WlanApi: Setting and connecting WPA2-Enterprise and PEAP

Similar Messages

• WPA2-Enterprise + EAP (PEAP) and 802.1x to authenticate to RADIUS server NPS

  I need to connect my iPhone and my iPad to the corporate wireless network using WPA2-Enterprise and 802.1x to authenticate against a RADIUS server with my corporate user. What is the procedure to configure the clients? Certificates is not necessary on the client. Radius server is a NPS of Microsoft and the WLC is a 5508 of Cisco.
  thanks !!!

  WPA and WPA2 are all actually interim protocols that are used until the standardization of IEEE 802.11i standard. Wi-fi appliance decided that ratification and standardization of 802.11i standards will take more time. So, they came up with WPA.
  Now, WPA2 is advanced version of WPA. WPA2 uses AES as encryption algorithm. Whereas, WPA use TKIP as encryption mode which in turn uses RC4 encryption algorithm.
  WPA and WPA2 are actually are of 2 types respectively.
  WPA/WPA2-PSK - This is mainly for small offices. This uses Pre-Shared Key for authentication.
  WPA/WPA2 -Enterprise - This uses a RADIUS Server for authentication. This is an extension to 802.1x authentication. But this uses stronger encryption scheme(WPA uses RC4 and WPA2 uses AES).
  Any authentication mechanism that involves a separation authentication server for authentication like ACS server is called 802.1x authentication.
  EAP stands for Extensible Authentication Protocol. It refers to the type or method of 802.1x Authentication by the RADIUS/Tacacs server. A RADIUS server can authenticate a wireless client with various EAP methods.
  LEAP is one type of EAP. It uses username and password for authenticating wireless clients. LEAP is cisco proprietory.
  There are also EAP types which uses other user credentials like Certificates, SIM etc for authentcation.
  The following document might clarify your doubts.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.shtml

• Airport Express +WPA2 Enterprise, no place to enter username and pass for auth...

  Airport Express version 7.6
  Airport Utility 5.5.3
  I want to use the Airport Express simply to bridge an Ethernet connection to wireless using WPA 2 Enterprise (Wireless network uses RADIUS authentication)
  Wireless mode is set to "Join a wireless network"
  Wireless Security is set to "WPA/WPA2 Enterprise"
  Problem is that there is no place that I can find to enter the username and password for the Enterprise security.
  Thanks

  Airport Express version 7.6
  Airport Utility 5.5.3
  I want to use the Airport Express simply to bridge an Ethernet connection to wireless using WPA 2 Enterprise (Wireless network uses RADIUS authentication)
  Wireless mode is set to "Join a wireless network"
  Wireless Security is set to "WPA/WPA2 Enterprise"
  Problem is that there is no place that I can find to enter the username and password for the Enterprise security.
  Thanks

• IOS 5 can't connect to WPA/WPA2 Enterprise Wireless Network

  After upgrading multiple iPhone 4 (CDMA versions) to IOS 5.0, I have not been able to get them to connect to our WPA/WPA2 Enterprise wirless network.  We use a Cisco Wireless LAN Controller.  The wireless network is capable of doing WPA or WPA2 Enterprise with PEAP.  These phones all connected to this network fine before the upgrade.
  When connecteding to the network, it prompts me for the username and password and when I tap join it sits for about 10-15 seconds then says "Unable to join the network" with a Dismiss button.
  It connects to non-Enterprise networks just fine.  I have tested it on WPA Personal and WPA2 Personal networks and it has worked on several without issue.
  I have tried "forget this network" with no success.
  Is anyone else having this problem?  I know of at least three Verizon iPhone 4's that have this exact same problem.  I haven't seen one working with this configuration yet.

  I have the same problem:
  Cisco WLC's -> WPA2 Enterprise AES + EAP-PEAP 802.1x with CCKM
  Pre 5.0 - all worked fine
  Post 5.0 - it tries to connect and after few moments i get error - couldn't connect.
  Info from controller:
  10/17/2011 12:16:37 CEST           INFO           172.16.16.X           Sending EAP request to client from radius server. 6.f. ..l
  10/17/2011 12:16:38 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
  10/17/2011 12:16:39 CEST           ERROR           172.16.16.X           Retransmitting EAP-ID request to client,retransmission timer expired. 5.y. ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           Authentication failed for client as EAP ID request from AP reached maxmium retransmissions. 5.yp ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           De-authentication sent to client. 5.oP ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           5.yp ..l
  10/17/2011 12:16:40 CEST           ERROR           172.16.16.X           EAPOL-key is invalid, scheduling client for deletion. 5.yp ..l
  On the Radius server i don't see any activity regarding this device.
  I had this network configured on my iPhone - after upgrade and restore it remembered it. Every time i was in vicinity of my Enterprise WLAN it tried to connect - resulting int express battery drain - 6-7 hrs and battery was empty from 100%

