E6 EAP-PEAP MSCHAPv2 authority certificate

Similar Messages

• 802.1x EAP PEAP MSCHAPv2 on Windows 7 Client.

  I have problems autenticate a w7 client at our Enterprice WiFi network. XP, Apple clients and all SmartPhones works fine...  We use Radius assigned Vlans based on username and ream routed on our Meru Network to Navis radius as centralied point of
  autentication. Navis proxes client autenticatinon recuest to the customers Radiuses based on the realm.
  Windows 7 32 client use the radius CA (installed and ticked) and EAP PEAP MSCHAPv2 in the SSID settings. The customer radius is an Freeradius. In autentication logs we se that the client sends the Maschinename, eg. Machine-x200/username@realm
  even we in the client settings, under SSID Propirties, Security, MS Protected EAP(PEAP), Settings and EAP-MSCAPv2 Configuration, have removed tick on the default setting:
  Use Autom. Windows-username... AND under Security Advanced (back one step), in the 802.1X Settings, choose User autentication only! (not user and maschine, mascine only or guest) and we have saved corectly username@reame =(username here) and password...
  in the username password Setting.
  Is it possible edit or change the way the client PC is sett up to prevent this?
  Is there any way make a policy setting? or is there other solutions?
  I have teste te Cisco: PEAP option too, but stil noe autenticatoin from Radius
  Thanks

  Hi,
  As I know, this goal cannot be achieved.
  Reference:
  Use the 802.1X Wizard to Configure NPS Network Policies
  For authentication using Extensible Authentication Protocol – Transport Layer Security (EAP-TLS), select
  Microsoft: Smart Card or other certificate, click
  Configure, click
  OK, and then click
  Next.
  For authentication using Protected Extensible Authentication Protocol – Transport Layer Security (PEAP-TLS), select
  Microsoft: Protected EAP (PEAP). In
  Eap Types, click
  Add, click
  Smart Card or other certificate, click the
  Move Up button to position a smart card or other certificate at the top of the list, click
  OK, and then click
  Next.
  For secure password authentication using Protected Extensible Authentication Protocol – Microsoft Challenge Handshake Authentication Protocol
  version 2 (PEAP-MS-CHAP v2), select Microsoft: Protected EAP (PEAP). In
  Eap Types, click
  Add, click
  Secured password (EPA-MSCHAP v2), click the
  Move Up button to position the secured password authentication type at the top of the list, click
  OK, and then click
  Next.
  Regards,
  Sabrina
  TechNet Subscriber Support
  in forum.
  If you have any feedback on our support, please contact
  [email protected]
  This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
  This can be beneficial to other community members reading the thread.

• How to connect to AP with WPA2, EAP-PEAP, MSCHAPv2...

  I am trying to connect to the company network, but it always shows "PEAP authentication failed".
  There are only instructions for iPhone and PC.
  security : WPA2-Enterprise
  authority certificate : None
  Security Type : PEAP
  Inner Link Security : EAP-MSCHAPv2
  additionally MAC address filtering.
  The access point I set is as follows:
  network status: public
  wLAN network mode: infrastructure
  security: WPA/WPA2
  WPA2 only mode: off
  EAP plug-in setting: EAP-PEAP enable only
  personal certificate: not defined
  authority certificate: not defined
  user name: user-defined   BLANK
  realm in use: user-defined   BLANK
  allow PEAPv0
  MSCHAPv2
  user name: username
  password: mypassword
  We have domain, but there are no command about domain in iPhone guide. 
  Is there anything wrong of my setting?

  WPA2-Enterprise is not supported on your device.
  ‡Thank you for hitting the Blue/Green Star button‡
  N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009

• Nokia N95 8G can't connect to EAP-PEAP MSCHAPv2 Ne...

