Community discussions

MikroTik App
 
Jakica
newbie
Topic Author
Posts: 27
Joined: Sun Feb 09, 2020 1:41 am

Eduroam station - EAP-TTLS/PAP support for wireless station

Tue Jun 23, 2020 4:43 pm

Hi everyone,

I am wondering if it is possible to connect to eduroam wireless network ( which implements ttls-pap auth. ) with Mikrotik equipment as a station.

I am looking for a solution literally for months, and went through like every thread that mentions this, and didn't get a clear answer.

I know there is ttls-mschapv2 support, but I can't get it to work ( although some folks said ot works with this... )


Can someone, please, give me a guide how to connect to such network as a station?

Thanks!
 
Jakica
newbie
Topic Author
Posts: 27
Joined: Sun Feb 09, 2020 1:41 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Mon Jul 13, 2020 3:21 am

Does nobody know an answer to this question?
This has been asked a few times already, but there was never a definitive answer.

I hope i am not the only one interested in this.
 
Jakica
newbie
Topic Author
Posts: 27
Joined: Sun Feb 09, 2020 1:41 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Nov 28, 2020 4:00 am

I am still looking for a solution...

It's really stupid to flash my main outdoor station with Openwrt just because i need ttls-pap auth which is included in wpa_supplicant package...

Is it maybe possible to use wpa_supplicant inside ROS? Or will support for the before mentioned auth in station mode come out in near future?
 
Jakica
newbie
Topic Author
Posts: 27
Joined: Sun Feb 09, 2020 1:41 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Wed Feb 03, 2021 9:22 pm

bump
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Wed Dec 08, 2021 1:26 am

Same requirement here. Trying to connect to XFINITY secure network. It's EAP-TTLS/PAP (GTC Phase 2). No version of routeros seems to support it currently ?
 
Jakica
newbie
Topic Author
Posts: 27
Joined: Sun Feb 09, 2020 1:41 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Thu Dec 09, 2021 2:11 am

Yea, I am still waiting on this...

I didn't look at wifiwave2 though, maybe its available there. It might be worth to check...
 
erickufrin
just joined
Posts: 3
Joined: Wed Dec 29, 2021 8:07 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Wed Dec 29, 2021 8:11 pm

+1 - also looking for EAP-PAP support to connect to XFINITY wifi.

Attempts to use either EAP or PEAP w/ MS-CHAPv2 fail at authentication.
 
ahtoh
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Fri Jan 25, 2013 3:10 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Mon Mar 07, 2022 7:52 pm

I also vote for this feature
need it for XFINITY wireless network connection
 
Detergen
just joined
Posts: 5
Joined: Mon Dec 13, 2021 5:01 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Apr 15, 2022 9:48 pm

Please include this feature.
Needed for local Internet provider auth
 
User avatar
ngalfas
just joined
Posts: 2
Joined: Sat Dec 28, 2019 8:28 pm
Location: Kozani, Greece

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Dec 16, 2022 8:44 pm

I also need EAP/TTLS-PAP for eduroam.

Mikrotik as a European vendor should support the largest European academic WiFi network.
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Feb 24, 2023 2:53 pm

bump
The most interesting thing of all is that no one has deigned to answer, as if you were asking for plans to make a dirty nuclear explosive device...

On the other hand, it is an attempt to connect to the largest European wireless network by a product of one of the largest European network equipment manufacturers....

And it just doesn't work and no one cares...

nice
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Feb 24, 2023 3:00 pm

The place to ask for features that will definitely boost the sales is by an email to sales@mikrotik.com or by making a support ticket, not by posting a forum topic and typing +1 or bump in it.
 
Jakica
newbie
Topic Author
Posts: 27
Joined: Sun Feb 09, 2020 1:41 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Feb 24, 2023 3:04 pm

bump
The most interesting thing of all is that no one has deigned to answer, as if you were asking for plans to make a dirty nuclear explosive device...

On the other hand, it is an attempt to connect to the largest European wireless network by a product of one of the largest European network equipment manufacturers....