• After IOS 5 upgrading Iphone we set up wireless network each time (WPA2 Enterprise)

  Our company is connecting to wpa2 enterprise.
  when we used IOS 4.XX we could connect wpa2 enterprise
  but after upgrading IOS 5.0, it occured some problem.
  Our staff should change a password per 3 month, at that time we should delete a network
  but SSID set it up again each time and put a userID / Password when we connect wifi
  i read other comment that user sloved problem using iPhone Configuration Utility in apple support communites but it bother our staff.
  is there another sloution?

  Has anyone tried it? I would like to have an answer, I'm trying since Friday and is working properly.

• Certificate renewal with WPA2-Enterprise PEAP MS-CHAPv2

  Hello
  We have a wireless network which is secured with WPA2-Enterprise with PEAP and MS-CHAPv2. The Radius servers (Windows Server 2008r2 with the Radius Feature installed) currently use a public signed certificate. This is about to expire soon and will need to be renewed.
  The clients are non-managed and from all variety (OS, wifi-software, ...).
  The Wifi is 4400 controller based and managed with the new Prime Infrastructure 1.3.
  What is the best way to do the renewal with as little disturbance for the client as possible? The less manual interaction for the end user the better.
  Thanks
  Patrick                 

  Hello Patrick,
  As per your query i can suggest you the following steps-
  Since the root CA is the most critical CA in the hierarchy, you may prefer to have a strategy here that reduces the need to renew the root certificate often.
  The first consideration is choosing the key length of the root's public key and private key pair during setup of the root authority. By using a long key length, which is generally more secure against brute force attack than a shorter key length, you increase the length of time that the CA can use the same private key and have reasonable confidence that it has not been compromised. The second consideration is establishing the validity period of the root certificate itself. In general, you will want to create a root certificate that has a shorter validity period than the estimated lifetime of the key.
  For more information you can refer to the link-
  http://technet.microsoft.com/en-us/library/cc740209(v=ws.10).aspx
  Hope this will help you.

• Spontaneous disconnects from a WPA2 Enterprise network with iwlwifi

  The wireless network at my work uses WPA2-Enterprise with PEAP authentication and MSCHAPv2 inner authentication.  Given this, cacert.org.crt, and the username and password, I am sometimes able to connect.  However, I am often spontaneously disconnected.  Sometimes this happens seconds after I connect, sometimes, I stay connected for hours.  I use network manager to connect within gnome-shell.
  The following describes my wireless card.
  $ lspci | grep Net
  07:00.0 Network controller: Intel Corporation Centrino Advanced-N 6235 (rev 24)
  The NetworkManager log is not much help...
  May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: scanning -> disconnected
  May 09 10:10:24 ocelot NetworkManager[299]: <info> (wlan0): supplicant interface state: disconnected -> scanning
  Last edited by astex (2013-05-09 14:27:44)

  I had the same problems with my Intel Centrino Advanced-N 6000 and the WPA2 Enterprise network at university. And now since my last update where the driver seemed to be updated when also netctl replaced netcfg I am completly unable to connect to the network. But with my WPA2-PSK network I don't have any problems and my Notebook connects instantly.
  I'm using wicd but also tried NetworkManager, netctl and also manually using wpa_supplicant but it was the same problem.
  Also shutting down hardware encrpyption and 11n like mentioned in  this topic:
  option iwlwifi swcrypto=1
  option iwlwifi 11n_disable=1
  I guess it must be a driver bug.

