Hi everyone,
I am wondering if it is possible to connect to eduroam wireless network ( which implements ttls-pap auth. ) with Mikrotik equipment as a station.
I am looking for a solution literally for months, and went through like every thread that mentions this, and didn't get a clear answer.
I know there is ttls-mschapv2 support, but I can't get it to work ( although some folks said ot works with this... )
Can someone, please, give me a guide how to connect to such network as a station?
Thanks!
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Does nobody know an answer to this question?
This has been asked a few times already, but there was never a definitive answer.
I hope i am not the only one interested in this.
This has been asked a few times already, but there was never a definitive answer.
I hope i am not the only one interested in this.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I am still looking for a solution...
It's really stupid to flash my main outdoor station with Openwrt just because i need ttls-pap auth which is included in wpa_supplicant package...
Is it maybe possible to use wpa_supplicant inside ROS? Or will support for the before mentioned auth in station mode come out in near future?
It's really stupid to flash my main outdoor station with Openwrt just because i need ttls-pap auth which is included in wpa_supplicant package...
Is it maybe possible to use wpa_supplicant inside ROS? Or will support for the before mentioned auth in station mode come out in near future?
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Same requirement here. Trying to connect to XFINITY secure network. It's EAP-TTLS/PAP (GTC Phase 2). No version of routeros seems to support it currently ?
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Yea, I am still waiting on this...
I didn't look at wifiwave2 though, maybe its available there. It might be worth to check...
I didn't look at wifiwave2 though, maybe its available there. It might be worth to check...
-
-
erickufrin
just joined
- Posts: 3
- Joined:
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
+1 - also looking for EAP-PAP support to connect to XFINITY wifi.
Attempts to use either EAP or PEAP w/ MS-CHAPv2 fail at authentication.
Attempts to use either EAP or PEAP w/ MS-CHAPv2 fail at authentication.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I also vote for this feature
need it for XFINITY wireless network connection
need it for XFINITY wireless network connection
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Please include this feature.
Needed for local Internet provider auth
Needed for local Internet provider auth
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I also need EAP/TTLS-PAP for eduroam.
Mikrotik as a European vendor should support the largest European academic WiFi network.
Mikrotik as a European vendor should support the largest European academic WiFi network.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
The most interesting thing of all is that no one has deigned to answer, as if you were asking for plans to make a dirty nuclear explosive device...bump
On the other hand, it is an attempt to connect to the largest European wireless network by a product of one of the largest European network equipment manufacturers....
And it just doesn't work and no one cares...
nice
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
The place to ask for features that will definitely boost the sales is by an email to sales@mikrotik.com or by making a support ticket, not by posting a forum topic and typing +1 or bump in it.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I think you said everything... Maybe there really are some nuclear codes in this feature implementationThe most interesting thing of all is that no one has deigned to answer, as if you were asking for plans to make a dirty nuclear explosive device...bump
On the other hand, it is an attempt to connect to the largest European wireless network by a product of one of the largest European network equipment manufacturers....
And it just doesn't work and no one cares...
nice
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
don't make me laugh... this question was first raised more then ten years ago and was never answered by anyone from mikrotik ... so we can sit and cry ur flush our routers with inferior software which at least will support what we need....The place to ask for features that will definitely boost the sales is by an email to sales@mikrotik.com or by making a support ticket, not by posting a forum topic and typing +1 or bump in it.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
There are many examples of feature requests that were never answered by MikroTik, never implemented, always promised for v7 but still not implemented there, etc etc.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.
Years ago, when I asked at a MUM about the sad state of IPv6 support, the answer was that "nobody every asks for that", and when I said "but I am asking for it..." the reply indicated that they mainly listen to what their distributors and large customers demand. And of course that can be justified, after all it is them that they make money from, not me that my buy like 10 routers and be involved in 100 other routers being sold.
So the general reply was that when I had a business case for something, I could always mail to that sales address and they would consider it.