And it just doesn't work and no one cares...

nice
I think you said everything... Maybe there really are some nuclear codes in this feature implementation 😑
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Feb 24, 2023 6:12 pm

The place to ask for features that will definitely boost the sales is by an email to sales@mikrotik.com or by making a support ticket, not by posting a forum topic and typing +1 or bump in it.
don't make me laugh... this question was first raised more then ten years ago and was never answered by anyone from mikrotik ... so we can sit and cry ur flush our routers with inferior software which at least will support what we need....
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Feb 24, 2023 7:13 pm

There are many examples of feature requests that were never answered by MikroTik, never implemented, always promised for v7 but still not implemented there, etc etc.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.

Years ago, when I asked at a MUM about the sad state of IPv6 support, the answer was that "nobody every asks for that", and when I said "but I am asking for it..." the reply indicated that they mainly listen to what their distributors and large customers demand. And of course that can be justified, after all it is them that they make money from, not me that my buy like 10 routers and be involved in 100 other routers being sold.

So the general reply was that when I had a business case for something, I could always mail to that sales address and they would consider it.
When you (and others in the topic) have a business case for Eduroam support, and you can tell them "you will sell 1000 more APs when you have that!", they will probably consider it.
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Fri Feb 24, 2023 8:41 pm

Let's go back to the start here. EDUROAM isn't exactly uncommon — since the whole idea of eduroam is a common Wi-Fi auth scheme across educational institutions. The local university broadcasts where I'm at even supports it, and suggest settings are: https://its.ucsc.edu/wireless/eduroam-m ... onfig.html

The magic needed is in "Dot1X" section in winbox. You need to add a Dot1X client to the wireless interface (and set WPA2-EAP in /interface/wireless/security-profile to use WPA2-eap). I can't test this but something like this:
/interface wireless security-profiles add authentication-types=wpa2-eap mode=dynamic-keys name=eduroam-wpa2-eap supplicant-identity="eduroam"
/interface dot1x client add eap-methods=eap-mschapv2 identity=me password=mysecret interface=wlan1

See https://help.mikrotik.com/docs/display/ROS/Dot1X .

You may have to add the root certificate, for eduroam, but dunno. Anyway...I can't say the exact config – e.g. not sure how inner and outer auth scheme are selected (it's a dropdown), but docs do say "PEAPv0/EAP-MSCHAPv2" is supported which EDUROAM seems to want – so it should work. If docs say it, totally valid support case. But I fiddle with dot1x settings (e.g. try eap-peap) in Dot1x setting instead of the mschapv2 first). Also, you may need the root certificate for the particular eduroam site you're at, see https://eduroam.dk/node/33?language=en and if you have a root cert, use /certificate import on RouterOS to add it.

If those don't work...open a ticket at help.mikrotik.com — include a supout.rif (created in winbox from left menue, download and attach to case if you open a case with Mikrotik) . This seems like something that should work.

Footnotes:
* Also note, not sure if V7 only feature.
* 802.1X ("Dot1x" in RouterOS) auth is NOT supported on SMIPS devices (hAP lite, hAP lite TC and hAP mini)
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 9:45 am

There are many examples of feature requests that were never answered by MikroTik, never implemented, always promised for v7 but still not implemented there, etc etc.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.
...
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
I understand you, but don't you think it's at least funny that users ask vendors for such banal functionalities?
Mikrotik is no longer a 10 man company but a serious networking company, and on the other hand I'm not trying to connect to an obscure HotSpot on a beach in New Zealand (no offense to New Zealanders) but to EDUROAM.
With that, I don't understand your last sentence that Eduroam is at the end of the company's interests, and especially the recommendation that I take something else instead of Mikrotik.
I have been patient with Mikrotik almost from the very beginning (I still have ROS v1.x on 7 floppy disks somewhere) because I think and believe that they are smart and of high quality, and that, in addition, they have optimal prices and I am not inclined to give up after 25 years
So I'm still looking for a solution...
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 274
Joined: Mon Oct 02, 2006 11:47 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 10:17 am

