following error:

 

Event

5400 Authentication failed

Failure Reason

12996 EAP-TTLS inner method MSCHAPv2 is not allowed in Allowed Protocols

 

If I switch back to the current geteduroam app (v1.1), the wireless network will be configured with the expected settings (see attached screenshot). I have tested this behavior on a Samsung Galaxy S22 with the latest android version 14.

 

Are you aware of any issues with this specific authentication method? Any help would be great before the new app gets rolled out publicly.

 

Thanks, Simon

 

Simon Hess

System Engineer

 

Berner Bildungszentrum Pflege

Freiburgstrasse 133, 3008 Bern

 

Archive powered by MHonArc 2.6.24.

Top of Page