Certificate renewal with WPA2-Enterprise PEAP MS-CHAPv2

Hello
We have a wireless network which is secured with WPA2-Enterprise with PEAP and MS-CHAPv2. The Radius servers (Windows Server 2008r2 with the Radius Feature installed) currently use a public signed certificate. This is about to expire soon and will need to be renewed.
The clients are non-managed and from all variety (OS, wifi-software, ...).
The Wifi is 4400 controller based and managed with the new Prime Infrastructure 1.3.
What is the best way to do the renewal with as little disturbance for the client as possible? The less manual interaction for the end user the better.
Thanks
Patrick                 

Hello Patrick,
As per your query i can suggest you the following steps-
Since the root CA is the most critical CA in the hierarchy, you may prefer to have a strategy here that reduces the need to renew the root certificate often.
The first consideration is choosing the key length of the root's public key and private key pair during setup of the root authority. By using a long key length, which is generally more secure against brute force attack than a shorter key length, you increase the length of time that the CA can use the same private key and have reasonable confidence that it has not been compromised. The second consideration is establishing the validity period of the root certificate itself. In general, you will want to create a root certificate that has a shorter validity period than the estimated lifetime of the key.
For more information you can refer to the link-
http://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx
Hope this will help you.

Similar Messages

  • Can the WAP4410N be setup with WPA2-Enterprise and also be repeater by another WAP4410N?

    I have AP1 setup with WPA2-Enterprise. How would I setup AP2 (WAP4410N) to be a repeater for AP1?

    Hi Alec,
    Thanks for participating in the Small Business Support Community. I've posed your question to our engineers and the short answer is "no".
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    WAP4410N can only repeat or bridge other supported Small Business APs/Routers.
    Thanks again for your participation and, although probably not the answer you wanted, I hope this helps.
    Stephanie Reaves
    Cisco Small Business

  • Macbook Pro Wifi Issues with WPA2 Enterprise key

    I have a MBP 13" mid 2009 model. There is usually no problems connecting to home networks. It remembers the passwords and connected seamlessly. However, I have problems connecting to networks with WPA2 Enterprise settings. I had tried it in NYU and I am trying it at my current school too. It keeps forgetting the WPA2 key from time to time and although I have tried all ways to get it to remember the key it still fails. I have used other MBP from the same time frame and they seem to be working perfectly. Even my iPod touch works perfectly with these WPA2 enterprise networks. Can anyone suggest a workaround?

    The networks do support WPA2. It works perfectly on windows 7 and other MBPs. There it doesn't keep asking the password and stores the password in keychain. But on my MBP it keeps asking me for the password from time to time
    Message was edited by: cooldip

  • Cannot connect to WIFI with WPA2 enterprise security

    I'm currently trying to switch my Wifi from WPA2 Personal to WPA2 Enterprise using a dd-wrt flashed TP-Link router and a Synology Diskstation as the RADIUS server. The diskstation also creates the CA certificate which I can download from there for all client devices.
    Configuration on the side of the router appears to be fine, I've entered all the details for RADIUS authentication and left "WPA Algorithms" at its default setting "TKIP", other options being ("AES" and "TKIP+AES"). I said it appears to be fine because my Android phone connection is established succesfully using the following (default) parameters:
    EAP method: PEAP
    Phase 2 Auth: NONE (also works with MSCHAPV2, and probably other options)
    CA cert: unspecified (didn't download it to smartphone, must be fetched automatically from router I guess)
    User cert: unspecified
    Identity: myDiskstationUsername
    Anonymous Identity: (blank)
    Password: myDiskstationPassword
    So far, so good... I still cannot manage to get a connection from my laptop running Arch. Prefered method would be via "wicd". The best match seems to be the following configuration profile:
    name = PEAP with TKIP/MSCHAPV2
    author = Fralaltro
    version = 1
    require identity *Identity password *Password
    optional ca_cert *Path_to_CA_Cert
    protected password *Password
    ctrl_interface=/var/run/wpa_supplicant
    network={
    ssid="$_ESSID"
    scan_ssid=$_SCAN
    proto=WPA
    key_mgmt=WPA-EAP
    pairwise=TKIP
    group=TKIP
    eap=PEAP
    identity="$_IDENTITY"
    password="$_PASSWORD"
    ca_cert="$_CA_CERT"
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
    But it's not working, both with and without specifing the optional path to the CA certificate. Any ideas what I could've been missing or any clues for debugging?
    Last edited by saciel (2013-11-07 09:55:16)