Let's go back to the start here. EDUROAM isn't exactly uncommon — since the whole idea of eduroam is a common Wi-Fi auth scheme across educational institutions. The local university broadcasts where I'm at even supports it, and suggest settings are: https://its.ucsc.edu/wireless/eduroam-m ... onfig.html

.....
on
/interface wireless security-profiles add authentication-types=wpa2-eap mode=dynamic-keys name=eduroam-wpa2-eap supplicant-identity="eduroam"
/interface dot1x client add eap-methods=eap-mschapv2 identity=me password=mysecret interface=wlan1
router responds
input does not match any value of interface
only ether1 is allowed here...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 12:16 pm

There are many examples of feature requests that were never answered by MikroTik, never implemented, always promised for v7 but still not implemented there, etc etc.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.
...
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
I understand you, but don't you think it's at least funny that users ask vendors for such banal functionalities?
Mikrotik is no longer a 10 man company but a serious networking company,
Well, I sometimes doubt that... No idea how many actual developers there are at MikroTik, but to re-implement a feature that actually worked in v6 into v7 they claim it is a "work in progress" for about a year and a half already. That does not give me the confidence that they have a lot of developers.
and on the other hand I'm not trying to connect to an obscure HotSpot on a beach in New Zealand (no offense to New Zealanders) but to EDUROAM.
With that, I don't understand your last sentence that Eduroam is at the end of the company's interests, and especially the recommendation that I take something else instead of Mikrotik.
Yeah sorry, in the reply above I sort of assumed that you were trying to deploy an indoor WiFi network in an educational environment and wanted the users to connect using EDUROAM, which of course is a bit different from using a hAP mini to connect an ethernet-only device to the EDUROAM network in your school.
MikroTik WiFi is many years behind the competition. Features like 802.11k/r/v are not implemented (there is some unusable alfa test implementation for a small number of devices only), and many other enterprise features that even competitors in the same market segment are offering are not present.
The years long mistake of selling devices with only 16MB flash memory effectively means no chance of future addition of many of those features (competitors often have 256MB or more flash storage for the firmware).

However, I always believed that networks like EDUROAM use WPA2-EAP with EAP-TTLS and MSCHAPv2. And MikroTik does support that.
You can add a security profile like this:

/interface wireless security-profiles
add authentication-types=wpa2-eap eap-methods=eap-ttls-mschapv2 mode=\
dynamic-keys mschapv2-password=PASSWORD mschapv2-username=USERNAME name=\
USERNAME tls-mode=dont-verify-certificate

I have that working within a system that uses this type of authentication (using a RADIUS server at the AP end).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 2:17 pm

So I'm still looking for a solution...
Sorry, I meant this seem like something Mikrotik would want to fix.
From a couple docs on EDUROAM specs it looks supported – but yeah the config isn't clear to me.

I think my point was more: have you opened a ticket at help.mikrotik.com? At least give them a chance to respond, I don't think they troll the forum looking for issues.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 3:58 pm

https://www.eduroam.md/wp-content/uploa ... _setup.pdf
Isn't this just EDUROAM's remote forwarded RADIUS login? https://wiki.geant.org/pages/viewpage.a ... =121346259
Dot 1.X for ethernet wired connections, and PEAP-MSCHAPv2 for wifi ?

Or has it also some links with "Interworking Profiles" as well?
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 4:09 pm

However, I always believed that networks like EDUROAM use WPA2-EAP with EAP-TTLS and MSCHAPv2. And MikroTik does support that.
There are two distinct set of requirements. For visited organisations the requirement is the APs support WPA2-EAP, for home organisations they are free to use any EAP method(s) between their RADIUS servers and user as long as it will generate symmetric keying material for encryption ciphers and encapsulate the keys.

Most common is EAP-PEAPv0/EAP-MSCHAPv2 as support has been built into Windows OS since XP and works without requiring additional software to be installed, however there is nothing to stop organisations using EAP-TLS, EAP-TTLS or any other suitable EAP methods. EAP-TLS is arguably the most secure, but difficult to manage as every client device requires a certificate, EAP-TTLS/PAP is only secure if the client verifies the server certificate, otherwise man-in-the-middle attacks can be used to obtain the cleartext password.

