Last updated: 
2 months 2 weeks ago
Blog Manager
eduroam Service News Follow us on Twitter @eduroamuk - for news, interest, information, photos and fun. Contents - click on item and scroll to bottom of box to read item 15/04/19 - Advisory: EAP-PWD Vulnerability 12/10/18 - Advisory: Injection of Operator-Name attribute by the NRPSs 23/02/18 - eduroam Seminar pre-Networkshop 2018 - FreeRADIUS 4 etc 24/10/17 - Advisory: WPA2 Key Reinstallation Attacks vulnerability, KRACK 14/07/16 - Release of Technical Specification v1.4 10/05/16 - Advisory: Ending of RADIUS Accounting within eduroam(UK) 22/01/15 - eduroam Support Clinic Tues March 1st 14:15-15:30 18/09/15 - Advisory: Impact of change of Certificate Service CA for eduroam Home (IdP) service providers 27/01/15 - eduroam now available at seven hospitals in Cardiff 22/01/15 - eduroam Support Clinic Tues January 27th 10:45-12:00am 23/12/14 - Calling Station Identity 01/12/14 - New DNS Name for eduroam(UK) Support Server 19/12/14 - eduroam Support Clinic Tues January 6th 10:45am 28/11/14 - eduroam Support Clinic Tues December 2nd 10:45am 19/11/14 - Advisory: Microsoft Security Bulletin Affecting NPS and IAS 27/05/14 - eduroam training course June 11-12 Birmingham; Aug 6-7 Aug Bristol 08/04/14 - Advisory: OpenSSL TLS Heartbleed Vulnerability rev 1.1 21/02/14 - Auth Timestamp Feature on eduroam(UK) Support Server 30/10/13 - Release of FreeRADIUS 2.2.2 07/10/13 - Release of FreeRADIUS 3.0.0 17/09/13 - Release of FreeRADIUS 2.2.1 13/06/13 - Release of Technical Specification v1.3 13/06/13 - eduroam training course June 27 Glasgow 23/04/13 - eduroam training courses July 24-25 London 23/04/13 - Chargeable User Identity how-to guide now available in Library 25/03/13 - eduroam training courses May 2-3 Manchester 24/02/13 - Time for a review of your eduroam deployment - Technical Specification v 1.2 Main Changes from v 1.1 30/01/13 - Configuration Assistant Tool (CAT) now available - builds eduroam client installers for user devices 23/01/13 - Advice regarding keeping eduroam credentials secure 09/01/13 - eduroam(UK) Announcement of Change of Name of the Janet Roaming Service to eduroam(UK) 19/11/12 - Uptake of NAPTR record definition in DNS (to enable RadSec DD) is increasing 31/10/12 - eduroam(UK) Support Server Update: Nagios LG and check for NAPTR records 30/10/12 - Cisco ACS 5.4 released: now support Operator-Name 29/10/12 - Unscheduled service outage Friday 26/10/2012 1:02 AM - 9:48 AM 03/10/12 - Advisory: Improving Efficiency of International Authentication through utilisation of RadSec at National Level 11/09/12 - Advisory: FreeRADIUS 2.1.10,11,12 Security

Group administrators:

Configuration Assistant Tool (CAT) now available

Originator: Alan Buxey

The eduroam Configuration Assistant Tool

The eduroam Configuration Assistant Tool (eduroam CAT) facilitates eduroam client configuration by enabling eduroam administrators to build customised installers for a number of popular platforms and EAP methods (eg Mac OSX, Windows, iOS devices). The system has been developed by eduroam in Europe and aims to provide a single client configuration system which will configure most clients using best practice standards.

The system has been in alpha/beta for a while now and a half-dozen UK sites with particular interest in 802.1X have been involved in the trial/development but now the system has migrated from beta to release 1.0 - the 'cat is out of the bag' as it were.

How to get an Access Account

The system is based on federated access and to use the system, the eduroam administrator will need to link his/her federated access with an invite token that links to the organisation. This is done with eduroam CAT invites. The UK identity federation is still not part of eduGAIN and so UK eduroam admins will need to link their invite token with a social network such as Facebook, Google, Linkedin or Twitter. That is just to tie a login identity to the Home organisation. It is hoped that this will change in the future.

How do you get an invite? A new feature has been added to the eduroam UK support server. There is now a new option on the main organisation configuration page. IF you have a compliant service and are a Home organisation (ie Home only, Home + working towards Visited or Home + Visited) you will be able to request an invite token. Just click the button..and wait for an e-mail. The system is still manual e-mail in the backend - once again, something we hope will change in the future!). Once you have requested a token the button is removed to stop us being flooded by a stream of requests after impatient clicking.

You will then get an e-mail with the URL to go into; you then log in via your chosen social network and get access to the admin interface in which you create your profile. The invite token will expire after 24 hours, so you must use it before this elapsed time. (If the token does expire, you may request us to reset the interlock via Janet Service Desk in return for a beverage promisory note.) 

Using the Tool

You will then be able to configure the tool to generate downloadable configuration installer programs for the current list of targets (or supported targets if you have an exotic authentication requirement). More EAP methods and platforms are supported, but there are certain excpetions. Once you have a valid profile/setting/configuration, and the CAT system will generate the installers.

You can then choose whether to:

  • host those locally and direct users to your setup pages
  • host them locally AND let users use the CAT pages 
  • just point users to the CAT pages

(We prefer the first method as it keeps control under the site and avoids an organisation relying on an external site for their setup/service).

There will be more documentation/screencast for how to operate the CAT site as an admin released in the future (though it is fairly intuitive!) Please note than you MUST have CA certificate (and any intermediates) uploaded for a valid profile to be created - as mentioned above, this tool promotes best practice only.