When you (and others in the topic) have a business case for Eduroam support, and you can tell them "you will sell 1000 more APs when you have that!", they will probably consider it.
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.
Years ago, when I asked at a MUM about the sad state of IPv6 support, the answer was that "nobody every asks for that", and when I said "but I am asking for it..." the reply indicated that they mainly listen to what their distributors and large customers demand. And of course that can be justified, after all it is them that they make money from, not me that my buy like 10 routers and be involved in 100 other routers being sold.
So the general reply was that when I had a business case for something, I could always mail to that sales address and they would consider it.
When you (and others in the topic) have a business case for Eduroam support, and you can tell them "you will sell 1000 more APs when you have that!", they will probably consider it.
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Let's go back to the start here. EDUROAM isn't exactly uncommon — since the whole idea of eduroam is a common Wi-Fi auth scheme across educational institutions. The local university broadcasts where I'm at even supports it, and suggest settings are: https://its.ucsc.edu/wireless/eduroam-m ... onfig.html
The magic needed is in "Dot1X" section in winbox. You need to add a Dot1X client to the wireless interface (and set WPA2-EAP in /interface/wireless/security-profile to use WPA2-eap). I can't test this but something like this:
See https://help.mikrotik.com/docs/display/ROS/Dot1X .
You may have to add the root certificate, for eduroam, but dunno. Anyway...I can't say the exact config – e.g. not sure how inner and outer auth scheme are selected (it's a dropdown), but docs do say "PEAPv0/EAP-MSCHAPv2" is supported which EDUROAM seems to want – so it should work. If docs say it, totally valid support case. But I fiddle with dot1x settings (e.g. try eap-peap) in Dot1x setting instead of the mschapv2 first). Also, you may need the root certificate for the particular eduroam site you're at, see https://eduroam.dk/node/33?language=en and if you have a root cert, use /certificate import on RouterOS to add it.
If those don't work...open a ticket at help.mikrotik.com — include a supout.rif (created in winbox from left menue, download and attach to case if you open a case with Mikrotik) . This seems like something that should work.
Footnotes:
* Also note, not sure if V7 only feature.
* 802.1X ("Dot1x" in RouterOS) auth is NOT supported on SMIPS devices (hAP lite, hAP lite TC and hAP mini)
The magic needed is in "Dot1X" section in winbox. You need to add a Dot1X client to the wireless interface (and set WPA2-EAP in /interface/wireless/security-profile to use WPA2-eap). I can't test this but something like this:
Code: Select all
/interface wireless security-profiles add authentication-types=wpa2-eap mode=dynamic-keys name=eduroam-wpa2-eap supplicant-identity="eduroam"
/interface dot1x client add eap-methods=eap-mschapv2 identity=me password=mysecret interface=wlan1
See https://help.mikrotik.com/docs/display/ROS/Dot1X .
You may have to add the root certificate, for eduroam, but dunno. Anyway...I can't say the exact config – e.g. not sure how inner and outer auth scheme are selected (it's a dropdown), but docs do say "PEAPv0/EAP-MSCHAPv2" is supported which EDUROAM seems to want – so it should work. If docs say it, totally valid support case. But I fiddle with dot1x settings (e.g. try eap-peap) in Dot1x setting instead of the mschapv2 first). Also, you may need the root certificate for the particular eduroam site you're at, see https://eduroam.dk/node/33?language=en and if you have a root cert, use /certificate import on RouterOS to add it.
If those don't work...open a ticket at help.mikrotik.com — include a supout.rif (created in winbox from left menue, download and attach to case if you open a case with Mikrotik) . This seems like something that should work.
Footnotes:
* Also note, not sure if V7 only feature.
* 802.1X ("Dot1x" in RouterOS) auth is NOT supported on SMIPS devices (hAP lite, hAP lite TC and hAP mini)
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I understand you, but don't you think it's at least funny that users ask vendors for such banal functionalities?There are many examples of feature requests that were never answered by MikroTik, never implemented, always promised for v7 but still not implemented there, etc etc.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.