If Mikrotik do not support the station EAP method required by the home organisation there is nothing you can do other than ask Mikrotik to implement it / use a different device / install OpenWRT instead of RouterOS
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 5:09 pm

But why use EAP-TTLS/PAP when everyone else uses EAP-TTLS/MSCHAPv2?
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 5:20 pm

Indeed, especially as there are security risks with EAP-TTLS/PAP as mentioned. It is only something which can be answered by the home organisation, I would suspect that their underlying credentials store is incompatible with MSCHAPv2, e.g. if they are using LDAP or any hashing other than MSCHAPv2.
 
bamarcant
just joined
Posts: 7
Joined: Wed Nov 20, 2013 11:54 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 5:43 pm

The same problem on reddit...
eduroam is a RADIUS-based infrastructure with 802.1X standard technology
CA certificates are required for eap-tls, eap-ttls, and eap-Peap authentication methods
cat app or py script provide for...
so we only need volunteers to deploy it as Mik has all the features.
Try importing https://pki.edupki.org/edupki-ca/pub/cacert/cacert.crt into system certificates
and , but you don’t need ,P12 autogenerated certificate.
As in their IT configuration:
RADIUS-based infrastructure with 802.1X standard technology
the SSID: "eduroam"
the crypto setting: WPA2/AES
the setting of the EAP type
the CA that issued the certificate of the eduroam server idp EAP server
the common name in the certificate of the EAP server of the eduroam idp server
https://www.reddit.com/r/mikrotik/comme ... o_eduroam/
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 7:22 pm

That is not the same problem as the OP
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 8:36 pm

I think we're talking about the using eduroam Wi-Fi, as station on a Mikrotik. Summarizing the OP:
[Have a] ... eduroam wireless network ...
... which implements ttls-pap auth ..
... with Mikrotik equipment as a station.

[T]here is ttls-mschapv2 support, but I can't get it to work...

[Need a] guide how to connect to such network as a station?
But the problem may be is while the RADIUS is the same, each institution might have different ways to use those creds. Like most things, there appears to be a spec on how eduroam is suppose to work, but reality may be different.

Is there a specific guide to the eduroam site you're using?. The internet is littered with various university's instructions, with subtle differences. With that it become clear what is needed.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 9:37 pm

Aside from the topic of using it with MikroTik, I am also surprised how difficult it usually is to install a WPA2-EAP connection on a device like a smartphone or laptop.
With WPA2-PSK you can simply scan a QR code to get onboard, why don't they support WPA2-EAP onboarding QR codes?
(there are some unofficial standards but the Android QR code software does not support them, and 3rd party QR code readers that used to work are now forbidden to add Wifi connections, for obvious reasons)
 
bamarcant
just joined
Posts: 7
Joined: Wed Nov 20, 2013 11:54 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 9:53 pm

|| install OpenWRT instead of RouterOS
I would be ashamed to affirm and encourage
these procedures...
|| if they are using LDAP or any hashing other than MSCHAPv2.
I have already mentioned that there is
a scipt in py_v3 which perfects wpa_supplicant
or Eduroam_Cat
||That is not the same problem as the OP
1)Jakica: connect to eduroam wireless network ( which implements ttls-pap auth. )
2)Zulufepustampasic:connect the Mikrotik wireless client to the "eduroam" network .
they don’t speak the same language
but as many others would like make goal.
Let's Try!
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 10:16 pm

It isn't a straightforward process. It requires either a self-signed CA certificate, or pinning information for RADIUS servers secured by public CAs, plus the type of inner method to be specified - using a QR code opens up the possibility of MitM attacks, and it is not possible at all for EAP-TLS as each client needs its own certificate.

Many home organisations have onboarding applications which configure all of the necessary settings, typically via a local WiFi network with no authentication which allows the application to be downloaded over an HTTPS connection.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 10:24 pm

With WPA2-PSK you can simply scan a QR code to get onboard, why don't they support WPA2-EAP onboarding QR codes?
I think because in most cases if you're at WPA2-EAP Wi-Fi at a large org, you likely also use some MDM, LDAP/AD, etc. to provision the settings for a device that get's pushed out, like any certs. But as a eduroam guest, that's not an option.
Typically "guests" get some open captive portal, which can accept some RADIUS auth.
So the need for QR doesn't come as often I suspect is the reason.