  HELP HELP HELP!! I have a problem getting my Nokia N95 8G connect to my LSU wireless network,,, Here my network sittings, I tried many possible configurations but, unfortunately, I didn't make it!!!
  ESSID (Network Name): lsusecure
  Network Type: Infrastructure (or Access Point)
  TCP/IP: DHCP
  EAP Type: PEAP
  Network Authentication: WPA (WPA-enterprise)
  Data Encryption: TKIP
  Authentication Method/Protocol: MSCHAP-V2
  Inner EAP Type: EAP-MSCHAPv2
  servers name: acs-wlan.net.lsu.edu;acs-wlan.lsu.edu
  Certification Authorities: GTE CyberTrust Global Root
  username: whatever
  password: urwhatever
  for more settings if needed check this link:
  http://grok.lsu.edu/Article.aspx?articleId=1465
  another think might help, is the certificate for some linux machines, the file is attached(the file name is acs-wlan-cert-chain without extension)...
  I hope some of you can make this, I am really need it. Thanks to everybody will help
  Attachments:
  acs-wlan-cert-chain.txt ‏2 KB

  We have a similar setup at my university in the UK, and by extension many of the sites in the EDUROAM network. The local staff have been working hard at this for a couple of years, but as far as we can tell, Nokia's implimentation just will not work in this scenario under any circumstances. You're going to have to wait until Nokia properly supports this kind of authentication. Our own techs are going to start annoying Nokia about it as soon as they finish this year's wave of wi-fi installations.
  Help I'm trapped in a sig factory.

• Wireless WPA2-Enterprise + 802.1x (EAP-PEAP/MSCHAPv2) config

  Hello,
  We're in the process of moving all of our wireless from WPA-PSK to WPA2-Enterprise with 802.1x EAP-MSCHAPv2 (PEAP). All workstations are Windows 7 with the 2SP3 IR2 client. What we'd like is for the 802.1x SSO functionality to work so users do not have to sign in computer only first and then use the novell login after connecting. I've followed the documentation for enabling 802.1x that Novell provides with no success. I'm hoping someone has done this or can point me in the direction of documentation that can use to better understand what configuration is needed to make this work.

  Originally Posted by djaquays
  I haven't had a chance to play with this yet on IR8, but I'd be curious of your steps to get this working.
  I'm not sure why FreeRadius would make any difference vs ClearPass.. they both speak RADIUS.
  This is the only documentation I can find from Novell: https://www.novell.com/documentation...a/b8jn9w6.html
  It's a couple of years since I did this so my memory is a bit vague... :(
  Did you install the peap plugin on the workstation, if I remeber correctly this was needed?
  http://support.arubanetworks.com/TOO...4/Default.aspx
  Thomas

• EAP-PEAP on N80 ?

  Hi,
  Are there ANYBODY, who has this working on N80 latest fw ?
  I simply can not get this to work.
  Its the same as with LEAP: I get user auth ok, but doesnt receive any IP, and static IP on phone doesnt work eighter.
  I would like to hear if you personally have EAPPEAP/MSCHAPv2 running on N80's ?
  And if yes, what settings you run ?

  I have a new N80 (firmware version 4.0623.0.42 RM-92,
  not IE edition) and have successfully used it with
  EAP-PEAP and EAP-MSCHAPv2 on our University network.
  I have the following settings:
  Connection Name: Whatever you like
  Data Bearer: Wireless LAN
  WLAN netw. name: your network ssid
  Network Status: public
  WLAN network mode: Infrastructure
  WLAN security mode: WPA/WPA2
  WLAN security settings =>
  WPA mode: EAP
  TKIP encryption: allowed
  EAP plug-in settings =>
  EAP-PEAP selected and first. All others disabled.
  EAP-PEAP configure =>
  User Certificate: not defined
  CA Certificate: Thawte Premium Server CA
  User Name in Use: from Certificate
  User Name: empty
  Realm in Use: from Certificate
  Realm: Empty
  Allow PEAPv0: yes
  Allow PEAPv1: yes
  Allow PEAPv2: yes
  EAP-types: =>
  EAP-MSCHAPv2 selected and first. All others disabled.
  EAP-MSCHAPv2 configure: =>
  User Name: Your user name
  Prompt Password: Your choice
  Password: Your password
  Ciphers:
  RSA,3DES,SHA selected and first. All other selected.
  I have also successfully used WEP shared key with
  MAC filtering on my home network.
  home network

• Nokia Belle - EAP-PEAP authentication without Cert...

