Broadcom BCM4321 to wpa2-enterprise problem

Similar Messages

• Airport Express +WPA2 Enterprise, no place to enter username and pass for auth...

  Airport Express version 7.6
  Airport Utility 5.5.3
  I want to use the Airport Express simply to bridge an Ethernet connection to wireless using WPA 2 Enterprise (Wireless network uses RADIUS authentication)
  Wireless mode is set to "Join a wireless network"
  Wireless Security is set to "WPA/WPA2 Enterprise"
  Problem is that there is no place that I can find to enter the username and password for the Enterprise security.
  Thanks

  Airport Express version 7.6
  Airport Utility 5.5.3
  I want to use the Airport Express simply to bridge an Ethernet connection to wireless using WPA 2 Enterprise (Wireless network uses RADIUS authentication)
  Wireless mode is set to "Join a wireless network"
  Wireless Security is set to "WPA/WPA2 Enterprise"
  Problem is that there is no place that I can find to enter the username and password for the Enterprise security.
  Thanks

• Problem wireless connection with WPA2 Enterprise

  Hello,
  I am experiencing an annoying problem while trying to connect at the wireless network at the University, adopting WPA2 Enterprise. After some days of frustration I decided to post a help message here, I hope it's the right section (my problem could be kernel related...). Basically I can't connect to the network, no matter how many times i may try. Other operating systems do not give me the same problem, I can connect without issues thus my card is working properly.
  Summarizing:
  - My card is a BCM4313 (Broadcom), natively supported within the kernel by the module brcmsmac.
  - I tried the module wl as well, with no result.
  - I tried both Arch standard kernel and the LTS one.
  - I am Gnome user, hence I use NetworkManager (never had a problem in the last 2 years at least...)
  - I tried Wicd as well (in the past it was working when NM was failing), with no result.
  - Both MS Windows, Ubuntu and Linux Mint (driver brcmsmac) allow me to connect to the network.
  - The problem occurrs only in case of WPA2 Enterprise, unfortunately this is a "parameter" I cannot change...
  What follows is a portion of NM log file, where I isolated the part related to one connection attempt.
  NetworkManager[305]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0]
  NetworkManager[305]: <info> Activation (eth1/wireless): access point 'MY_SSID' has security, but secrets are required
  NetworkManager[305]: <info> (eth1): device state change: config -> need-auth (reason 'none') [50 60 0]
  NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete.
  NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) scheduled...
  NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) started...
  NetworkManager[305]: <info> (eth1): device state change: need-auth -> prepare (reason 'none') [60 40 0]
  NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) scheduled...
  NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) complete.
  NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) starting...
  NetworkManager[305]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0]
  NetworkManager[305]: <info> Activation (eth1/wireless): connection 'MY_SSID' has security, and secrets exist. No new secret [I can't read after this but it's not relevant...]
  NetworkManager[305]: <info> Config: added 'ssid' value 'MY_SSID'
  NetworkManager[305]: <info> Config: added 'scan_ssid' value '1'
  NetworkManager[305]: <info> Config: added 'key_mgmt' value 'WPA-EAP'
  NetworkManager[305]: <info> Config: added 'password' value '<omitted>'
  NetworkManager[305]: <info> Config: added 'eap' value 'PEAP'
  NetworkManager[305]: <info> Config: added 'fragment_size' value '1300'
  NetworkManager[305]: <info> Config: added 'phase2' value 'auth=MSCHAPV2'
  NetworkManager[305]: <info> Config: added 'ca_path' value '/etc/ssl/certs'
  NetworkManager[305]: <info> Config: added 'ca_path2' value '/etc/ssl/certs'
  NetworkManager[305]: <info> Config: added 'identity' value 'username'
  NetworkManager[305]: <info> Config: added 'bgscan' value 'simple:30:-45:300'
  NetworkManager[305]: <info> Config: added 'proactive_key_caching' value '1'
  NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete.
  NetworkManager[305]: <info> Config: set interface ap_scan to 1
  NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
  NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> associating
  NetworkManager[305]: <info> (eth1): supplicant interface state: associating -> associated
  NetworkManager[305]: <warn> Connection disconnected (reason -3)
  NetworkManager[305]: <info> (eth1): supplicant interface state: associated -> disconnected
  NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
  NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> associating
  NetworkManager[305]: <info> (eth1): supplicant interface state: associating -> associated
  NetworkManager[305]: <warn> Connection disconnected (reason -3)
  NetworkManager[305]: <info> (eth1): supplicant interface state: associated -> disconnected
  NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
  NetworkManager[305]: <warn> Activation (eth1/wireless): association took too long.
  NetworkManager[305]: <info> (eth1): device state change: config -> need-auth (reason 'none') [50 60 0]
  NetworkManager[305]: <warn> Activation (eth1/wireless): asking for new secrets
  NetworkManager[305]: <warn> Couldn't disconnect supplicant interface: This interface is not connected.
  NetworkManager[305]: <warn> Couldn't disconnect supplicant interface: This interface is not connected.
  NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> inactive
  NetworkManager[305]: <info> (eth1): disconnecting for new activation request.
  NetworkManager[305]: <info> (eth1): device state change: need-auth -> disconnected (reason 'none') [60 30 0]
  NetworkManager[305]: <info> (eth1): deactivating device (reason 'none') [0]
  As I said before, it may be a kernel related problem, but it seems very strange since I would expect a higher number of users experiencing some troubles.
  As a final note, I've been Arch-dependent since 4 years already and I love it. I can't really imagine to change distribution just for this...but I am stuck at present and I need to work with the laptop, so any help is really appreciated. 
  Thank you
  Last edited by Demind (2013-05-30 12:38:40)

