Hi,
It;s been 4 or 5 years since I looked at the cppm onboarding fetures, so thought I'd have another look at it.
At the moment we use the Cloudpath onboarding solution which lets us create certificates of the form <useri>-<4digit hex number>@york.ac.uk The certCN therefor maps onto a username of the same format ( eg. cn=
as1558-abcd@york.ac.uk -> UserName
as1558-abcd@york.ac.uk) which is perfect for eduroam conectivity as the outer username has the york.ac.uk realm required for remote york users to have their auth requests prxied off to our Tier 1 RADIUS servers.
Having configured a local user account and cppm onboard to create a cert using login userid and machine type it was fairly easy to perform a local eap-tls auth using cppm OCSP.
However, we do want the cert to contain the realm so it will work anywhere on eduroam. Other than logging into cppm onboard as user@realm is there a way of doing this in the config?
Also, With cloudpath we can specify a string of SSIDS to ignore ( i.e make the ssid associated with the config "top of the list preferred SSID"
e.g. at present I'm configured to connect to my local SSID using cppm eap-tls. The CN just has a userid in there and as I've got a guest and wpa2-psk network here as well I occasionally have to manually select the wpa3-enterprise one .. something that doesn't happen with the Cloudpath offering
A
------------------------------
Alex Sharaz
------------------------------