  Its time for my half yearly bickering about the still non-support for EAP-PEAP authentication without server Certificates on Symbian Phone.
  Here is my last thread begging for help from Nokia when Anna was released.
  /t5/Software-Updates/EAP-PEAP-Authentication-without-Certificate-Is-it-fixed-in/td-p/1072133
  My question remain the same.Does the new Nokia Belle support EAP-PEAP authentication without the requirement that a server certificate be present.
  I have been living a life of ridicule and becomes an object of jokes and punchlines in office when it comes to the Phone that I carry. Lot of people now don't even know that there is company called Nokia. And when I tell them about it that say "Are you the guy carrying the phone that does not connect to our corporate network?".
  If you read that earlier thread you know that none of the exotic workaround that some have been able to do, does not work with my office as our network administration has not installed any server certificate whatsoever on the access point.
  I am fed of hearing from Nokia techs that this is supposed to be the secure and right way of doing things. When every other device, every smartphone, tablet, laptop supports this way of connecting to a EAP-PEAP access point why does Nokia has to keep this stance?
  Nokia has kept everything open on the Nokia N8, it has everything that a anyone can ask for in a smartphone, so why is Nokia so adamant on this small matter of not requiring a server certificate?
  Now that the WP7 line of Lumia devices are in the market can someone tell me if the problem exists on those phones too. I wont be surprised if this restriction is still there.
  With Nokia going downhill so fast it does not help with this kind of attitude towards diehard Nokia followers.
  Can someone from Nokia tech say once and for all if I can ever expect this thing to be fixed?
  raman

  ramany wrote:
  What should be an appropriate title for this thread. There was an older thread for the same that i started six months back when Anna was released. So i this expecting something to happen with Belle.
  If nothing happens I will probably start a new one when future updates to Symbian in Clara. Donna, Emma, Florina, Georgia, Hanna, Isabelle, Jenna, Kate, Linda, Marie, Nancy, Olivia, Patty, Quinn, Rita, Sabina, Terry, Uma, Vega, Wyome, Xandra, Yetta and Zoe are released.
  I hope Symbian (Nokia) lasts that long, but the support of this comes in Belle.
  I see no jokes yet...common guys.isn't anyone subjected to jokes because of this.
  At least give me some so i can feed more to the one going around.
  Well, I believe the example of EAP-TTLS + PAP authentication isn't 'without certificates'... it does use certificates, but EAP-TTLS + PAP just doesn't happen to be a supported authentication method with recent Symbian phones.
  I'm not any sort of wireless authentication guru, but there's probably a better, more precise description of the authentication support (probably a few methods) that's currently missing in Symbian.
  And a couple more details for some wireless authentication methods... I believe Windows users typically have to grab a third-party 'securew2' utility to support some of the more robust (read better, more secure) authentication methods for some networks.
  I think one of the more valid arguments for EAP-TTLS + PAP in general, is that I believe it may be part of the 'Eduroam' standard, although MSCHAPv2 may also be substituted for PAP, IIRC... but again, I'm not a wireless authentication guru.
  In any case, if well-known, widely-implemented (or soon to be implemented, for good reason) authentication methods aren't supported in Symbian, it just makes Symbian just looks a bit ridiculous and irrelevant.
  Your previous thread was quite good, and it may make sense to keep bumping that thread for updates periodically. I noticed that someone mentioned an MSCHAPv2 scenario in that thread, but again... that's not actually helpful for resolving EAP-TTLS + PAP support, and I think that there's probably a concise way to describe the current 'missing authentication methods support' in Symbian.
  It continues to baffle me how Nokia seems to have such a quiet, secretive presence on these forums, when I think it would make much more sense to publicly acknowledge relevant threads/discussions, and make a statement about planned fixes, updates, etc... rather than just have people wonder if/when Nokia is paying any attention to the discussions here.

