Wireless Issues Community Group Listserv
on behalf of Heavrin, Lynn
Sent: Sunday, June 20, 2021 10:24:29 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eap-tls user experience
In my experience it tried to connect then the user is greeted with a retry or
close option
, Ryan H
Sent: Sunday, June 20, 2021 11:46:46 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Eap-tls user experience
For us, we always get a message when trying to connect that the ‘SSID is not in
range’ if the person is onboarding off campus. But the clients don’t need
For us, we always get a message when trying to connect that the ‘SSID is not in
range’ if the person is onboarding off campus. But the clients don’t need to
attempt multiple times. the devil is in the details. What operating system
are you seeing this with? We are currently in Big Sur hell,
In my experience it tried to connect then the user is greeted with a retry or
close option if it didn’t succeed. You can always create a new package just
for remote users that won’t try to auto-connect if you are concerned about it.
At the bottom of the profile when you edit it, you can just
day, February 7, 2020 at 1:42 PM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> Subject: Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2
>
> > Would you recommend we use an incommon public signed cert even if we’re
> > able to have every BYOD client install our self-signed
@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS using ADCS and/or SecureW2
> Would you recommend we use an incommon public signed cert even if we’re able
> to have every BYOD client install our self-signed cert?
No. The InCommon CA must adhere to the CA/Browser forum's rules fo
> Would you recommend we use an incommon public signed cert even if we’re able
> to have every BYOD client install our self-signed cert?
No. The InCommon CA must adhere to the CA/Browser forum's rules for a
CA. As such, the lifetime of the cert is limited to just over 2 years.
Having a network
I would suggest using SecureW2s PKI and not AD. We ran SecureW2 integrated
with the ADCS for about 5 or 6 years. It works, but it adds some additional
complexity that will cause you grief. For example, let’s say one night the
integration server that ties to SecureW2 patches and hangs after a
@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jonathan Waldrep
Sent: Wednesday, August 16, 2017 5:15 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
> This weekend we will onboard probably 50,000 devices for TLS, and for the
> most part, it is no longer a huge support issue. The biggest
> This weekend we will onboard probably 50,000 devices for TLS, and for the
most part, it is no longer a huge support issue. The biggest issues are
around Android. Just about every other operating system works very easily
(OSX can be a pain, but that revolves around entering a local admin
u" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Date: *Tuesday, August 15, 2017 at 7:54 AM
> *To: *"wireless-lan@listserv.educause.edu" <
> WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
> *Subject: *Re: [WIRELESS-LAN] EAP-TLS
>
>
>
> Our campus isn't comfort
15, 2017 at 7:54 AM
To: "wireless-lan@listserv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] EAP-TLS
Our campus isn't comfortable with an open ESSID without verifying the identity
of the user, so that's the value of eduroam - identity.
**
Partic
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Misra, Sapna
Sent: Tuesday, August 15, 2017 11:38 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
Hi Bruce,
I am curious about
7 11:49 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
> On Aug 11, 2017, at 6:45 AM, Osborne, Bruce W (Network Operations)
> <bosbo...@liberty.edu> wrote:
>
> Jerry,
>
>
>
> I find some of your comments interesting. We have many things in
to:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Hunter Fuller
>> Sent: Tuesday, August 15, 2017 10:54 AM
>> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
>> <mailto:WIRELESS-LAN@listserv.educause.edu>
>> Subj
esday, August 15, 2017 10:54 AM
> To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
> <mailto:WIRELESS-LAN@listserv.educause.edu>
> Subject: Re: [WIRELESS-LAN] EAP-TLS
>
> Our campus isn't comfortable with an open ESSID without verifying the
> identity of the user, so that's the value of edur
> On Aug 15, 2017, at 10:47 AM, Jeffrey D. Sessler
> wrote:
>
> Couple of comments:
>
> eduroam – using your point of “…most users can access what they want
> off-campus…”, what long-term value is there to eduroam? IMHO – not at lot.