  cfr wrote:Try to connect manually and post the output you get.
  I did what you suggested and I could connect to the network, ergo it was a NetworkManager problem.
  I am migrating to netctl, and I will test it at the university in the next days. I hope it will work.
  Thanks for the hint, I should have done this test in the first place...:(

• Wifi problem after connecting to wpa2 enterprise

  hi all.
  I have iphone 3gs with me. It has doing great on all the wifi connection before. I can connect to my home wpa2 wifi and office hidden wpa2 wifi with no problem. Then, I tried to join my office enterprise wifi with wpa2 enterprise. It was successfull. However, just after that, i can't get connected back to my office hidden wpa2 wifi. it just like deny the connection. I reset the network connection, forget network still fail. Even i disable the wpa2 security but failed also. Anyway, i still able to connect to my home wifi and office enterprise wifi.
  please help as. I can't say the hardwar problem as it can get connected at my home network. sight

  anybody care to help me please?

• WAP4410N WPA2 Enterprise Mixed authentication problem against Cisco ACS 4.2

  We have 3 x WAP4410N at new office setup in Singapore.
  Customer asked us to setup those 3 AP to make client auth against an ACS 4.2 sitting in US office.
  All the user notebooks were joined to Windows domain in US office, before sent out to Singapore office.
  We configured APs with WPA2 Enterprise Mixed mode and entered radius server address and secrects correctly.
  Logging from ACS shows that users are authenticated successfully but, on the user notebooks, authentication never seems successful and keeps authenticating.
  We have tried with other option (RADIUS) but, problem persists.
  Please help.

  Hi Robert,
  Firmware version is 2.0.4.2.
  We have tested with WPA-personal, WPA2-personal and all worked.
  For enterprise, we have tested using WPA-ent, WPA2-ent, WPA2-ent-mixed and RADIUS.
  All did not work.
  Client keeps flapping between auth and validation.
  ACS logs showed that auth OK.
  Syslog from AP showed that client was assiciated but it happened repeatedly.
  <134>Oct 28 16:13:27 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Open Authentication    10.200.4.12    28/10 16:13:28.720   
  <134>Oct 28 16:13:27 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Associated    10.200.4.12    28/10 16:13:28.720   
  <134>Oct 28 16:13:29 MVIS-SG-AP01 kernel: [][A0:88:B4:40:41:D4] SUBTYPE_AUTH    10.200.4.12    28/10 16:13:30.720   
  <134>Oct 28 16:13:29 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Open Authentication    10.200.4.12    28/10 16:13:30.720   
  <134>Oct 28 16:13:29 MVIS-SG-AP01 kernel: [sg-internal][A0:88:B4:40:41:D4] Associated    10.200.4.12    28/10 16:13:30.736   
  <134>Oct 28 16:13:31 MVIS-SG-AP01 kernel: [][A0:88:B4:40:41:D4] SUBTYPE_AUTH    10.200.4.12    28/10 16:13:32.689   
  Below is the diagram for your kind ref.
        US Office          Site-to-Site VPN    SG Office 
  ACS --- ASA ------------ Internet ------------ ASA5505 ------ 2960 PoE SW ----- 3 x WAP4410N
                                                                                                     \ \___ DNS/DHCP Server
                                                                                                      \____ Wired Clients
  Note: SG office ASA is 5505 and outside interface is on Vlan 2, inside interface is on Vlan 1. 2960 switch is configured with all ports in Vlan 2. Vlan feature on WAP4410N is disabled. Layer3 communication among US office ACS, SG office ASA5505, DHCP server and WAP4410N is fine. All wired clients in SG office get IP from DHCP server. I feel this is a bit odd and you may need to know.
  Do feel free to let me know, should you need further input from me. Thanks!

• Creating a Configurator profile for ATV on WPA2 Enterprise?

