Re: Eduroam and Microsoft

[Tomasz Wolniewicz <twoln@xxxxxx>]

Since Windows Vista you CAN have several profiles for one SSID.
Just create a profile and then change its name.

Tomasz

W dniu 2010-01-27 12:49, Louis Twomey pisze:
> Hi,
> When I was documenting the steps of configuring a Windows7 wireless client for
> eduroam recently, I encountered the following problems:
>
> * I could find no way to make the client support both WPA2 and WPA1 within a
> profile. So, if you configure a profile for WPA2, then it will not connect to
> the same SSID via WPA1 if you roam to a site where only WPA1 is offered. I
> guess that you could argue that this is a reasonable restriction to apply, in
> some circumstances, but I think the option of supporting both should be
> available to the end user.
>
> * Also, because the profiles are named according to the SSID, you can't create
> more than one profile for the same SSID (so, for example, you can't add a WPA1
> eduroam profile as less preferred than a WPA2 eduroam profile).
>
> I could not find a workaround to either of the above issues and from a quick
> check I think the same issues apply to the Windows Vista client. Both are
> significant problems, I believe.
>
> Regards,
> Louis.
>
> "Paul Dekkers" wrote the following on 20/10/09 09:57:
>   
>> Hi,
>>
>> On Tue, 20 Oct 2009, James Sankar wrote:
>>
>>     
>>> I met with Microsoft representatives in Australia today, I mentioned
>>> eduroam
>>> and was unsure whether we still have issues with Windows operating
>>> systems
>>> requiring a supplicant such as SecureW2, I agree to check where that
>>> all got
>>> to, hence this email.  What is the current position, is it resolved,
>>> if not
>>> what exactly needs to be done so that I can push this along within
>>> Microsoft.
>>>       
>> I think we still need things like SecureW2 in order to use TTLS-PAP, for
>> IdPs that are unable to deploy the (Microsoft PEAP-way) MSCHAPv2
>> authentication. This is still the case for a fairly large amount of
>> Dutch institutions, at least. PAP works against every backend, a regular
>> LDAP password, or even unix passwords or yp, while MSCHAPv2 really
>> requires either an AD or reversable-crypto entries in your directory.
>>
>> There are also users that prefer to have a little more control, during
>> installation (for certificate installation) or afterwards, which is
>> something that the Microsoft PEAP-implementation does not provide yet,
>> I'm afraid.
>>
>> The other issue with Microsoft's zero configuration is I think not
>> EAP-based, but the roaming between eduroam networks with different
>> encryption settings. We still have a mix in the Netherlands, as I just
>> reported here during the TF meeting in Rome ;-) and it's moving towards
>> the right direction - but in particular on Windows platforms it's hard
>> to roam from a WEP-8021x to WPA1 or WPA2 network. The Windows supplicant
>> tends to forget the network-settings, or at least doesn't share this
>> information between the networks - so that there is still quite some
>> instructions involved for setting up networks (especially while using
>> PEAP, because people need to toggle some bits, disabling the
>> domain-authentication, and so forth).
>>
>> I'm afraid that Windows does not have the most user-friendly Wireless
>> stuff around, where our use-case is concerned. But maybe others have
>> different experiences :-)
>>
>> Regards,
>> Paul
>>
>>     
>   


-- 
Tomasz Wolniewicz    
          twoln@xxxxxx        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576