    Why don't you use netctl?
    I'm using netctl to connect to my FreeRadius Server, and I use this config...
    Description='A wireless connection using a custom network block configuration'
    Interface=wlp0s29f7u3
    Connection=wireless
    Security=wpa-configsection
    IP=static
    Address='192.168.1.200/24'
    Gateway='192.168.1.1'
    DNS=('192.168.1.1')
    WPAConfigSection=(
    'ssid="SSID"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'phase2="auth=MSCHAPV2"'
    'group=CCMP'
    'pairwise=CCMP'
    'identity="user"'
    'password="password"'
    'priority=1'

  • How to connect to AP with WPA2, EAP-PEAP, MSCHAPv2...

    I am trying to connect to the company network, but it always shows "PEAP authentication failed".
    There are only instructions for iPhone and PC.
    security : WPA2-Enterprise
    authority certificate : None
    Security Type : PEAP
    Inner Link Security : EAP-MSCHAPv2
    additionally MAC address filtering.
    The access point I set is as follows:
    network status: public
    wLAN network mode: infrastructure
    security: WPA/WPA2
    WPA2 only mode: off
    EAP plug-in setting: EAP-PEAP enable only
    personal certificate: not defined
    authority certificate: not defined
    user name: user-defined   BLANK
    realm in use: user-defined   BLANK
    allow PEAPv0
    MSCHAPv2
    user name: username
    password: mypassword
    We have domain, but there are no command about domain in iPhone guide. 
    Is there anything wrong of my setting?

    WPA2-Enterprise is not supported on your device.
    ‡Thank you for hitting the Blue/Green Star button‡
    N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