  Alright, so I have a couple of Apple TVs (latest version) which I want to get up and running on our wireless network here at work. We have a WPA/WPA2 Enterprise network. Our access point is simply an Airport Extreme and the RADIUS server is running on OS X Server 10.6.
  I understand that I have to load the Apple TV with a profile to get it to connect to the wireless network but I can't for the life of me figure out what the correct settings are for my network. I'd ask our IT department but the problem is that I am the IT department.
  When I try to connect using the profiles I've created I get the error "There was a problem connecting to the network. Check your settings and try again. (-369033215).
  The first issue (I believe) is that I might not be choosing the right EAP types. In configurator I can choose TLS. TTLS, LEAP, PEAP, EAP-FAST, EAP-SIM, or EAP-AKA. I have no idea which one I should be choosing or how to figure out which types my network supports. Also some of them want me to enter an outer identity which again, I have no idea what to put there.
  The second issue may be the trusted certificates - I may not have the correct one(s). When I check the RADIUS server settings, it shows that I'm using a self-signed certificate that I generated quite a while ago (we don't have any actual certs, just self-signed ones - small office, not my area of expertise so I didn't want to waste company money without knowing what I was doing). So, what I did was I opened up Keychain Access, found that certificate, exported it, and imported it into Configurator. I imported it into Trusted Certificates but I didn't put anything in for Trusted Server Certificate Names - should I put anything in there?
  Any help is appreciated.

  Ok that part I put above would go in your SQL, not in the report properties - you also want to replace p.product_image with whatever your BLOB column is, and p.product_id with your employee_id column.
  The apex_util.get_blob_file_src basically does the same thing that you were doing but should be a little simpler to manage.
  http://download.oracle.com/docs/cd/E14373_01/apirefs.32/e13369/apex_util.htm#CHDICGDA
  So:
  1) Edit your sql and try using this function instead of just calling the BLOB column.
  2) Edit the column properties and put #PHOTO# as the link, and #EMPLOYEE_ID# (or whatever your primary key is called) as the Value.
  3) If that long string is still in the number/character format field, clear it out.
  4) If that still doesn't work, install the demo application that comes with Apex and look at Page 3. That is all I did.

• MAC OS 10.4.11 connecting to WPA2 Enterprise not permanently working

  Hi,
  I have an issue with the following environment. I will try to simply my wording to help understand the problem.
  Hardware: Macbook Pro 17" Intel Core 2 Duo and Macbook laptops
  Operating System: Both run MAC OS 10.4.11 fully updated (According to Apple Reps, this operating system is no longer supported)
  Airport cards: Both have Airport Extreme cards. The Macbook Pro's card is using Firmware version 1.4.4 ( card type requirement to connect to WPA2 Enterprise network)
  Connection type: Connected via PEAP (Inner Protocol:MSCHAPv2)
  Wireless Access Point (WAP): Cisco Aironet 1142: Macbook connects to WAP to gain access to the Internet.
  Cisco ACS version 5 server (validates macbook username and password entries to Microsoft AD servers.)
  Microsoft Windows Server 2003 with Active Directory (holds user accounts) 
  Other Operating systems MAC OS 10.5 to MAC OS 10.7 (Leopard, Snow Leopard, and Lion make automatic connections.)
  Basically, the process is that the macbook user enters in their email username and password into a WPA2 Enterprise wireless connection. The Cisco 1142 broadcasts the SSID for the user to connect to. Once the wireless connection is made to the Cisco 1142 WAP, the WAP sends the username and password to the ACS server. The ACS server verifies the username and password from the macbook to Microsoft Windows Server AD user accounts. If the password is validated, then the ACS grants access to the wireless Internet to the macbook user.
  The wireless configuration involves the following process:
  1. Click on the desktop, Go should be available now.
  2. Click on Go, then Applications. The Applications window will appear.
  3. Click on Internet Connect.
  4. By default, The 802.1X connection is not available. We will be using the 802.1X connection to enter and save the username and password. Click on File and select "New 802.1X Connection."
  5. A windows should appear. Under Configurations, select Edit Configurations.
  6. An 802.1X windows will appear to enter in the following:
  - Description: name of connection
  - Network port: Airport
  -User Name: domain\username or just username of email account
  -password: password for email account
  -Wireless Network: SSID of Cisco Aironet 1142 Wireless Access Point (WAP)
  -Authentication PEAP configured with outer identity of anonymous. We uncheck TTLS, EAP-FAST, LEAP, and MD5.
  7. Click Ok. Select Connect and it should connect to the SSID if the username and password are valid accounts.
  8. Select File and then "Export 802.1X Configuration to login Window."
  To verify connection:
  1. We go to Apple - System Preferences and select Network.
  2. The Airport should say that it is conected to the SSID. You are connected to the Internet via Airport.
  3. Go a little deeper, we click on configure for the Airport.
  4. Under By default join: select Preferred networks. Under network name, we should see the SSID connection. We select it and click on the edit button.
  5. We verify that the connection has Network Name, Wireless Security, User Name, Password, and 802.1X Configuration entered in correctly. We select Ok after verification or modification. Then we select Apply Now to save any changes.
  ---------------------------------------------------------------The Problems---------------------------------------------------------------------
  1. When shutting down the system and then turning it on. The Airport doesn't make a connecation to the SSID being broadcasted automatically. We would have to turn the airport off and back on for it to make an connection.
  2. When the laptop is left idle or goes to sleep, the wireless connection drops. The user would have to turn the airport off and back on to stay connected.
  Is there a fix for this?
  Thank you to anyone that would take time to read this and provide helpful feedback.