...
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
Mikrotik is no longer a 10 man company but a serious networking company, and on the other hand I'm not trying to connect to an obscure HotSpot on a beach in New Zealand (no offense to New Zealanders) but to EDUROAM.
With that, I don't understand your last sentence that Eduroam is at the end of the company's interests, and especially the recommendation that I take something else instead of Mikrotik.
I have been patient with Mikrotik almost from the very beginning (I still have ROS v1.x on 7 floppy disks somewhere) because I think and believe that they are smart and of high quality, and that, in addition, they have optimal prices and I am not inclined to give up after 25 years
So I'm still looking for a solution...
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
onLet's go back to the start here. EDUROAM isn't exactly uncommon — since the whole idea of eduroam is a common Wi-Fi auth scheme across educational institutions. The local university broadcasts where I'm at even supports it, and suggest settings are: https://its.ucsc.edu/wireless/eduroam-m ... onfig.html
.....
Code: Select all
/interface wireless security-profiles add authentication-types=wpa2-eap mode=dynamic-keys name=eduroam-wpa2-eap supplicant-identity="eduroam"
/interface dot1x client add eap-methods=eap-mschapv2 identity=me password=mysecret interface=wlan1
Code: Select all
input does not match any value of interface
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Well, I sometimes doubt that... No idea how many actual developers there are at MikroTik, but to re-implement a feature that actually worked in v6 into v7 they claim it is a "work in progress" for about a year and a half already. That does not give me the confidence that they have a lot of developers.I understand you, but don't you think it's at least funny that users ask vendors for such banal functionalities?There are many examples of feature requests that were never answered by MikroTik, never implemented, always promised for v7 but still not implemented there, etc etc.
But I have never seen that a forum topic with hundreds of "+1", "me too!", "up", "bump" etc replies actually accelerated it.
...
However, you should be warned that Eduroam support is among the least of issues with MikroTik WiFi when deploying in an environment with many users and many APs, like a school or university. You may want to think again before you buy MikroTik for that.
Mikrotik is no longer a 10 man company but a serious networking company,
Yeah sorry, in the reply above I sort of assumed that you were trying to deploy an indoor WiFi network in an educational environment and wanted the users to connect using EDUROAM, which of course is a bit different from using a hAP mini to connect an ethernet-only device to the EDUROAM network in your school.and on the other hand I'm not trying to connect to an obscure HotSpot on a beach in New Zealand (no offense to New Zealanders) but to EDUROAM.
With that, I don't understand your last sentence that Eduroam is at the end of the company's interests, and especially the recommendation that I take something else instead of Mikrotik.
MikroTik WiFi is many years behind the competition. Features like 802.11k/r/v are not implemented (there is some unusable alfa test implementation for a small number of devices only), and many other enterprise features that even competitors in the same market segment are offering are not present.
The years long mistake of selling devices with only 16MB flash memory effectively means no chance of future addition of many of those features (competitors often have 256MB or more flash storage for the firmware).
However, I always believed that networks like EDUROAM use WPA2-EAP with EAP-TTLS and MSCHAPv2. And MikroTik does support that.
You can add a security profile like this:
/interface wireless security-profiles
add authentication-types=wpa2-eap eap-methods=eap-ttls-mschapv2 mode=\
dynamic-keys mschapv2-password=PASSWORD mschapv2-username=USERNAME name=\
USERNAME tls-mode=dont-verify-certificate
I have that working within a system that uses this type of authentication (using a RADIUS server at the AP end).
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Sorry, I meant this seem like something Mikrotik would want to fix.So I'm still looking for a solution...
From a couple docs on EDUROAM specs it looks supported – but yeah the config isn't clear to me.