> Back in the day, this would
@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hunter Fuller
*Sent:* Tuesday, August 15, 2017 10:54 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] EAP-TLS
Our campus isn't comfortable with an open ESSID without verifying the
identity of the user, so that's the value of eduroam
for user to get on the network.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller
Sent: Tuesday, August 15, 2017 10:54 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
Our campus isn't
e.
>
>
>
> So for us one additional positive the EAP-TLS over PEAP but overall
> user-auth has its value.
>
>
>
>
>
>
>
> --
>
> Jason Cook
>
> Technology Services
>
> The University of Adelaide, AUSTRALIA 5005
>
> Ph : +61 8 831
t Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 15 August 2017 2:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
One interesting trade-off: if I have good AD credentials and pop up a new
: +61 8 8313 4800
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Tuesday, 15 August 2017 2:59 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
One
Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Lee H Badman
<lhbad...@syr.edu>
Sent: Monday, August 14, 2017 11:28 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
One interesting trade-off: if I have good AD credentials and pop up a new Mac
or Win
rom: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen
Sent: Monday, August 14, 2017 1:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
Excellent Point. We did so
nt: Monday, August 14, 2017 1:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
Excellent Point. We did some testing with LDAP group lookups, etc. vs.
checking for an attribute in a user certificate for authorization and found the
performance to be significan
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Curtis, Bruce
<bruce.cur...@ndsu.edu>
Sent: Monday, August 14, 2017 10:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
> On Aug 11, 2017, at 7:45 AM, Bucklaew, Jerry <j...@buffalo.edu> wrote:
>
&g
UCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey D. Sessler
Sent: Friday, August 11, 2017 10:18 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
I would do a cost/benefit/risk assessment. IMHO, some of the c
erv.educause.edu" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] EAP-TLS
To ALL:
I am going to amend my initial request to “does anyone have any other
reasons to switch to eap-tls besides the ones I list below”? I am trying to
build a case for switching and want t
Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: RE: [WIRELESS-LAN] EAP-TLS
For certain types of devices (lab and loaner laptops, for example) there
is support value in having network connectivity without the need for a
user to log on.
EAP-TLS is the only enterpris
: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Friday, August 11, 2017 8:45 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
To ALL:
I am going to amend my initial
p Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Thursday, August 10, 2017 3:36 PM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] EAP-TLS
Lee,
I want to state first that I am not, by any
RACUSE UNIVERSITY
syr.edu
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Bucklaew, Jerry
Sent: Thursday, August 10, 2017 3:36 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
Lee,
I want to state first
: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
Jerry,
Am curious your reasons for TLS, like if anything beyond "it's better". Concern
for PEAP being deprecated, etc?
Lee
-Original Message-
From: Bucklaew, Jerry [j...@buffalo.edu]
Received: Thursday
rsday, August 10, 2017 2:41 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS
To ALL:
We currently do mac auth and EAP-PEAP authentication on our wireless network.
I am trying to put together a proposal to move to cert based authentication
and I was w
To ALL:
We currently do mac auth and EAP-PEAP authentication on our wireless network.
I am trying to put together a proposal to move to cert based authentication
and I was wondering if anyone has a proposal or justification already written
as to why you should move to cert based auth?
evin McCormick
Sent: Thursday, September 24, 2015 1:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems
Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and
Androids does not seem to have any issues.
The radius server is iss
serv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin McCormick
Sent: Thursday, September 24, 2015 1:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems
Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and
Andr
roup Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin McCormick
Sent: Thursday, September 24, 2015 1:11 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems
Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7,
Let me see if I can clear things up...
Your clients were successfully onboarded, and when the clients connect, they
are reporting that the radius server certificates being sent are revoked? Or
are you saying that your clients are reporting that the radius servers are
saying the client
Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Thursday, September 24, 2015 12:56 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems
Let me
We found a bug with the CloudPath onboarding and microsoft cert checking.
We are using Microsoft NPS for the RADIUS server and it would randomly
start saying that the certificate had been revoked. Cloudpath released an
update for fix this issue. Upgrading the Enrollment Server fixed this for
Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and
Androids does not seem to have any issues.
The radius server is issuing the certificates and the Windows 8 and 10
appear to be saying that the radius server is reporting the certificates
revoked.
We can export the certs
42 matches
Mail list logo