• WIFI: EAP-PEAP

  Hi everybody,
  I'm in a US university and i'm trying to set up my E65 to connect to their wireless network in order to contact my family in belgium through VOIP. unfortunately, I'm unable to connect to the network. Can someone please help me out?
  This is a screenshot of how my computer is configured (sorry it's in french):
  http://img57.imageshack.us/img57/8995/wlanbl8.jpg
  After that I have to put my username and password and i have to leave the domain field blank.
  this is the configuration on my E65:
  Connection Name: msu1x
  Data Bearer: Wireless LAN
  WLAN netw. name: msu1x
  Network Status: hidden
  WLAN network mode: Infrastructure
  WLAN security mode: WPA/WPA2
  WLAN security settings =>
  WPA/WPA2: EAP
  WPA2 only: disabled
  EAP plug-in settings =>
  EAP-PEAP selected and first. All others disabled.
  EAP-PEAP configure =>
  User Certificate: not defined
  CA Certificate: none
  User Name in Use: User-configured
  User Name: my_user_name
  Realm in Use: User-configured
  Realm: Empty
  Allow PEAPv0: yes
  Allow PEAPv1: yes
  Allow PEAPv2: yes
  EAP-types: =>
  EAP-MSCHAPv2 selected and first. All others disabled.
  EAP-MSCHAPv2 configure: =>
  User Name: my_user_name
  Prompt Password: no
  Password: my_user_name
  Ciphers:
  RSA,3DES,SHA selected and first. All other selected.
  I'm really sad because I wanted this phone to use VOIP and now I can't use it...
  I'd really appreciate if any of you could help me out !
  Thanks in advance

  I used these setting a while back on several model:
  /discussions/board/message?board.id=connectivity&message.id=6472&query.id=153958#M6472
  WLAN security mode: 802.1X
  WLAN security settings:
  WPA mode: EAP
  EAP plug-in settings: EAP-PEAP (only one checked, top of the priority list)
  EAP-PEAP->Options->Configure:
  [General] tab
  User Certificate: (not defined)
  CA certificate: (Cisco ACS CA)
  User name in use: From Certificate
  User name: (Blank)
  Realm in use: From Certificate
  Realm: (Blank)
  Allow PEAPv0: Yes
  Allow PEAPv1: No
  Allow PEAPv2: No
  [EAP] tab
  EAP-MSCHAPv2 (only one checked, top of priority list)
  TKIP encryption: disabled (not displayed)
  EAP-MSCHAPv2 ConfigurationUsername: (AD Domain name)\(Username)
  Prompt password: No
  Password: (domain password)
  [Encryption] tab
  (All algorithms are checked)
  Remember to choose hidden in network status, if you have hidden SSID !
  Also I use DHCP and a web-proxy.
  You may wonder why there is notthing in username and realm, but this is since PEAP doesnt verify the certificate, hence you do not need any.
  Allthough must of my other tests I did have user name and domain, but this failed ! Wierd.
  A note: When I installed the ACS CA Certificate I shoose Internet=Yes and Cer-control online = No
  (Find this under tools-security-Certificate control - choose the Cert and choose "trust settings"
  Anyway the above settings works.
  So the E60,E61,E70 and N80 works with LEAP and PEAP !!

• Nokia E51 with 802.1x / EAP-PEAP & EAP-MSCHAPv2 pr...

  Hello,
  I'm trying to connect my phone to a Wireless AP (Cisco AP1130) using 802.1x, EPA-PEAP & EAP-MSCHAPv2 authentication.
  The RADIUS SERVER is M$ IAS.
  Authentication is working with a laptop, but it is not with my phone
  The only difference during the authentication process on the AP is that during Phase 1 my laptop is sending REALM\Username while my phone is sending Username@REALM.
  Does somebody know what should I change in my phone's configuration to make it work ?
  Thanks,
  Ceux qui aiment marcher en rangs sur une musique :
  ce ne peut être que par erreur qu'ils ont reçu un cerveau,
  une moelle épinière leur suffirait amplement. -- Albert Einstein

