Macbook zoom wireless dropout issues

Hello everyone, Just checking if you have recently come across any macbook zoom wireless dropout (and frozen screen) issues and have taken any step to resolve it. So I have come across a Macbook running Catalina 10.15.7 reporting zoom dropouts from time to time. The AP is 3700 and the controll

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

There is some ambiguity on this topic (EAP identity realm matching to EAP server identity) and I’m trying to get some clarity so for the time being, ignore my comment about requiring the same domain in the cert (it is definitely a best practice but it may not be required). I will include this a

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

On Thu, 11 Feb 2021, Matthew Craig wrote: > Does all this have any consequences for “traveling” eduroam clients? ... > Professor X travels to otherorg.edu: > > Location: traveling at otherorg.edu > ssid: eduroam > username: profess...@myorg.edu

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

No. EAP server trust is between the client and home infrastructure. From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf of Matthew Craig Date: Thursday, February 11, 2021 at 14:01 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] An

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

Does all this have any consequences for “traveling” eduroam clients? Elaboration: Location: home at myorg.edu ssid: eduroam username: profess...@myorg.edu Professor X’s supplicant config: Domain = myorg.edu my radius server: radi

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

On Thu, 11 Feb 2021, Tim Cappalli wrote: > Yes, the EAP server certificate subject should be the same eTLD as the > credential realm. I should have used the word realm for clarity sorry, I couldn't quite bring it to mind! > Said differently, if EAP identity is > `t...@capptoso.com

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

Yes, the CN must always be a SAN entry. If folks think it would be useful, I can put together a blog post on this over the weekend that puts all of the information in one spot. If you think this would be useful, go here and submit “Yes”: https://forms.office.com/r/QFNX1q-8f1 (trying to avoid

RE: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

Am I understanding correctly that if the CN also exists as a SAN then it is accepted? From: The EDUCAUSE Wireless Issues Community Group Listserv On Behalf Of Tim Cappalli Sent: Thursday, February 11, 2021 9:20 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] [EXT] Re: [WIR

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

Yes, the EAP server certificate subject should be the same eTLD as the credential realm. Said differently, if EAP identity is `t...@capptoso.com`, the server certificate should be `.capptoso.com`. From: The EDUCAUSE Wireless Issues Community Group Listserv on behalf

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

Can I drill into this a bit please just be clear on my understanding? On Thu, 11 Feb 2021, Sweetser, Frank E. wrote: > "The STA is configured with EAP credentials that explicitly specify a CA > root certificate that matches the root certificate in the received > Server Certificate message and,

Re: [WIRELESS-LAN] [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

“means that unlike the web browser behavior we’re all used to, if there is a dNSName in the SAN list, then the CN will not be evaluated in matching the client configured domain” This is how browsers work as well. The TLS spec for X.509 validation requires that you ignore the CN when SANs are pr

RE: [EXT] Re: [WIRELESS-LAN] Android 11 Manual Profile Configuration Variable

I just wanted to chime in with one more catch that we hit on Android. The WPA3 spec contains this language on comparing the client configured domain against the name of the server certificate: "The STA is configured with EAP credentials that explicitly specify a CA root certificate that matche