  The "v" key at startup is not Safe Mode. Try holding the Shift key down and restart for Safe Mode. This will disable extensions and help it start. It also checks some things out.
  Can you start it up from your Tiger disc? Hold the C key down at startup until you see the Apple.
  Your hard drive may be going kaput. Hope you have a good backup.

• Connecting to WPA/WPA2-Enterprised network

  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Solved!
  Go to Solution.

  idecline wrote:
  hi all,
  i just came to mcgill and was trying to connect to the school network. But it kept saying something like 'authorization failed'. School website has only instructions for BlackBerrys:
  "Select wpa.mcgill.ca * (WPA/WPA2-Enterprise). Fill in the following fields:
  Name: wpa.mcgill.ca *
  SSID: wpa.mcgill.ca *
  Security Type: PEAP
  User Name: McGill Username
  User password: McGill Password
  CA Certificate: Thawte Premium Server CA
  Inner Link Security: EAP-MS-CHAP V2
  Token: None Selected
  Server subject: blank
  Server San: blank                                                                         "
  Help plz
  Try configuring your N97 with these instructions:
  Since your WLAN network seems to require more advanced PEAP authentication settings you should probably create / edit appriate WLAN connection profile, known as (Internet) Access Point, manually in a following manner:
  1. Go to Tools -> Settings -> Connection -> Network Destinations
  2. Check if your earlier failed attempt to connect has already created an non-funtional IAP named as your WLAN network SSID (look for a entry named wpa.mcgill.ca) under "Internet" destination.
  3. If you can see existing IAP named as your WLAN SSID then you can Edit that one with necessary changes. (skip to 7.)
  4. If you don't see any existing IAPs that are named like your WLAN network then go to the desired "Destination" (e.g. Internet) and select Options -> Add Connection Method.
  5. Assuming you are in the coverage area of your WLAN network you can let phone "Automatically check for connection methods" (i.e. phone scans available WLAN networks) and you should be able to select the correct WLAN network name (wpa.mcgill.ca) from the list. Once you have selected the WLAN network your "Internet" Destination should now have been added with a new Access Point (IAP) that is named "wpa.mcgill.ca". Note that at this point the particular connection method is still incorrectly configured for your purposes (since by defaul it has EAP-SIM & EAP-AKA authentication methods enabled).
  6. Now you should manually Edit your newly created wpa.mcgill.ca Internet Access Point with necessary PEAP settings.
  7. Configure following WLAN and authentication settings:
    "Connection name" defaults to name of your WLAN network (wpa.mcgill.ca) but you can also change this if you wish
  - "Data Bearer" naturally needs to be "Wireless LAN"
  - "WLAN network name" should match your WLAN network's name (SSID) exactly (wpa.mcgill.ca)
  - "Network status": Public
  - "WLAN network mode": Infrastructure
  - "WLAN Security mode": WPA/WPA2
   => Go to "WLAN security settings"
  - Ensure that "WPA/WPA2 mode is set to "EAP"
  - Leave "WPA-2 Only mode" to "OFF" unless you are absolutely sure that your WLAN network is configured to stricly pure WPA2 mode (i.e. network might be configured to support both WPA and WPA2 security thus enabling WPA-2 Only mode on the phone will cause all your connection attempts to fail).
   => Go to "EAP plug-in configuration"
  - Enable "EAP-PEAP" and make sure that "EAP-SIM" and "EAP-AKA" are disabled (via Options -> Disable)
   => Select "Configure" for EAP-PEAP authentication method
   - Leave "Personal Certificate" to "Not defined"
  - Select "Thawte Premium Server CA" to be used as an "Authority certificate"
  - Set "User name in use" to "User defined" (since there is no Personal Certificate where it could be read automatically)
  - Enter your username (McGill Username) to "Username" field
  - Set "Realm in use" to "User defined" and leave following "Realm" field empty.
  - Note that in case your username (McGill Username) contains the realm (i.e. format is username@realm ) then you can enter realm part of your ID to "Realm" field and enter only the username part to the "Username" field.
  - Configure "Allow PEAPv0" to Yes
  - Configure both "Allow PEAPv1" and "Allow PEAPv2" to "No"
  => Go to "EAP's" tab to configure inner authentication method for the PEAP (use the small arrow pointing right on top of the screen to move between tabs)
  - Enable "EAP-MSCHAPv2" authentication method and Disable all other methods (Option -> Enable / Disable)
  - Select "Edit" for the EAP-MSCHAPv2
  - Enter you username (McGill Username) to "User name" field
  - Configure "Prompt password" to No or Yes depending on whether you want your password to be prompted everytime you make an connection or if you prefer saving your password to following "Password" field permanenly so that it won't be prompted during everytime you connect to this WLAN network with PEAP/EAP-MSCHAPv2 authentication.
  - If you you selected "No" to password prompting then enter your password (McGill Password) to "Password" field.
  => Exit the configuration with "Back" (several times) and you should hopefully be able to connect with this setup.
  If needed you can also change the priority order of the connection methods (IAP's) within the Internet Destination since your new connection most likely ended up being lowest priority WLAN connection within your Internet destination. This should however not be a problem unless you have some other WLAN networks defined as an IAP and these other WLAN networks are simultaneously available at the location of the wpa.mcgill.ca WLAN network.
  Hope this helps you to get connected!!
  Message Edited by saataja on 17-Sep-2009 05:16 PM