  Hi,
  Sorry for the late answer since I was "out of the office" for a while
  So here is the process to get the certificate.
  Log in to you IAS Server.
  Open the IAS Service Application.
  Go to "Remote Access Policies".
  Choose the policy that apply to "Wireless Connection"
  Click "Edit Profile" button.
  Choose "Authentication" Tab.
  Click "EAP Methods"
  Choose "Protected EAP (PEAP)" Entry & click "Edit" Button.
  The Next Window will show you the Certificate Issuer Name & Expiration Date.
  Then, click "Start" Button.
  Choose "Run".
  Type "mmc" in the "Run" box.
  Click "File" & Choose "Add/Remove Snap-In".
  Click "Add" Button.
  Choose "Certificates" entry, click "Add" Button & Choose "My User Account" in the "Certificates Snap-In" Window & click Finnish.
  Click "Close" & "OK" Button.
  Expand the "Certificates - Current User" Entry" & "Intermediate Certification Authorities" & Select "Certificate".
  The left window will show you a list of certificate. One of them should have the same name as the one in the "Certificate Issuer" Entry of the IAS Service Application.
  "Right click" on the certificate, choose "All Tasks", the "Export".
  In the new window, click "Next" Button.
  Choose "DER Encoded Binary X.509 (.cer) entry & click "Next" Button.
  Choose a suitable location.
  Click "Next" Button & "Finnish" Button.
  Certificate is now exported.
  You have to install it on your Phone now.
  The most simple way is to copy the certicate on a Web Server and access it with your phone.
  Hope that Help, if you did not already succeed.
  Ceux qui aiment marcher en rangs sur une musique :
  ce ne peut être que par erreur qu'ils ont reçu un cerveau,
  une moelle épinière leur suffirait amplement. -- Albert Einstein

• IBNS with two groups of XP Machines, one PEAP-MSCHAPv2 & one EAP-TLS

  Hello,
  I'm planning to implement a IBNS network. We have two groups of XP Machines. One group has machine certs and we're planning to check their certs using EAP-TLS. The second group of machines is managed by other departments, each having their own Active Directory, and configured with PEAP-MSCHAPv2. I'm not very familiar with this kind of setup, so hints are highly appreciated.
  1. Can I assume that, when properly configured, we can differentiate the authorizations per group (for exemple, at least two VLANs one for group 1 and another one for group 2 - I must at least seggregate the users per group and can't mix them in the same environment, since they belong two different departments).
  2. For the first group, no big issue. I can check against my central AD. For the users of the second group, since they can come from different departments, each having its own AD, can I differentiate them, by any means, to know which AD I'll have to query? Or do I have to query only one single AD? Is it required that all the users of group 2 belong to the same domain?
  Thanks in advance for your help.

  Hello,
  I'm planning to implement a IBNS network. We have two groups of XP Machines. One group has machine certs and we're planning to check their certs using EAP-TLS. The second group of machines is managed by other departments, each having their own Active Directory, and configured with PEAP-MSCHAPv2. I'm not very familiar with this kind of setup, so hints are highly appreciated.
  1. Can I assume that, when properly configured, we can differentiate the authorizations per group (for exemple, at least two VLANs one for group 1 and another one for group 2 - I must at least seggregate the users per group and can't mix them in the same environment, since they belong two different departments).
  2. For the first group, no big issue. I can check against my central AD. For the users of the second group, since they can come from different departments, each having its own AD, can I differentiate them, by any means, to know which AD I'll have to query? Or do I have to query only one single AD? Is it required that all the users of group 2 belong to the same domain?
  Thanks in advance for your help.