• My laptop is using Windows 8.1 and it can't connect to a WiFi using WPA2/Enterprise authenticate

  I am using a laptop Dell Inspiron 15z with Windows 8.1 64 Bit OS.  And i build a test lab to test WPA2/Enterprise authenticate.
  My Lab is like that:
  1/ My DC + DNS using Windows 2012 RC2 Standard.
  2/ I install CA + Radius Server on DC Server.
  3/ My AP WiFi is DrayTek AP810
  After configed i can you use my iphone 5s (ios 8.1), my android phone (Samsung Galaxy), 1 laptop Windows 7, 1 laptop Windows 8 to test. And all of them can connected with no problem.
  But my laptop using Windows 8.1 64 bit OS can't connected. After i choise the WiFi, it only show "checking network requirement"- not show the option question username and password. (and i config it exactly like laptop Windows 8).
  I have tried find the answer on Google but nothing help me. (i have choise PEAP, install Certificate...)
  Please help me guys. Thank you so much.

  Hi,
  About this issue, we could troubleshoot as the following methods on the Windows 8.1 client side.
  1. Maker sure the "Automatically use my Windows logon name and password" setting on the client is disabled and on your client and type in the correct domain name when prompted.
  2. If the issuer persists, delete this network profile in your Windows 8.1 client with commands and manually configure it as
  this similar thread.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Can't create a WPA2-Enterprise wireless connection; missing Microsoft: PEAP

  OS: Windows 7 64-bit Enterprise
  Hardware: Lenovo T410S w/Intel 5300 ABGN Wireless
  If I try to build the wireless connection manually and choose WPA2-Enterprise, then click next, I get 'An unexpected error occurred.' and no options to configure; just close.
  I then tried to create a Preshared Key WPA2 connection. This worked fine. When I go to edit the connection, I have the ability to select the WPA2-Enterprise options, however in the list of Network Authentication methods (under Security Tab), I don't have
  the Microsoft: PEAP or SmartCard options. I only have Cisco: LEAP,PEAP,EAP-FAST and Intel: EAP-SIM,EAP-TTLS,EAP-AKA (6 entries).
  It's my theory that because the Microsoft options are missing, the wizard gets the unexpected error. I'm wondering how I get the MS ones back.

  Hi,
  Thanks for posting in Microsoft TechNet forums.
  Do you have Symantec installed? It is said the issue could be due to conflict with Symantec Endpoint Protection. Please uninstall\reinstall Symantec
  if it is there.
  Best Regards
  Magon Liu
  TechNet Subscriber Support
  in forum. If you have any feedback on our support, please contact
  [email protected]
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• WAP4410N width Security-Mode WPA2-Enterprise and WDS-Repeater

  Hi,
  i have two WAP4410N with same Firmware 2.0.7.4. One Configured as AccessPoint with "Allow wireless signal to be repeated by a repeater." and correct MAC of the repeater.
  The Repeater has same settings (WPA2-Enterprise, both WAP4410N in B/G/N-Mode) configured as "Wireless WDS-Repeater" width correct MAC of first AP.
  Problem is, that the Repeater does not repeat anything, nothing in the logfile. Are my settings correct or should i use "Wireless Client/Repeater" in my case. Does WAP4410N support Repeating in WPA2-Enterprise?
  Thanks for your assistance

  A dumb question first of all - when you entered the mac address to repeat, did you use the wireless rather than the wired mac address?
  I also found that enabling http (wireless) access to the wap4410n repeater and then disconnecting the wired connection to the wap4410n ap helped set things up better.
  If you search these forums I uploaded beta firmware that works much better than the one you're using. Alternatively you could use wap encryption, it seems that using wpa2-personnel is what messes up the firmware you're using.

• Officejet 6000 wireless and WPA2-Enterprise network security

  I own an Officejet 6000 wireless printer. The manual says that it should be compatible with a wireless network with WPA2-Enterprise network security but when setting up the connection (I am using a macbook and am setting the printer up via usb connection) the newtork is listed but the security type is "unsupported." For whatever its worth it is listed 5 or 6 times but probably thats a different issue.
  I can still select the right network but it only asks for a security key, but my network security requires a log-in name and password.
  What can I do to get my printer connected to the network?

  I get the feeling that most of the people replying here don't know the difference between WPA2-Personal and WPA2-Enterprise.
  Personal has a passkey.
  Enterprise uses both a username and password, usually in conjunction with a Radius server (802.1X athentication).
  What we've had to do solve this problem is create a second SSID on the network that authenticates on WPA2-Personal. We use a really long password to secure the network, one that I will never be able to memorize in my lifetime.
  All we can hope for is that these enterprise-level vendors will, perhaps, gain a greater understanding of wireless authentication processes and the needs of actual enterprise customers who at least a percieved need for wireless printer capabilities. It used to be that customer was always right, though. Perhaps those days are gone...
  The other problem that probably ought to be addressed on consumer end is the fact that multicast tools that make AirPrint work (such as Bonjour), are being blocked from crossing between your wired and wireless networks, perhaps by the wireless controller or due to inefficient routing hierarchy or NAT/PAT issues. Solve this issue and you won't have a need for wireless printers.