  • Problem wireless connection with WPA2 Enterprise

    Hello,
    I am experiencing an annoying problem while trying to connect at the wireless network at the University, adopting WPA2 Enterprise. After some days of frustration I decided to post a help message here, I hope it's the right section (my problem could be kernel related...). Basically I can't connect to the network, no matter how many times i may try. Other operating systems do not give me the same problem, I can connect without issues thus my card is working properly.
    Summarizing:
    - My card is a BCM4313 (Broadcom), natively supported within the kernel by the module brcmsmac.
    - I tried the module wl as well, with no result.
    - I tried both Arch standard kernel and the LTS one.
    - I am Gnome user, hence I use NetworkManager (never had a problem in the last 2 years at least...)
    - I tried Wicd as well (in the past it was working when NM was failing), with no result.
    - Both MS Windows, Ubuntu and Linux Mint (driver brcmsmac) allow me to connect to the network.
    - The problem occurrs only in case of WPA2 Enterprise, unfortunately this is a "parameter" I cannot change...
    What follows is a portion of NM log file, where I isolated the part related to one connection attempt.
    NetworkManager[305]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0]
    NetworkManager[305]: <info> Activation (eth1/wireless): access point 'MY_SSID' has security, but secrets are required
    NetworkManager[305]: <info> (eth1): device state change: config -> need-auth (reason 'none') [50 60 0]
    NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete.
    NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) scheduled...
    NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) started...
    NetworkManager[305]: <info> (eth1): device state change: need-auth -> prepare (reason 'none') [60 40 0]
    NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) scheduled...
    NetworkManager[305]: <info> Activation (eth1) Stage 1 of 5 (Device Prepare) complete.
    NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) starting...
    NetworkManager[305]: <info> (eth1): device state change: prepare -> config (reason 'none') [40 50 0]
    NetworkManager[305]: <info> Activation (eth1/wireless): connection 'MY_SSID' has security, and secrets exist. No new secret [I can't read after this but it's not relevant...]
    NetworkManager[305]: <info> Config: added 'ssid' value 'MY_SSID'
    NetworkManager[305]: <info> Config: added 'scan_ssid' value '1'
    NetworkManager[305]: <info> Config: added 'key_mgmt' value 'WPA-EAP'
    NetworkManager[305]: <info> Config: added 'password' value '<omitted>'
    NetworkManager[305]: <info> Config: added 'eap' value 'PEAP'
    NetworkManager[305]: <info> Config: added 'fragment_size' value '1300'
    NetworkManager[305]: <info> Config: added 'phase2' value 'auth=MSCHAPV2'
    NetworkManager[305]: <info> Config: added 'ca_path' value '/etc/ssl/certs'
    NetworkManager[305]: <info> Config: added 'ca_path2' value '/etc/ssl/certs'
    NetworkManager[305]: <info> Config: added 'identity' value 'username'
    NetworkManager[305]: <info> Config: added 'bgscan' value 'simple:30:-45:300'
    NetworkManager[305]: <info> Config: added 'proactive_key_caching' value '1'
    NetworkManager[305]: <info> Activation (eth1) Stage 2 of 5 (Device Configure) complete.
    NetworkManager[305]: <info> Config: set interface ap_scan to 1
    NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
    NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> associating
    NetworkManager[305]: <info> (eth1): supplicant interface state: associating -> associated
    NetworkManager[305]: <warn> Connection disconnected (reason -3)
    NetworkManager[305]: <info> (eth1): supplicant interface state: associated -> disconnected
    NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
    NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> associating
    NetworkManager[305]: <info> (eth1): supplicant interface state: associating -> associated
    NetworkManager[305]: <warn> Connection disconnected (reason -3)
    NetworkManager[305]: <info> (eth1): supplicant interface state: associated -> disconnected
    NetworkManager[305]: <info> (eth1): supplicant interface state: disconnected -> scanning
    NetworkManager[305]: <warn> Activation (eth1/wireless): association took too long.
    NetworkManager[305]: <info> (eth1): device state change: config -> need-auth (reason 'none') [50 60 0]
    NetworkManager[305]: <warn> Activation (eth1/wireless): asking for new secrets
    NetworkManager[305]: <warn> Couldn't disconnect supplicant interface: This interface is not connected.
    NetworkManager[305]: <warn> Couldn't disconnect supplicant interface: This interface is not connected.
    NetworkManager[305]: <info> (eth1): supplicant interface state: scanning -> inactive
    NetworkManager[305]: <info> (eth1): disconnecting for new activation request.
    NetworkManager[305]: <info> (eth1): device state change: need-auth -> disconnected (reason 'none') [60 30 0]
    NetworkManager[305]: <info> (eth1): deactivating device (reason 'none') [0]
    As I said before, it may be a kernel related problem, but it seems very strange since I would expect a higher number of users experiencing some troubles.
    As a final note, I've been Arch-dependent since 4 years already and I love it. I can't really imagine to change distribution just for this...but I am stuck at present and I need to work with the laptop, so any help is really appreciated. 
    Thank you
    Last edited by Demind (2013-05-30 12:38:40)

    cfr wrote:Try to connect manually and post the output you get.
    I did what you suggested and I could connect to the network, ergo it was a NetworkManager problem.
    I am migrating to netctl, and I will test it at the university in the next days. I hope it will work.
    Thanks for the hint, I should have done this test in the first place...:(

  • Connecting myRIO to WiFi with WPA2 Enterprise EAP-TTLS

    Hey guys,
    I´m struggling to connect my myRIO to the eduroam wifi on campus. It worked for a time, but now it suddenly just doesn´t.
    The network runs a EAP-TTLS (or PEAP) Authentification, MSCHAPv2 as an inner authentification and a GT UserTrust Global Root certificate. When I first got it working I just set it up in MAX and uploaded the certificate, when that now stopped working I´ve tried just about everything including editing the wpa_supplicant locally on the myRIO. 
    To put it short I´m stumped at this, and the fact that it worked for a while doesn´t help O.o
    Cheers,
     Bjørn