• WiFi WPA2 enterprise

  I’m encountering problem setting up a wifi wpa2 Enterprise on my Iphone 4s. I set it up using Iphone configuration utility and settings are correct. The problem is that the connection don’t works. I’m sure setting are correct because I set it up the same wifi also on the Airbook with Lion and parameter and certificates used for authentication are exactly the same. Any idea on why on the iphon it don’t work?
  Below some the log file.
  Thanks
  andrea
  Jan 11 16:14:18 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
  Jan 11 16:14:20 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jan 11 16:14:20 Scoia-Aifone timed[679] <Notice>: (Note ) CoreTime: Not setting system time to 01/11/2012 15:14:20 from NTP because time is unchanged
  Jan 11 16:14:20 Scoia-Aifone eapolclient[680] <Notice>: en0 START
  Jan 11 16:14:20 Scoia-Aifone timed[679] <Notice>: (Note ) CoreTime: Not setting time zone to Europe/Rome from Location
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANJoinManager::handleAssoc(): status = 2, reason = 0, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:21 Scoia-Aifone wifid[29] <Error>: WiFi:[347987661.158384]: Processing link event UP
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANJoinManager::handleAssoc(): status = 2, reason = 0, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: [14591.399631250]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -73, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 1, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
  Jan 11 16:14:21 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Jan 11 16:14:22 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:24 Scoia-Aifone mDNSResponder[47] <Error>: mDNS_RegisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:F2CB:A1FF:FECB:ED60)
  Jan 11 16:14:26 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:11 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:27 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::checkRealTimeTraffic(): set roam parameters: counters Rx:1204 Tx:22
  Jan 11 16:14:28 Scoia-Aifone eapolclient[680] <Notice>: en0 TLS: authentication failed with status 1
  Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.238433]: Network WIFI3D Both autojoin and user join dates are NULL
  Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.246099]: Processing link event DOWN
  Jan 11 16:14:28 Scoia-Aifone eapolclient[680] <Notice>: en0 STOP
  Jan 11 16:14:28 Scoia-Aifone eapolclient[681] <Notice>: en0 START
  Jan 11 16:14:28 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
  Jan 11 16:14:28 Scoia-Aifone wifid[29] <Error>: WiFi:[347987668.683288]: Processing link event UP
  Jan 11 16:14:28 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:18 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 8, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: [14598.930095541]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 8, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Jan 11 16:14:29 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:31 Scoia-Aifone eapolclient[681] <Notice>: en0 TLS: authentication failed with status 1
  Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.532160]: Network WIFI3D Both autojoin and user join dates are NULL
  Jan 11 16:14:31 Scoia-Aifone eapolclient[681] <Notice>: en0 STOP
  Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.542420]: Processing link event DOWN
  Jan 11 16:14:31 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:18 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:31 Scoia-Aifone eapolclient[682] <Notice>: en0 START
  Jan 11 16:14:31 Scoia-Aifone Preferences[558] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0xde41320:<VPNBundleController: 0xde41320>): _serviceCount(1), serviceCount(1), toggleInRootMenu(1), RootMenuItem(1)
  Jan 11 16:14:31 Scoia-Aifone wifid[29] <Error>: WiFi:[347987671.974798]: Processing link event UP
  Jan 11 16:14:31 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:21 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 11, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setDISASSOCIATE() [wifid]:
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setASSOCIATE() [wifid]:  lowerAuth = AUTHTYPE_OPEN, upperAuth = AUTHTYPE_WPA_8021X, key = CIPHER_NONE    , 802.1X .
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: [14602.222531083]: AppleBCMWLANNetManager::prepareToBringUpLink(): Delaying powersave entry in order to get an IP address
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Joined BSS:     @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -77, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 12, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Up on en0
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: en0: BSSID changed to 00:3a:98:7d:ee:30
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore:startRoamScan(): 2843 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
  Jan 11 16:14:32 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:34 Scoia-Aifone eapolclient[682] <Notice>: en0 TLS: authentication failed with status 1
  Jan 11 16:14:34 Scoia-Aifone wifid[29] <Error>: WiFi:[347987674.708487]: Network WIFI3D Both autojoin and user join dates are NULL
  Jan 11 16:14:34 Scoia-Aifone wifid[29] <Error>: WiFi:[347987674.716635]: Processing link event DOWN
  Jan 11 16:14:34 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:21 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2
  Jan 11 16:14:34 Scoia-Aifone eapolclient[682] <Notice>: en0 STOP
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::handleDeauth(): status = 0, reason = 23, flags = 0x0, authtype = 0, addr = 00:3a:98:7d:ee:30
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLANNetManager::leaveNetworkAsync(): kDeauthdCurrNetwork already set. Skipping call to leaveNetworkASync
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AppleBCMWLAN Left BSS:       @ 0xc0bc4000, BSSID = 00:3a:98:7d:ee:30, rssi = -76, rate = 54 (100%), channel = 6, encryption = 0x4, ap = 1, failures = 0, age = 14, ssid[ 6] = "WIFI3D"
  Jan 11 16:14:35 Scoia-Aifone kernel[0] <Debug>: AirPort: Link Down on en0. Reason 1 (Unspecified).
  Jan 11 16:14:37 Scoia-Aifone mDNSResponder[47] <Error>: DeregisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:F2CB:A1FF:FECB:ED60)
  Jan 11 16:14:39 Scoia-Aifone UserEventAgent[12] <Warning>: Unable to cancel system wake for 2012-01-11 16:14:24 +0100. IOPMCancelScheduledPowerEvent() returned 0xe00002c2

