Re: [WIRELESS-LAN] Eap-tls user experience

Wireless Issues Community Group Listserv on behalf of Heavrin, Lynn Sent: Sunday, June 20, 2021 10:24:29 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Eap-tls user experience In my experience it tried to connect then the user is greeted with a retry or close option

Re: [WIRELESS-LAN] Eap-tls user experience

, Ryan H Sent: Sunday, June 20, 2021 11:46:46 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Eap-tls user experience For us, we always get a message when trying to connect that the ‘SSID is not in range’ if the person is onboarding off campus. But the clients don’t need

Re: [WIRELESS-LAN] Eap-tls user experience

For us, we always get a message when trying to connect that the ‘SSID is not in range’ if the person is onboarding off campus. But the clients don’t need to attempt multiple times. the devil is in the details. What operating system are you seeing this with? We are currently in Big Sur hell,

Re: [WIRELESS-LAN] Eap-tls user experience

In my experience it tried to connect then the user is greeted with a retry or close option if it didn’t succeed. You can always create a new package just for remote users that won’t try to auto-connect if you are concerned about it. At the bottom of the profile when you edit it, you can just

Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2

day, February 7, 2020 at 1:42 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2 > > > Would you recommend we use an incommon public signed cert even if we’re > > able to have every BYOD client install our self-signed

Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2

@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2 > Would you recommend we use an incommon public signed cert even if we’re able > to have every BYOD client install our self-signed cert? No. The InCommon CA must adhere to the CA/Browser forum's rules fo

Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2

> Would you recommend we use an incommon public signed cert even if we’re able > to have every BYOD client install our self-signed cert? No. The InCommon CA must adhere to the CA/Browser forum's rules for a CA. As such, the lifetime of the cert is limited to just over 2 years. Having a network

Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2

I would suggest using SecureW2s PKI and not AD. We ran SecureW2 integrated with the ADCS for about 5 or 6 years. It works, but it adds some additional complexity that will cause you grief. For example, let’s say one night the integration server that ties to SecureW2 patches and hangs after a

RE: [WIRELESS-LAN] EAP-TLS

@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonathan Waldrep Sent: Wednesday, August 16, 2017 5:15 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS > This weekend we will onboard probably 50,000 devices for TLS, and for the > most part, it is no longer a huge support issue. The biggest

Re: [WIRELESS-LAN] EAP-TLS

> This weekend we will onboard probably 50,000 devices for TLS, and for the most part, it is no longer a huge support issue. The biggest issues are around Android. Just about every other operating system works very easily (OSX can be a pain, but that revolves around entering a local admin

Re: [WIRELESS-LAN] EAP-TLS

u" < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Date: *Tuesday, August 15, 2017 at 7:54 AM > *To: *"wireless-lan@listserv.educause.edu" < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > *Subject: *Re: [WIRELESS-LAN] EAP-TLS > > > > Our campus isn't comfort

Re: [WIRELESS-LAN] EAP-TLS

15, 2017 at 7:54 AM To: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] EAP-TLS Our campus isn't comfortable with an open ESSID without verifying the identity of the user, so that's the value of eduroam - identity. ** Partic

RE: [WIRELESS-LAN] EAP-TLS

-Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Misra, Sapna Sent: Tuesday, August 15, 2017 11:38 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Hi Bruce, I am curious about

RE: [WIRELESS-LAN] EAP-TLS

7 11:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS > On Aug 11, 2017, at 6:45 AM, Osborne, Bruce W (Network Operations) > <bosbo...@liberty.edu> wrote: > > Jerry, > > > > I find some of your comments interesting. We have many things in

Re: [WIRELESS-LAN] EAP-TLS

to:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Hunter Fuller >> Sent: Tuesday, August 15, 2017 10:54 AM >> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU >> <mailto:WIRELESS-LAN@listserv.educause.edu> >> Subj

Re: [WIRELESS-LAN] EAP-TLS

esday, August 15, 2017 10:54 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > <mailto:WIRELESS-LAN@listserv.educause.edu> > Subject: Re: [WIRELESS-LAN] EAP-TLS > > Our campus isn't comfortable with an open ESSID without verifying the > identity of the user, so that's the value of edur

Re: [WIRELESS-LAN] EAP-TLS

> On Aug 15, 2017, at 10:47 AM, Jeffrey D. Sessler > wrote: > > Couple of comments: > > eduroam – using your point of “…most users can access what they want > off-campus…”, what long-term value is there to eduroam? IMHO – not at lot. > Back in the day, this would

Re: [WIRELESS-LAN] EAP-TLS

@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hunter Fuller *Sent:* Tuesday, August 15, 2017 10:54 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] EAP-TLS Our campus isn't comfortable with an open ESSID without verifying the identity of the user, so that's the value of eduroam