Certainly RouterOS doesn't make using WPA2-EAP easy, but 100% agree it's not easy to begin with... What I'm still trying to understand is just hard to configure, or is there actually some auth mode that's not actually possible?
 
bamarcant
just joined
Posts: 7
Joined: Wed Nov 20, 2013 11:54 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sat Feb 25, 2023 10:38 pm

Well , in summary as we say in my land:
<<universitari Tik_conauti "attaccatevi al tram">>
or prepare a RasPi.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sun Feb 26, 2023 12:13 am

But as a eduroam guest, that's not an option.
Typically "guests" get some open captive portal, which can accept some RADIUS auth.
So the need for QR doesn't come as often I suspect is the reason.
One of the main driving forces behind eduroam was to make it easy for members of one academic organisation to gain access to WiFi when visting another without having to find out what SSID and key were needed, etc. Having configured access at your home organisation it just works when you visit another.

Any organisation is free to setup other access mechanisms for anyone not from an eduroam member organisation, as you say often with open captive portals and time-limited credentials.

Certainly RouterOS doesn't make using WPA2-EAP easy, but 100% agree it's not easy to begin with... What I'm still trying to understand is just hard to configure, or is there actually some auth mode that's not actually possible?
As a client RouterOS just doesn't support EAP-TTLS/PAP, or any other less common EAP methods. (It's a pity that EAP-EKE was never adopted by OS developers as it offers password-based mutual authentication, is not susceptible to dictionary attacks and does not require public-key certificates which overcomes various issues with all the commonly used mechanisms.)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10185
Joined: Mon Jun 08, 2015 12:09 pm

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Sun Feb 26, 2023 12:21 am

It isn't a straightforward process. It requires either a self-signed CA certificate, or pinning information for RADIUS servers secured by public CAs, plus the type of inner method to be specified - using a QR code opens up the possibility of MitM attacks, and it is not possible at all for EAP-TLS as each client needs its own certificate.
I know, I do it all the time. Connect to "plain" wifi, download CA cert from intranet, go to "cert management", install it as a WiFi cert, then disconnect (don't forget to delete the wifi network!), go to WPA2-EAP WiFi, enter username, password, select certificate, enter certificate DNS name, connect.
IT IS ALL SUCH A DRAG. All that info (including URL where the CA cert can be downloaded) can be put in a single QR code that the user can call up from the company intranet (after having authenticated), point their phone at it, and join the network. Unfortunately it isn't supported. But it would certainly be possible.
 
bamarcant
just joined
Posts: 7
Joined: Wed Nov 20, 2013 11:54 am

Re: Eduroam station - EAP-TTLS/PAP support for wireless station

Mon Feb 27, 2023 12:17 pm

Max Planck Computing and Data Facility :
EAP method: ... TTLS
Phase 2 authentication: PAP
CA certificate: ... eduroam_WPA_EAP_TTLS_PAP
Domain: ... mpcdf.mpg.de
Identity: ... <your user ID>
Anonymous identity: ... anonymous@mpcdf.mpg.de
Password: ... <your password>

University of Cambridge :
EAP method: ...PEAP or PEAPv0
Phase 2 authentication:MS-CHAPv2
CA certificate: ...wireless-ca.crt +[SHA-1 & SHA-256 Fingerprint] or QuoVadis_Root_CA_2.pem
Identity: ... <your user ID>
Anonymous identity: @cam.ac.uk
Password: ... <your password>

and says: (Cambridge)
EAP-TTLS with PAP will work but is unsupported and strongly advised against: if used, the server must be authenticated
by certificate and name , else it can reveal your Network Access Token to third party sites.
and for "differently-abled" devices :
https://help.uis.cam.ac.uk/service/wi-f ... m-iot-wifi
By this I mean that "è più facile che la montagna vada da Maometto che viceversa".

Who is online

Users browsing this forum: Amazon [Bot], zandhaas and 31 guests