  I did see those screenshots however that settings screen comes from selecting the Configure button next to the Authentication Method in the User Authentication section under Users.  In each of your screenshots, the RADIUS Server ID number is 1 so I would also ensure that I've configured RADIUS Server ID 1 which can only be configured by going to Users -> RADIUS Servers.
  All that said, I did see that your tests succeeded and I also don't understand the point of having RADIUS settings on the other screens and then having RADIUS ID info.  My thinking is that you would be able to configure RADIUS once in the Users -> RADIUS Servers screen and then select the RADIUS Server ID in all the remaining screens without having to enter the RADIUS info over and over again.  It would also think that you could skip the Users -> RADIUS Server screen and enter the RADIUS information over and over again and it should work...just like you set it up originally.  However, based on past experience of programmatic errors, I would recommend configuring the RADIUS Server ID 1 under Users -> RADIUS Servers if you haven't already...just in case. 
  Shawn Eftink
  CCNA/CCDA
  Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

• WPA Enterprise Problem Windows 7;  Macs and iPhones working good

  Dear Apple Discussions,
  I have a strange problem within my corpoarte network. I have successfully setup airport base stations with wpa/wpa2 enterprise authentication against an open directory master on apple snow leopard server. Macs and iPhones can connect through this very easily and without problems. Windows Machines seem to have some trouble with this. I have a self signed certificate and a trusted certificate for the server, both are resulting in the same issues. The Windows clients cannot connect. There is no error message on the windows boxes. Here is a snippet from the logfile on the OSX Server radius.log:
  Thu Aug 19 12:49:45 2010 : Error: TLS Alert read:fatal:unknown CA
  Thu Aug 19 12:49:45 2010 : Error: TLS_accept:failed in SSLv3 read client certificate A
  Thu Aug 19 12:49:45 2010 : Error: rlm_eap: SSL error error:14094418:SSL routines:SSL3READBYTES:tlsv1 alert unknown ca
  Thu Aug 19 12:49:45 2010 : Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.
  This happens everytime and I did not find any possible solution within google search. Do you have any idea?
  Thank you for any help!!
  Nico