    Hi bjornsol,
    I managed to connect a wireless cDAQ to eduroam by
    Uploading the certificate in MAX 
    Entering the user name and network secret for PEAP, IP adress set to "DHCP or Link Local"
    I can also confirm successfully accessing the device from a eduroam connected computer. Remember to configure a password for your device, it will otherwise be accessible to other eduroam users.
    Ask the IT department at your university for a valid certificate. I downloaded this certificate from the KTH eduroam web page, not sure it will work for you if you are registered at another university.
    If this doesn't work for you, please upload a screenshot from MAX when trying to connect to the network.
    Best regards,
    Robert P-F
    Applications Engineer
    National Instruments Sweden

  • E61i, Acces point config with WPA2, EAP-PEAP and ...

    How can you activate the AES encryption on a Nokia E61i.
    I'm running the 1.0633.62.05 firmware.
    In documentation I've found there is mentioned I need to disable the TKIP encryption but this option is not available
     Select “WLAN security sett.”
    • In “WPA mode” choose EAP
    ● In “TKIP encryption” choose Not allowed (thus enabling AES encryption)
     Disable everything except EAP-PEAP
     Highlight EAP-PEAP
    • Choose “EAP plug-in settings”le
    They mention firmware above 2.xxx but this one is not available
    Any hints ?

    Hey all, It seems I have the same problem!!! I don't know whats the problem. I asked the guys in IT support in my school about this problem and they told me that the phone has to support PEAP-Enterprise in order to be able to connect.. I don't know what does that mean but if anyone guys can help here, it will be soooo respected!! I am using the new firmware ,by the way. TKIP is not exist in the connection settings anywhere!!! and the message is exactly "Unable to Connect. WPA authentication failed" .... help help pleaseeeeeeeeeeeeeeeee

  • Constant disconnecting and reconnecting with WPA2 enterprise wifi. Any available solution?

    I know it can't be the wifi because as recent as yesterday on Mavericks everything was fine. Now after the update it constantly disconnects and reconnects as much as a few times per five minutes! I've read on Reddit other people are having similar problems. Hopefully Apple fixes this soon.