• EAP-PEAP Certificate Handling

  Hi All, for evaluytion purposes i played with EAP-PEAP. Is there a way to check if an SSL Tunnel is established between the Supplicant and the Authentication Server? What does PEAP do if the Radius Server Certificate is not locally installed? I wonder, but it seems to work without it... Regards, Michael

  There is an option in the Microsoft Supplicant to ignore the RADIUS Servers certificate - Wireless Network Properties, Authentication, PEAP Properties, Validate Server Certificate checkbox. I am not sure what the default is but this is what you are looking for.
  Andy

• Installing certificate on WLS 2106 for EAP-PEAP

  HI,
  I'm trying to install a certificate on a 2106 to use EAP-PEAP. I don't want to use the built in cert as I suspect the 2048 key size is causing iPhone/iPad devices to fail to authenticate.
  I've tried to install a seld signed cert as the vendor CA cert under security/advanced, however the cert installs but I get no prompt for the cert on clients, and also EAP-PEAP no longer works.
  What are the basic steps/type of cert(s) I need to install?
  Thanks,
  SImon

  Simon,
       You need to create a certificate package in order to install a certificate in a WLC,
  Try following this link for the basic steps and adapt them as necessary for your certificate and see if that helps
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  Also I believe the key size needs to be 2048 but I could be wrong.
  HTH

• 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication

  I am a network administrator at seven schools, and a few of these schools are now using 802.1x EAP-PEAPv0 (MSCHAPV2) with computer authentication  only, for wireless security. 
  We are a mixture of 2008 and 2003 (Windows Domain) servers running IAS or NPS for RADIUS.  
  I push out the wireless client’s setting via group policy, and the clients are using WZC. 
  Every now and then, a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. 
  To fix this I have to hard wire the computer and do a gpupdate, even though the computer already had the updates applied previously, and is still part of the domain. 
  Many of our classrooms lack network drops, so wireless is the best for us. 
  Except for this one downfall, it is working great. Any help is appreciated.

  Hi Ryan,
  Thanks for posting here.
  Could you discuss the situation that you mentioned “a client will be unable to authenticate/validate during the authentication phase. 
  Some clients this will never happen to and a few it will happen repeatedly. ”
    in detail ? Can you verify if there is any error or warring that relate with this authentication issue recorded in event log on client and radius server ?
  Only certain computers are facing this issue or all?
  What’s OS running on these client computers?
  According the situation right now , I’d like to share some suggections with you:
  1. An 802.1x client may fail to connect to an Radius server if the Trusted Root CA certificate that issued the Radius server certificate is not installed on
  the client computer. Either verify that the trusted root authority is installed on the client computer or disable certificate validation on the client. To disable certificate validation, access the properties of the connection, and on the Authentication tab,
  click Properties. Click to clear the Validate server certificate check box. EAP-TLS requires the installation of a computer certificate on each RADIUS server and a computer or user certificate, or smart card on all clients. PEAP-MS-CHAPv2 requires the installation
  of a computer certificate on each RADIUS server and the root CA certificates of the issuing CAs of the RADIUS server certificate on each of the client computers.
  2. Verify that Radius is configured for the logging of rejected authentication attempts to the event log. Try the connection again, and then check the system
  event log for an IAS event for the failed connection attempt. Use the information in the log to determine the reason the connection attempt was either rejected or discarded. Logging options are configured on the General tab of the Radius server Properties
  dialog.
  3. Any rejected or discarded connection attempt recorded should identify the Connection Request Policy used. A RADIUS request message is processed only if the
  settings of the incoming RADIUS request message match at least one of the connection request policies. Examine the conditions of the policy identified to see where the request fails.
  4. Determine from the IAS system event log entries whether the authentication failure is for computer auth, user auth, or both. By default, Windows performs
  an 802.1x authentication with computer credentials before displaying the Windows logon screen. Another authentication with user credentials is performed after the user has logged on, and if this fails the machine will be disconnected from the network. Similarly,
  if computer authentication fails but user auth is successful, symptoms will include failure to process login scripts or apply group policies and machine password expiration will not be updated since the user will only be able to logon with cached credentials.
  If you use a smart card for authentication, you can only perform user authentication because smart card usage requires manual entry of a personal identification number (PIN). There is no way to provide the PIN to unlock the smart card certificate during computer
  authentication.
  5. Examine the wireless trace logs captured and search for keywords error, failed, failure, or rejected. This should give an indication as to what point in the
  authentication process the failure occurs.
  Meanwhile, I ‘d like suggest you may start troubleshooting with following the guides below and see if it will help:
  Windows Server 2003 Wireless Troubleshooting
  http://technet.microsoft.com/en-us/library/cc773359(WS.10).aspx
  Troubleshooting Windows Vista 802.11 Wireless Connections
  http://technet.microsoft.com/en-us/library/cc766215(WS.10).aspx
  Thanks.
  Tiger Li
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Random computers running Windows XP have this problem.  It does not happen to all of them at once. 
  It is very random.  A computer that has been connecting to the secure network for weeks will all of a sudden not be able to connect. The message is “attempting to authenticate” and it never makes the connection. 
  I checked if logging is turned on and I can see successful events from computers that are working. 
  I can also see failed events from computers that are not ours that tried to connect to our wireless. 
  However for the computers that are having this problem there are no logged events. 
  It is as if they don’t even communicate with the server. 
  Other clients on the same AP are working fine.  I rebooted the IAS service, and RADIUS clients, but this did not help. 
  I also checked all the settings and they are correct, using PEAP, and validating the server certificate is disabled. 
  I did notice that the firewall is also turned on through group policy when the domain is not available.
     Do you think the firewall is blocking the communication? 
  I added an exception to port 1812 UDP and this did not make a difference.