  Nico,
  I have run into this problem as well. One additional piece is that in addition to Macs and iPhones, we also have Android phones connecting with no problem.
  The only solution we came up with was to force the windows machine, in this case Vista, to use only our network and eliminate all others. Of course for our windows user that was a problem when he went home because he could not connect to his own home network any longer.
  Unfortunately, that resulted in giving up on the issue for us and forcing the windows guy to plug in via ethernet.
  -Erich

• WPA2 Enterprise connections don't work

  Hi everyone,
  Configuration: MacBook Pro 7,1, 2,4GHz, Mac OS X 10.6.5.
  Three user accounts (one for me, two for friend's backup), two of them have admin rights. I'm using one of these accounts.
  I'm having a strange issue with *WPA2 Enterprise*-based access points, namely, the private one on my university's campus, and the eduroam one. Eduroam is, roughly, a SSID that is available in participating institutions worldwide, and allows connection from personnel registered in any of these institutions without having to ask for a guest access.
  On eduroam, one is supposed to select the eduroam SSID in the list of network available, select "Security: WPA2 Enterprise", and type his institutional email address as a username. "Password" should remain blank for now, and in front of the "802.1X", select "Auto". On clicking the "Connect" button for the first time, a "Check certificate" dialog should appear with three buttons, "Display", "Cancel", "Continue", where one would click "Continue". Finally, a "802.1X authentication" dialog would appear, when a user would put his email address as username, and type in his institutional password to log in. Then, the user would be online without further fuss.
  On my university network, it's even simpler. One should select it, type in the IT login, then the corresponding password, before being allowed to be online.
  On my normal user account, I never get the "Check certificate" dialog for eduroam, an on the uni's network, it never seems to connect. Ultimately, I get the exclamation point over the wireless waves, meaning that the card self-assigned an IP. Then it tries to connect again (the icon is waving), then fails again. No other authentication is affected, and a quick look in the logs doesn't show anything salient.
  On the other user account, the connection to either of these SSID works as written, on the first try.
  So it's no hardware issue.
  I first tried to create a new wireless profile, and recreate the connection. It failed, once again, for both networks.
  So to the Genius Bar I went. Since it's a login issue, we deleted the ~/Library/Keychans/login.keychain item, rebooted. Since the issue couldn't be reproduced in store, he advised me to delete the "session" keychain and reboot if the problem persisted. He asked me if the computer crashed while I was logged in anywhere in the past (before 10.6.5), and yes I said, adding that I let AppleJack do the automated repair. He checked with a colleague, on a tech forum, spent 30 min with me, but came back with the dreaded conclusion that, at least in that store, they ended up doing what he named "partial restore" to correct a similar issue, in contrast to "archive and install".
  Off to the uni I went, and recreating the connection failed again. In the Access Keychain, I then removed the session keychain, with both the references and files (default is reference only), since they referred to passwords I already knew, rebooted, logged in, and tried to connect, to no avail. The other user account still works.
  What else should I try? Ironically enough, I reinstalled OS X more times in two years than I did Windows in eight, and want to avoid the time-consuming step of reinstalling applications, and the very tricky part - ownership issues - of manually importing documents and only selected settings.

  I was chasing a similar authentication issue on OS X ≥ 10.5.8 for quite some weeks. My setup does use MS 2008 Server (AD, NPS, Radius) and SonicWall SonicPoint (multi SSID on VLAN).
  When I started evaluating the different options, I didn't realize such issues But when it came to the final usage guidelines I had serious issue connecting with Mac OS X to the WPA2 Enterprise Network (BlackBerry and iOS was never an issue)!
  I finally did work out, that you can only authenticate once successfully if you use the "Ask to join networks" popup - instead I had to select the network manually from the airport, provide my credentials and select "remember this network"to store the network and it's radius profile! I guess this behavior may have something to do with the credentials stored/reused in/from the keychain for the second login.
  Also, I did notice you have to make sure you quit your system preferences each time you expect a change due to newly stored networks or radius profiles!
  Hope this may help other users to troubleshoot similar issues!

• WPA2 enterprise, Can not authenticate with ACS

  Hi, I am setting up WPA2 enterprise for wireless users with PEAP authentication, but can not get authentication server to authenticate them, and failed reason is generic "EAP-TLS or PEAP authentication failed during SSL handshake"
  The AP I am using is 1240AG running 12.3(8)JA, Radius server is ACS 4.0, I don't have any problem to get dot1x with PEAP authentication working for wired access, and I have almost identical client side configuration for wired and wireless user.
  From ACS's point of view, it should not be aware of any difference between wired and wireless user, but ACS log shows otherwise:
  1)AP is connected to a cat4k switch, I suppose AP should be the authenticator for wireless users, but ACS "failed attempts" log for attempted wireless user shows that the NAS IP is cat4k in stead of AP, why?
  2)I am using the same laptop for both wireless/wired testing, ACS "failed attempts" log shows that for wired user, it correctly interpreted cached domain\login name, but for failed wireless user, the user-name field is totally different, yet debug on AP clearly shows that correct domain\login has been received by AP.
  Debug output on AP is attached, hope experts here can quickly identify the problem.