I think my point was more: have you opened a ticket at help.mikrotik.com? At least give them a chance to respond, I don't think they troll the forum looking for issues.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
https://www.eduroam.md/wp-content/uploa ... _setup.pdf
Isn't this just EDUROAM's remote forwarded RADIUS login? https://wiki.geant.org/pages/viewpage.a ... =121346259
Dot 1.X for ethernet wired connections, and PEAP-MSCHAPv2 for wifi ?
Or has it also some links with "Interworking Profiles" as well?
Isn't this just EDUROAM's remote forwarded RADIUS login? https://wiki.geant.org/pages/viewpage.a ... =121346259
Dot 1.X for ethernet wired connections, and PEAP-MSCHAPv2 for wifi ?
Or has it also some links with "Interworking Profiles" as well?
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
There are two distinct set of requirements. For visited organisations the requirement is the APs support WPA2-EAP, for home organisations they are free to use any EAP method(s) between their RADIUS servers and user as long as it will generate symmetric keying material for encryption ciphers and encapsulate the keys.However, I always believed that networks like EDUROAM use WPA2-EAP with EAP-TTLS and MSCHAPv2. And MikroTik does support that.
Most common is EAP-PEAPv0/EAP-MSCHAPv2 as support has been built into Windows OS since XP and works without requiring additional software to be installed, however there is nothing to stop organisations using EAP-TLS, EAP-TTLS or any other suitable EAP methods. EAP-TLS is arguably the most secure, but difficult to manage as every client device requires a certificate, EAP-TTLS/PAP is only secure if the client verifies the server certificate, otherwise man-in-the-middle attacks can be used to obtain the cleartext password.
If Mikrotik do not support the station EAP method required by the home organisation there is nothing you can do other than ask Mikrotik to implement it / use a different device / install OpenWRT instead of RouterOS
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
But why use EAP-TTLS/PAP when everyone else uses EAP-TTLS/MSCHAPv2?
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Indeed, especially as there are security risks with EAP-TTLS/PAP as mentioned. It is only something which can be answered by the home organisation, I would suspect that their underlying credentials store is incompatible with MSCHAPv2, e.g. if they are using LDAP or any hashing other than MSCHAPv2.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
The same problem on reddit...
eduroam is a RADIUS-based infrastructure with 802.1X standard technology
CA certificates are required for eap-tls, eap-ttls, and eap-Peap authentication methods
cat app or py script provide for...
so we only need volunteers to deploy it as Mik has all the features.
Try importing https://pki.edupki.org/edupki-ca/pub/cacert/cacert.crt into system certificates
and , but you don’t need ,P12 autogenerated certificate.
As in their IT configuration:
RADIUS-based infrastructure with 802.1X standard technology
the SSID: "eduroam"
the crypto setting: WPA2/AES
the setting of the EAP type
the CA that issued the certificate of the eduroam server idp EAP server
the common name in the certificate of the EAP server of the eduroam idp server
https://www.reddit.com/r/mikrotik/comme ... o_eduroam/
eduroam is a RADIUS-based infrastructure with 802.1X standard technology
CA certificates are required for eap-tls, eap-ttls, and eap-Peap authentication methods
cat app or py script provide for...
so we only need volunteers to deploy it as Mik has all the features.
Try importing https://pki.edupki.org/edupki-ca/pub/cacert/cacert.crt into system certificates
and , but you don’t need ,P12 autogenerated certificate.
As in their IT configuration:
RADIUS-based infrastructure with 802.1X standard technology
the SSID: "eduroam"
the crypto setting: WPA2/AES
the setting of the EAP type
the CA that issued the certificate of the eduroam server idp EAP server
the common name in the certificate of the EAP server of the eduroam idp server
https://www.reddit.com/r/mikrotik/comme ... o_eduroam/
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
That is not the same problem as the OP
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I think we're talking about the using eduroam Wi-Fi, as station on a Mikrotik. Summarizing the OP:
Is there a specific guide to the eduroam site you're using?. The internet is littered with various university's instructions, with subtle differences. With that it become clear what is needed.