RE: [WIRELESS-LAN] EAP-TLS

for user to get on the network. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller Sent: Tuesday, August 15, 2017 10:54 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Our campus isn't

Re: [WIRELESS-LAN] EAP-TLS

e. > > > > So for us one additional positive the EAP-TLS over PEAP but overall > user-auth has its value. > > > > > > > > -- > > Jason Cook > > Technology Services > > The University of Adelaide, AUSTRALIA 5005 > > Ph : +61 8 831

Re: [WIRELESS-LAN] EAP-TLS

t Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, 15 August 2017 2:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS One interesting trade-off: if I have good AD credentials and pop up a new

RE: [WIRELESS-LAN] EAP-TLS

: +61 8 8313 4800 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Tuesday, 15 August 2017 2:59 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS One

Re: [WIRELESS-LAN] EAP-TLS

Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Lee H Badman <lhbad...@syr.edu> Sent: Monday, August 14, 2017 11:28 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS One interesting trade-off: if I have good AD credentials and pop up a new Mac or Win

Re: [WIRELESS-LAN] EAP-TLS

rom: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen Sent: Monday, August 14, 2017 1:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Excellent Point. We did so

RE: [WIRELESS-LAN] EAP-TLS

nt: Monday, August 14, 2017 1:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Excellent Point. We did some testing with LDAP group lookups, etc. vs. checking for an attribute in a user certificate for authorization and found the performance to be significan

Re: [WIRELESS-LAN] EAP-TLS

<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Curtis, Bruce <bruce.cur...@ndsu.edu> Sent: Monday, August 14, 2017 10:56 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS > On Aug 11, 2017, at 7:45 AM, Bucklaew, Jerry <j...@buffalo.edu> wrote: > &g

RE: [WIRELESS-LAN] EAP-TLS

UCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler Sent: Friday, August 11, 2017 10:18 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS I would do a cost/benefit/risk assessment. IMHO, some of the c

Re: [WIRELESS-LAN] EAP-TLS

erv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] EAP-TLS To ALL: I am going to amend my initial request to “does anyone have any other reasons to switch to eap-tls besides the ones I list below”? I am trying to build a case for switching and want t

RE: [WIRELESS-LAN] EAP-TLS

Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: RE: [WIRELESS-LAN] EAP-TLS For certain types of devices (lab and loaner laptops, for example) there is support value in having network connectivity without the need for a user to log on. EAP-TLS is the only enterpris

RE: [WIRELESS-LAN] EAP-TLS

: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry Sent: Friday, August 11, 2017 8:45 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS To ALL: I am going to amend my initial

RE: [WIRELESS-LAN] EAP-TLS

p Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry Sent: Thursday, August 10, 2017 3:36 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] EAP-TLS Lee, I want to state first that I am not, by any

RE: [WIRELESS-LAN] EAP-TLS

RACUSE UNIVERSITY syr.edu From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry Sent: Thursday, August 10, 2017 3:36 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Lee, I want to state first

RE: [WIRELESS-LAN] EAP-TLS

: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Jerry, Am curious your reasons for TLS, like if anything beyond "it's better". Concern for PEAP being deprecated, etc? Lee -Original Message- From: Bucklaew, Jerry [j...@buffalo.edu] Received: Thursday

Re: [WIRELESS-LAN] EAP-TLS

rsday, August 10, 2017 2:41 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS To ALL: We currently do mac auth and EAP-PEAP authentication on our wireless network. I am trying to put together a proposal to move to cert based authentication and I was w

RE: [WIRELESS-LAN] EAP-TLS

To ALL: We currently do mac auth and EAP-PEAP authentication on our wireless network. I am trying to put together a proposal to move to cert based authentication and I was wondering if anyone has a proposal or justification already written as to why you should move to cert based auth?

Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

evin McCormick Sent: Thursday, September 24, 2015 1:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and Androids does not seem to have any issues. The radius server is iss

Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

serv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin McCormick Sent: Thursday, September 24, 2015 1:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and Andr

RE: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

roup Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin McCormick Sent: Thursday, September 24, 2015 1:11 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7,

RE: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

Let me see if I can clear things up... Your clients were successfully onboarded, and when the clients connect, they are reporting that the radius server certificates being sent are revoked? Or are you saying that your clients are reporting that the radius servers are saying the client

RE: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H Sent: Thursday, September 24, 2015 12:56 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems Let me

Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

We found a bug with the CloudPath onboarding and microsoft cert checking. We are using Microsoft NPS for the RADIUS server and it would randomly start saying that the certificate had been revoked. Cloudpath released an update for fix this issue. Upgrading the Enrollment Server fixed this for

Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and Androids does not seem to have any issues. The radius server is issuing the certificates and the Windows 8 and 10 appear to be saying that the radius server is reporting the certificates revoked. We can export the certs