  Got it working by adding radius server configuration under GUI generated configuration:
  aaa group server radius your-AAA-group-name
  server your-radius-server#1-IPaddress auth-port 1645 acct-port 1646

• Can't change Airport Extreme settings using WPA2 Enterprise

  I have a 4th Gen Airport Extreme Base Station that is running 7.6.1 firmware and I've updated the Airport Utility to 6.0 and OS X Server to 10.7.3
  I use WPA2 Enterprise using the Radius Server set up from the Server admin tools in Lion Server. I am using my CA signed certificate for the server as my server-side cert. I can connect fine to the wireless network with all my idevices and my MacBook Pro, but whenever I use Airport Utility to amend settings of the Base Station e.g. Back to my Mac, I cannot make updates.
  Whenever I click 'Update' I get the following error - 'Invalid value' The value for "Password" is invalid. When I click Review Settings, it takes me to the Shared Secret settings for the connection, but as far as I'm concerned this never needs to be known or changed.
  Any ideas?

  I have the same problem.. Airport utility 6.0 on 4th gen airport extreme and server 10.7.4.
  DNS, Radius and Open Directory.
  Any update on Airport Util results in "'Invalid value' The value for "Password" is invalid"
  Only work around I've found like above is to set network mode to "off" under wireless tab. Update Airport Utility ... then remove/add my base station in Server admin under 'radius' 'base stations' ..
  Really very annoying because what I actually want to change is the WPA/WPA2 to WPA2 ONLY.
  By default when the base station is added in 'server admin' it sets it as WPA/WPA2 and there is no option to change or control this in 'server admin'... so basically I can not change this option.
  I thought maybe that 'invalid' characters (for the airport) where being used by server admin when it generates the 'shared secret' .. so have tried changing to a very simple shared secret in 'airport utility' ... but I still get the same error - "The value for "Password" is invalid"
  I will try downgrading to 5.6 but this really is very annoying especially as its a fault that has been allowed to rollover into 10.7.4 !!!!
  Sort it out Apple!

• IOS 5 can't connect to WPA/WPA2 Enterprise Wireless Network

  After upgrading multiple iPhone 4 (CDMA versions) to IOS 5.0, I have not been able to get them to connect to our WPA/WPA2 Enterprise wirless network.  We use a Cisco Wireless LAN Controller.  The wireless network is capable of doing WPA or WPA2 Enterprise with PEAP.  These phones all connected to this network fine before the upgrade.
  When connecteding to the network, it prompts me for the username and password and when I tap join it sits for about 10-15 seconds then says "Unable to join the network" with a Dismiss button.
  It connects to non-Enterprise networks just fine.  I have tested it on WPA Personal and WPA2 Personal networks and it has worked on several without issue.
  I have tried "forget this network" with no success.
  Is anyone else having this problem?  I know of at least three Verizon iPhone 4's that have this exact same problem.  I haven't seen one working with this configuration yet.

  I have the same problem:
  Cisco WLC's -> WPA2 Enterprise AES + EAP-PEAP 802.1x with CCKM
  Pre 5.0 - all worked fine
  Post 5.0 - it tries to connect and after few moments i get error - couldn't connect.
  Info from controller:
  10/17/2011 12:16:37 CEST           INFO           172.16.16.X           Sending EAP request to client from radius server. 6.f. ..l
  10/17/2011 12:16:38 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
  10/17/2011 12:16:39 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           Authentication failed for client as EAP ID request from AP reached maxmium retransmissions. 5.yp ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           De-authentication sent to client. 5.oP ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           5.yp ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           EAPOL-key is invalid, scheduling client for deletion. 5.yp ..l
  On the Radius server i don't see any activity regarding this device.
  I had this network configured on my iPhone - after upgrade and restore it remembered it. Every time i was in vicinity of my Enterprise WLAN it tried to connect - resulting int express battery drain - 6-7 hrs and battery was empty from 100%

• After IOS 5 upgrading Iphone we set up wireless network each time (WPA2 Enterprise)

  Our company is connecting to wpa2 enterprise.
  when we used IOS 4.XX we could connect wpa2 enterprise
  but after upgrading IOS 5.0, it occured some problem.
  Our staff should change a password per 3 month, at that time we should delete a network
  but SSID set it up again each time and put a userID / Password when we connect wifi
  i read other comment that user sloved problem using iPhone Configuration Utility in apple support communites but it bother our staff.
  is there another sloution?

  Has anyone tried it? I would like to have an answer, I'm trying since Friday and is working properly.