But the problem may be is while the RADIUS is the same, each institution might have different ways to use those creds. Like most things, there appears to be a spec on how eduroam is suppose to work, but reality may be different.[Have a] ... eduroam wireless network ...
... which implements ttls-pap auth ..
... with Mikrotik equipment as a station.
[T]here is ttls-mschapv2 support, but I can't get it to work...
[Need a] guide how to connect to such network as a station?
Is there a specific guide to the eduroam site you're using?. The internet is littered with various university's instructions, with subtle differences. With that it become clear what is needed.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Aside from the topic of using it with MikroTik, I am also surprised how difficult it usually is to install a WPA2-EAP connection on a device like a smartphone or laptop.
With WPA2-PSK you can simply scan a QR code to get onboard, why don't they support WPA2-EAP onboarding QR codes?
(there are some unofficial standards but the Android QR code software does not support them, and 3rd party QR code readers that used to work are now forbidden to add Wifi connections, for obvious reasons)
With WPA2-PSK you can simply scan a QR code to get onboard, why don't they support WPA2-EAP onboarding QR codes?
(there are some unofficial standards but the Android QR code software does not support them, and 3rd party QR code readers that used to work are now forbidden to add Wifi connections, for obvious reasons)
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
|| install OpenWRT instead of RouterOS
I would be ashamed to affirm and encourage
these procedures...
|| if they are using LDAP or any hashing other than MSCHAPv2.
I have already mentioned that there is
a scipt in py_v3 which perfects wpa_supplicant
or Eduroam_Cat
||That is not the same problem as the OP
1)Jakica: connect to eduroam wireless network ( which implements ttls-pap auth. )
2)Zulufepustampasic:connect the Mikrotik wireless client to the "eduroam" network .
they don’t speak the same language
but as many others would like make goal.
Let's Try!
I would be ashamed to affirm and encourage
these procedures...
|| if they are using LDAP or any hashing other than MSCHAPv2.
I have already mentioned that there is
a scipt in py_v3 which perfects wpa_supplicant
or Eduroam_Cat
||That is not the same problem as the OP
1)Jakica: connect to eduroam wireless network ( which implements ttls-pap auth. )
2)Zulufepustampasic:connect the Mikrotik wireless client to the "eduroam" network .
they don’t speak the same language
but as many others would like make goal.
Let's Try!
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
It isn't a straightforward process. It requires either a self-signed CA certificate, or pinning information for RADIUS servers secured by public CAs, plus the type of inner method to be specified - using a QR code opens up the possibility of MitM attacks, and it is not possible at all for EAP-TLS as each client needs its own certificate.
Many home organisations have onboarding applications which configure all of the necessary settings, typically via a local WiFi network with no authentication which allows the application to be downloaded over an HTTPS connection.
Many home organisations have onboarding applications which configure all of the necessary settings, typically via a local WiFi network with no authentication which allows the application to be downloaded over an HTTPS connection.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I think because in most cases if you're at WPA2-EAP Wi-Fi at a large org, you likely also use some MDM, LDAP/AD, etc. to provision the settings for a device that get's pushed out, like any certs. But as a eduroam guest, that's not an option.With WPA2-PSK you can simply scan a QR code to get onboard, why don't they support WPA2-EAP onboarding QR codes?
Typically "guests" get some open captive portal, which can accept some RADIUS auth.
So the need for QR doesn't come as often I suspect is the reason.
Certainly RouterOS doesn't make using WPA2-EAP easy, but 100% agree it's not easy to begin with... What I'm still trying to understand is just hard to configure, or is there actually some auth mode that's not actually possible?
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Well , in summary as we say in my land:
<<universitari Tik_conauti "attaccatevi al tram">>
or prepare a RasPi.
<<universitari Tik_conauti "attaccatevi al tram">>
or prepare a RasPi.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
One of the main driving forces behind eduroam was to make it easy for members of one academic organisation to gain access to WiFi when visting another without having to find out what SSID and key were needed, etc. Having configured access at your home organisation it just works when you visit another.But as a eduroam guest, that's not an option.