• N8 - It can't connect on EAP-PEAP network! Help!

  I went to IT department of my University hoping they could give me the right certificate and the right configurations, they did so, then I installed that but I still can't connect! I have searched around the other topics, and the solution was basically on getting the right certificate and changing some configs. Any suggestions?
  Here are my configs:
  Wi-Fi Security Mode: 802.1x
  WPA/WPA2: EAP
  EAP Plugin settings: Just EAP-PEAP enabled, others are disabled.
  Personal Certificate: Not Defined
  Authority Certificate: Unoesc (http://www.unoesc.edu.br/funoesc.crt)
  Username in use: 164334
  Real in Use: User Defined
  Realm: unoesc
  TLS privacy: off
  Allow PEAPv0: Yes
  Allow PEAPv1: No
  Allow PEAPv2: No

  I forgot to mention that only EAP-MSCHAPv2 is enabled, with my username that is "164334" and my password.

• E63: WLAN; EAP (PEAP) settings.

  I am a student at UCT. They use a WLAN, with a WPA security mode. The EAP settings i have tried are not working and neither I nor the computer guy could figure it out.
  The WLAN settings I have set are as follows:
  WPA/WPA2 is EAP.
  WPA2 only mode is OFF.
  The EAP plug-in settings are:
  All types of EAPs are disabled apart from the EAP-PEAP.
  those settings are then as follows.
  Personal certificate is NOT DEFINED.
  Authority certificate is Thawte Premium.
  user name in use is USER DEFINED.
  User name is my user name.
  Realm in Use is USER DEFINED.
  Realm is the relevant realm.
  Allow PEAPv0 is yes.
  Allow PEAPv1 is yes.
  Allow PEAPv2 is no. 
  The EAPs: the only one which is active is the EAP-MSCHAPv2.
  Those settings are my user name 
  Prompt password YES
  My password is entered.
  The in terms of Ciphers I have 5 which are selected. I don't know what they do so I have not played with them too much.
  The enabled ones are:
   RSA, 3DES, SHA
  DHE-RSA,3DES, SHA
  DHE-DSS,3DES,SHA
  RSA, AES, SHA
  DHE-RSA, AES, SHA
   I have also tried connecting leaving all else the same but activating all ciphers and then again with no ciphers active.
  The problems i experience are either a endless cycle where i have to enter my user name and password or it simply says 'no gateway reply'.
  Assistance in this would be greatly appreciated as this is one of the primary functions I bought this phone for. 
  Thanks H 

  Are you sure you are using the right certificates and why dont you allow PEAPv2? You might need a personal certificate. Switch off the automatic settings in the advanced settings of your WLAN, scroll down to Power saving and disable to avoid "no gateway".
  ‡Thank you for hitting the Blue/Green Star button‡
  N8-00 RM 596 V:111.030.0609; E71-1(05) RM 346 V: 500.21.009