Re: Eduroam and Microsoft

[Louis Twomey <louis.twomey@xxxxxxxxx>]

Thanks Tomasz, I hadn't realised that was possible. Microsoft should really
make that process more obvious/user friendly though.

Regards,
Louis.

"Tomasz Wolniewicz" wrote the following on 27/01/10 11:53:
> Since Windows Vista you CAN have several profiles for one SSID.
> Just create a profile and then change its name.
> 
> Tomasz
> 
> W dniu 2010-01-27 12:49, Louis Twomey pisze:
>> Hi,
>> When I was documenting the steps of configuring a Windows7 wireless client for
>> eduroam recently, I encountered the following problems:
>>
>> * I could find no way to make the client support both WPA2 and WPA1 within a
>> profile. So, if you configure a profile for WPA2, then it will not connect to
>> the same SSID via WPA1 if you roam to a site where only WPA1 is offered. I
>> guess that you could argue that this is a reasonable restriction to apply, in
>> some circumstances, but I think the option of supporting both should be
>> available to the end user.
>>
>> * Also, because the profiles are named according to the SSID, you can't create
>> more than one profile for the same SSID (so, for example, you can't add a WPA1
>> eduroam profile as less preferred than a WPA2 eduroam profile).
>>
>> I could not find a workaround to either of the above issues and from a quick
>> check I think the same issues apply to the Windows Vista client. Both are
>> significant problems, I believe.
>>
>> Regards,
>> Louis.
>>
>> "Paul Dekkers" wrote the following on 20/10/09 09:57:
>>   
>>> Hi,
>>>
>>> On Tue, 20 Oct 2009, James Sankar wrote:
>>>
>>>     
>>>> I met with Microsoft representatives in Australia today, I mentioned
>>>> eduroam
>>>> and was unsure whether we still have issues with Windows operating
>>>> systems
>>>> requiring a supplicant such as SecureW2, I agree to check where that
>>>> all got
>>>> to, hence this email.  What is the current position, is it resolved,
>>>> if not
>>>> what exactly needs to be done so that I can push this along within
>>>> Microsoft.
>>>>       
>>> I think we still need things like SecureW2 in order to use TTLS-PAP, for
>>> IdPs that are unable to deploy the (Microsoft PEAP-way) MSCHAPv2
>>> authentication. This is still the case for a fairly large amount of
>>> Dutch institutions, at least. PAP works against every backend, a regular
>>> LDAP password, or even unix passwords or yp, while MSCHAPv2 really
>>> requires either an AD or reversable-crypto entries in your directory.
>>>
>>> There are also users that prefer to have a little more control, during
>>> installation (for certificate installation) or afterwards, which is
>>> something that the Microsoft PEAP-implementation does not provide yet,
>>> I'm afraid.
>>>
>>> The other issue with Microsoft's zero configuration is I think not
>>> EAP-based, but the roaming between eduroam networks with different
>>> encryption settings. We still have a mix in the Netherlands, as I just
>>> reported here during the TF meeting in Rome ;-) and it's moving towards
>>> the right direction - but in particular on Windows platforms it's hard
>>> to roam from a WEP-8021x to WPA1 or WPA2 network. The Windows supplicant
>>> tends to forget the network-settings, or at least doesn't share this
>>> information between the networks - so that there is still quite some
>>> instructions involved for setting up networks (especially while using
>>> PEAP, because people need to toggle some bits, disabling the
>>> domain-authentication, and so forth).
>>>
>>> I'm afraid that Windows does not have the most user-friendly Wireless
>>> stuff around, where our use-case is concerned. But maybe others have
>>> different experiences :-)
>>>
>>> Regards,
>>> Paul
>>>
>>>     
>>   
> 
> 

-- 
HEAnet Limited                               louis.twomey@xxxxxxxxx
5 George's Dock, IFSC, Dublin 1              Tel: +353-1-6609040
Web: http://www.heanet.ie                    Fax: +353-1-6603666
Registered in Ireland, no 275301             PGP key: C77D9256

--- Please consider the environment before printing this e-mail ---