Typically "guests" get some open captive portal, which can accept some RADIUS auth.
So the need for QR doesn't come as often I suspect is the reason.
Any organisation is free to setup other access mechanisms for anyone not from an eduroam member organisation, as you say often with open captive portals and time-limited credentials.
As a client RouterOS just doesn't support EAP-TTLS/PAP, or any other less common EAP methods. (It's a pity that EAP-EKE was never adopted by OS developers as it offers password-based mutual authentication, is not susceptible to dictionary attacks and does not require public-key certificates which overcomes various issues with all the commonly used mechanisms.)Certainly RouterOS doesn't make using WPA2-EAP easy, but 100% agree it's not easy to begin with... What I'm still trying to understand is just hard to configure, or is there actually some auth mode that's not actually possible?
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
I know, I do it all the time. Connect to "plain" wifi, download CA cert from intranet, go to "cert management", install it as a WiFi cert, then disconnect (don't forget to delete the wifi network!), go to WPA2-EAP WiFi, enter username, password, select certificate, enter certificate DNS name, connect.It isn't a straightforward process. It requires either a self-signed CA certificate, or pinning information for RADIUS servers secured by public CAs, plus the type of inner method to be specified - using a QR code opens up the possibility of MitM attacks, and it is not possible at all for EAP-TLS as each client needs its own certificate.
IT IS ALL SUCH A DRAG. All that info (including URL where the CA cert can be downloaded) can be put in a single QR code that the user can call up from the company intranet (after having authenticated), point their phone at it, and join the network. Unfortunately it isn't supported. But it would certainly be possible.
Re: Eduroam station - EAP-TTLS/PAP support for wireless station
Max Planck Computing and Data Facility :
EAP method: ... TTLS
Phase 2 authentication: PAP
CA certificate: ... eduroam_WPA_EAP_TTLS_PAP
Domain: ... mpcdf.mpg.de
Identity: ... <your user ID>
Anonymous identity: ... anonymous@mpcdf.mpg.de
Password: ... <your password>
University of Cambridge :
EAP method: ...PEAP or PEAPv0
Phase 2 authentication:MS-CHAPv2
CA certificate: ...wireless-ca.crt +[SHA-1 & SHA-256 Fingerprint] or QuoVadis_Root_CA_2.pem
Identity: ... <your user ID>
Anonymous identity: @cam.ac.uk
Password: ... <your password>
and says: (Cambridge)
EAP-TTLS with PAP will work but is unsupported and strongly advised against: if used, the server must be authenticated
by certificate and name , else it can reveal your Network Access Token to third party sites.
and for "differently-abled" devices :
https://help.uis.cam.ac.uk/service/wi-f ... m-iot-wifi
By this I mean that "è più facile che la montagna vada da Maometto che viceversa".
EAP method: ... TTLS
Phase 2 authentication: PAP
CA certificate: ... eduroam_WPA_EAP_TTLS_PAP
Domain: ... mpcdf.mpg.de
Identity: ... <your user ID>
Anonymous identity: ... anonymous@mpcdf.mpg.de
Password: ... <your password>
University of Cambridge :
EAP method: ...PEAP or PEAPv0
Phase 2 authentication:MS-CHAPv2
CA certificate: ...wireless-ca.crt +[SHA-1 & SHA-256 Fingerprint] or QuoVadis_Root_CA_2.pem
Identity: ... <your user ID>
Anonymous identity: @cam.ac.uk
Password: ... <your password>
and says: (Cambridge)
EAP-TTLS with PAP will work but is unsupported and strongly advised against: if used, the server must be authenticated
by certificate and name , else it can reveal your Network Access Token to third party sites.
and for "differently-abled" devices :
https://help.uis.cam.ac.uk/service/wi-f ... m-iot-wifi
By this I mean that "è più facile che la montagna vada da Maometto che viceversa".
Who is online
Users browsing this forum: No registered users and 6 guests