    Looking at the Console.app logs, it seems that the machine decides to bounce between two APs:
    17/10/2014 19:22:07.000 kernel[0]: ARPT: 36912.641537: MacAuthEvent en0   Auth result for: 20:c9:d0:a7:91:9e  MAC AUTH succeeded
    17/10/2014 19:22:11.000 kernel[0]: ARPT: 36915.802654: MacAuthEvent en0   Auth result for: 20:c9:d0:af:a3:54  MAC AUTH succeeded
    17/10/2014 19:22:14.000 kernel[0]: ARPT: 36918.976595: MacAuthEvent en0   Auth result for: 20:c9:d0:a7:91:9e  MAC AUTH succeeded
    17/10/2014 19:22:17.000 kernel[0]: ARPT: 36922.166582: MacAuthEvent en0   Auth result for: 10:9a:dd:87:5b:93  MAC AUTH succeeded
    17/10/2014 19:22:20.000 kernel[0]: ARPT: 36925.323944: MacAuthEvent en0   Auth result for: 10:9a:dd:87:5b:93  MAC AUTH succeeded
    17/10/2014 19:22:20.000 kernel[0]: AirPort: RSN handshake complete on en0
    17/10/2014 19:22:20.000 kernel[0]: wl0: Roamed or switched channel, reason #3, bssid 10:9a:dd:87:5b:93, last RSSI -73
    17/10/2014 19:22:20.000 kernel[0]: en0: BSSID changed to 10:9a:dd:87:5b:93
    17/10/2014 19:22:20.000 kernel[0]: en0::IO80211Interface::postMessage bssid changed
    17/10/2014 19:24:01.000 kernel[0]: ARPT: 37026.789184: MacAuthEvent en0   Auth result for: 20:c9:d0:af:a3:54  MAC AUTH succeeded
    17/10/2014 19:24:05.000 kernel[0]: ARPT: 37029.979376: MacAuthEvent en0   Auth result for: 20:c9:d0:af:a3:54  MAC AUTH succeeded
    17/10/2014 19:24:05.000 kernel[0]: AirPort: RSN handshake complete on en0
    17/10/2014 19:24:05.000 kernel[0]: wl0: Roamed or switched channel, reason #3, bssid 20:c9:d0:af:a3:54, last RSSI -65
    17/10/2014 19:24:05.000 kernel[0]: en0: BSSID changed to 20:c9:d0:af:a3:54
    17/10/2014 19:24:05.000 kernel[0]: en0::IO80211Interface::postMessage bssid changed
    17/10/2014 19:27:06.000 kernel[0]: ARPT: 37210.896826: MacAuthEvent en0   Auth result for: 20:c9:d0:a7:91:9e  MAC AUTH succeeded
    17/10/2014 19:27:09.000 kernel[0]: ARPT: 37214.088570: MacAuthEvent en0   Auth result for: 20:c9:d0:af:a3:54  MAC AUTH succeeded
    17/10/2014 19:27:12.000 kernel[0]: ARPT: 37217.263429: MacAuthEvent en0   Auth result for: 20:c9:d0:a7:91:9e  MAC AUTH succeeded
    17/10/2014 19:27:15.000 kernel[0]: ARPT: 37220.429042: MacAuthEvent en0   Auth result for: 10:9a:dd:87:5b:93  MAC AUTH succeeded
    17/10/2014 19:27:18.000 kernel[0]: ARPT: 37223.509291: MacAuthEvent en0   Auth result for: 10:9a:dd:87:5b:93  MAC AUTH succeeded
    17/10/2014 19:27:18.000 kernel[0]: AirPort: RSN handshake complete on en0
    17/10/2014 19:27:18.000 kernel[0]: wl0: Roamed or switched channel, reason #3, bssid 10:9a:dd:87:5b:93, last RSSI -76
    17/10/2014 19:27:18.000 kernel[0]: en0: BSSID changed to 10:9a:dd:87:5b:93
    17/10/2014 19:27:18.000 kernel[0]: en0::IO80211Interface::postMessage bssid changed

  • WPA2-enterprise WIFI can't connect after upgrading to 6.1 or higher

    Hi. Please help.
    We have a campus wifi with two ssids: one open for everyone and one closed with wpa2-enterprise (PEAP) security for staff. All iphones and ipads works just fine on ios version 6.01 but they can't connect to secured wifi network after updating to ios ver 6.1 and higher (tried 6.1.2). They still able to connect to open wlan ssid. Our WIFI equipment is: Extremenetworks WM3600 controllers and AP4600/AP4511 access points running WM5.4.1. WMM enabled.
    WM3600 controller use Windows2008 r2 NPS server + active directory for authorization (selfsigned certificates is 2048 bit length).
    WM3600 wlan staff configuration settings:
    wlan Staff
    description TOGU staff network
    ssid STAFF
    vlan 238
    bridging-mode tunnel
    encryption-type tkip-ccmp
    authentication-type eap
    no answer-broadcast-probes
    protected-mgmt-frames optional
    radius vlan-assignment
    no motorola-extensions symbol-load-information
    use aaa-policy Domain_aaa
    Here is the log from iphone configuration utility with connection error:
    Feb 20 17:18:00  kernel[0] <Debug>: en0::IO80211Interface::postMessage bssid changed 
    Feb 20 17:18:00  Preferences[132] <Warning>: -[VPNConnectionStore reloadVPN]: The active VPN configuration has changed from  to (null)
    Feb 20 17:18:00  Preferences[132] <Warning>: -[VPNBundleController _vpnConfigurationChanged:] (0x1edbea10:<VPNBundleController: 0x1edbea10>): _serviceCount(0), serviceCount(0), toggleInRootMenu(0), RootMenuItem(1)
    Feb 20 17:18:00  wifid[14] <Error>: WiFi:[383033880.387575]: Failed to associate with STAFF: -3900
    Hope to get any help.

    Yes. We tried to reboot iphone(s), tried also with ipads 6.1. We tried to reset network settings.
    We tried to add wifi profile to clean new iphone using iphone configuration utility.
    Wireless supplier can't help - they told it is an ios issue and I think this is true because all
    ipads/iphones works just fine on  ios5 or 6.0.1 but can't connect on 6.1

  • Can we still use PEAP-MSCHAPV2 for authenticating to a WPA2-Enterprise network?

    L.S,
    For authenticating to a BYOD wireless network a lot of companies use WPA2-Enterprise connected to a Microsoft IAS/NPS server to authenticate against Active Directory. There seems to be a way to intercept this wireless traffic using a roque accesspoint using the same (company) SSID-name and tools like freeradius-WPE and cloudcracker.
    If the BYOD client doesn't check the certificate provided by the fake radius server, the MSCHAPv2-negotiation can be discovered and the hacker will get the username AND hashed password which can be lookup'd by rainbow tables sites like cloudcracker.
    Is there still a safe way to deploy AD-authentication to BYOD clients?
    Kind Regards,
    Arjen

    I have tested the WPA2-enterprise/PEAP-MSCHAPv2 exploit this week placing a laptop in my car on the company parking lot with a Kali image, using hostap and freeradius-wpe configured with the company SSID. It was very easy to find out the mschapv2 challenge/responses of a number of android/windows phones that there just walking past my car. Also iPhone has a bad WPA2-enterprise implementation (see: http://research.edm.uhasselt.be/~bbonne/docs/robyns14wpa2enterprise.pdf), so bye bye WPA2-enterprise/PEAP-MSCHAPv2.
    Wonder what other (large) companies are using for their BYOD wireless networks! EAP-TLS using certificate sounds like the only feasible option, however, we are afraid that the enrolment of certificates to the BYOD-clients will be a total disaster. I heard stories that some android phones lose their client certificate after a reboot :(

  • Installation of certificates for WPA2-Enterprise?

    Can someone please tell me where I can find the instructions on how to install certificates required for WPA2-Enterprise WLAN support?
    Thanks.
    --Philip

    Hi,
    I dont know what yo want but first you must install library for ASMlib
    there is link to libraries
    http://www.oracle.com/technology/software/tech/linux/asmlib/rhel5.html
    Regards,
    Tom
    http://oracledba.cz

  • WPA2 Enterprise connections don't work

    Hi everyone,
    Configuration: MacBook Pro 7,1, 2,4GHz, Mac OS X 10.6.5.
    Three user accounts (one for me, two for friend's backup), two of them have admin rights. I'm using one of these accounts.
    I'm having a strange issue with *WPA2 Enterprise*-based access points, namely, the private one on my university's campus, and the eduroam one. Eduroam is, roughly, a SSID that is available in participating institutions worldwide, and allows connection from personnel registered in any of these institutions without having to ask for a guest access.
    On eduroam, one is supposed to select the eduroam SSID in the list of network available, select "Security: WPA2 Enterprise", and type his institutional email address as a username. "Password" should remain blank for now, and in front of the "802.1X", select "Auto". On clicking the "Connect" button for the first time, a "Check certificate" dialog should appear with three buttons, "Display", "Cancel", "Continue", where one would click "Continue". Finally, a "802.1X authentication" dialog would appear, when a user would put his email address as username, and type in his institutional password to log in. Then, the user would be online without further fuss.
    On my university network, it's even simpler. One should select it, type in the IT login, then the corresponding password, before being allowed to be online.
    On my normal user account, I never get the "Check certificate" dialog for eduroam, an on the uni's network, it never seems to connect. Ultimately, I get the exclamation point over the wireless waves, meaning that the card self-assigned an IP. Then it tries to connect again (the icon is waving), then fails again. No other authentication is affected, and a quick look in the logs doesn't show anything salient.
    On the other user account, the connection to either of these SSID works as written, on the first try.
    So it's no hardware issue.
    I first tried to create a new wireless profile, and recreate the connection. It failed, once again, for both networks.
    So to the Genius Bar I went. Since it's a login issue, we deleted the ~/Library/Keychans/login.keychain item, rebooted. Since the issue couldn't be reproduced in store, he advised me to delete the "session" keychain and reboot if the problem persisted. He asked me if the computer crashed while I was logged in anywhere in the past (before 10.6.5), and yes I said, adding that I let AppleJack do the automated repair. He checked with a colleague, on a tech forum, spent 30 min with me, but came back with the dreaded conclusion that, at least in that store, they ended up doing what he named "partial restore" to correct a similar issue, in contrast to "archive and install".
    Off to the uni I went, and recreating the connection failed again. In the Access Keychain, I then removed the session keychain, with both the references and files (default is reference only), since they referred to passwords I already knew, rebooted, logged in, and tried to connect, to no avail. The other user account still works.
    What else should I try? Ironically enough, I reinstalled OS X more times in two years than I did Windows in eight, and want to avoid the time-consuming step of reinstalling applications, and the very tricky part - ownership issues - of manually importing documents and only selected settings.

    I was chasing a similar authentication issue on OS X ≥ 10.5.8 for quite some weeks. My setup does use MS 2008 Server (AD, NPS, Radius) and SonicWall SonicPoint (multi SSID on VLAN).
    When I started evaluating the different options, I didn't realize such issues But when it came to the final usage guidelines I had serious issue connecting with Mac OS X to the WPA2 Enterprise Network (BlackBerry and iOS was never an issue)!
    I finally did work out, that you can only authenticate once successfully if you use the "Ask to join networks" popup - instead I had to select the network manually from the airport, provide my credentials and select "remember this network"to store the network and it's radius profile! I guess this behavior may have something to do with the credentials stored/reused in/from the keychain for the second login.
    Also, I did notice you have to make sure you quit your system preferences each time you expect a change due to newly stored networks or radius profiles!
    Hope this may help other users to troubleshoot similar issues!

  • WPA2-enterprise security question

    I will be attending ETSU (East TN State U) as a graduate student this fall. I have purchased a new iPad 3G and want to use it on the campus network. I have read that on some campuses there have been problems with the wireless iPads working on university networks. Will I have a problem using mine at ETSU?  
    I bought the Wi-Fi and 3G version just in case, but would prefer to use it as a wi-fi only device.  
    I emailed the OIT dept on campus and they said that they might be able to connect the iPad to the wireless, but they can not promise me that it will work.  They tell me to check my iPad to make sure that it comes with WPA2-enterprise security. 
    What is WPA2-enterprise security and does my iPad have this? Will I be able to use it on campus come August?
    Any advice would be helpful.

    Alec Edworthy wrote:
    The issue has been with DHCP and the iPad not renewing its lease when it should do. This has lead some sites to ban (through rule or a technological means) some or all iPads. The solution is to turn wireless off and on again or do not allow the screen to turn off. You can find more information at,
    http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-lease- keeps-using-IP-address.html
    Apple should be fixing this in an update in the future.
    Alec
    Unfortunately, DHCP or Princeton issues have absolutely nothing to do with the question the OP is asking. FYI, no university has banned the iPad from their network.
    As has already been stated by rutiger the iPad should work with WPA2 Enterprise.
    For more on iPad and WPA2 Enterprise security see: http://www.apple.com/ipad/business/pdf/iPadSecurityOverview.pdf

  • Want to configure wpa2 enterprise in wlc 2106

    Hi,
    I want to configure the wlc 2106 with wpa2 enterprise .... i reckon that iI need ACS server ( Radius Server ) with server certificate as well client certificate.
    how do i configure the redius server to get access through wpa2 enterprise .. If i am wrong , what are all things required to enable wpa2 enterprise with AES encryption .
    Is it possible to get the evalution copy of acs server with certificate ?
    how to go ahead for the same .
    It would be great help me to get the proper answer  for configuration of wpa2 enterprise with AES ...

    The below link may help you..
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a008095382f.shtml
    Regards
    Surendra

Maybe you are looking for