• Issues with IOS and WPA2 Enterprise

  Hi,
  Done a lot of searching on this, but can't find anything useful!
  I've got a network running WPA2 Enterprise using AES and PEAP/EAP-MSCHAP-V2
  For some reason, all our apple IOS devices connect to the network fine and are able to accept the server certificate, but can't seem to access anything over the network such as the internet once connected. I'm currently testing an iPad mini with IOS 7.0.4
  I have other devices such as laptops and a Windows Phone 8 devices, and everything works fine.
  Am I missing something here? What could be causing the IOS devices to stop accessing the network?
  Cheers,
  Carl.

  I just found this on the frontline support site, I believe my question has been answered:
  Important Notice
  iOS Devices
  Apple has made a change to the PushMagic or UnlockToken values in that they may differ in size to previous values. This can cause issues with iOS devices being able to connect to the Afaria server as the current database field size is not adequate to facilitate the variable length of this value.
  Apple has made a change to the PushMagic or UnlockToken values in that they may differ in size to previous values. This can cause issues with iOS devices being able to connect to the Afaria server as the current database field size is not adequate to facilitate the variable length of this value.
  There is an Apple issue that we have found in our testing that occurs when iOS devices are enrolled. This issue fails a check when the enrollment payload is inspected and the signing cannot be read. SAP believes Apple will fix this issue prior to iOS 7.1 being released but we are working on a patch that will address this issue shortly in case the fix does not make the iOS 7.1 GA release.
  Afaria will be providing a patch to address this issue that increases the size of the database column from 2K to 6K to accommodate this change.
  This issue is resolved in Service Pack 3 Hot Fix 39 and Service Pack 4 Hot Fix 3. Available now.

• What is the difference between WPA2 Personal and WPA2 Enterprise

  I am setting up my Airport Extreme and would like to know what is the difference between the WPA2 personal versus the Enterprise, I wish to secure my wireless system.

  wpa2 personal uses preshared passphrases to connect various devices to the wireless network;  this is probably what 99 % of all home users use. the wireless device takes your preshared key and hashes it
  with your ssid name and sends the information via a 4 way handshake to get the current encryption keys and these keys change at regular intervals (default 1 hour)
  im not 100 % sure on this one. but this is the impression i get.
  wpa2 enterprise relies on an authentication server, and i believe each cient is given a different encryption cipher or the server is the one that has the keys and gives the current keys to the client. the cient does not use a preshared key. the only time i ever used wpa2 enterprise was google secure wifi in mountain view

• Airport Express broadcasting both WPA2 Personal and WPA2 Enterprise?

  We were recently scanning for wireless access points for a client using a product called Vistumbler.  The client had two older Airport Express wireless routers, set to use WPA2 Personal, but Vistumbler was detecting both WPA2 Personal and WPA2 Enterprise during the scans. Has anyone else seen this before with any other routers or scanning software? If so, was there a way to only broadcast the current encryption setting?

  The AirPorts can be set to WPA2 Personal.......OR........WPA2 Enterprise, but only one setting can be activated at a time.
  In the highly unlikely event that the AirPort Express devices are really broadcasting with two different types of encryption, the devices either have corrupted software settings, or they are defective.
  Try another scanner......like WiFi Scanner, located in the Utilities folder of the Mac,  or another application to see if you get the same results.

• IPhone (and Mac) 802.1x WPA2-Enterprise fail

  Large enterprise with lots of access points (Cisco AIR-AP-1131) using RADIUS authentication going back to Windows (2k3) servers running IAS. WPA2-Enterprise.
  Windows devices are able to authenticate fine. Our servers do present an authentication certificate. No certs are required on clients.
  When Macs and iPhones try to connect, they are able to successfully authenticate (username/password successfully passed to RADIUS and is accepted), and the client device then asks if we want to accept the server certificate. We do, but we never get an IP address from DHCP.
  If we configure a static IP on the client device, it associates but is unable to communicate with anything.
  This seems to only happen with Apple devices.
  Any ideas? We've tried this with multiple Apple devices running multiple versions of iOS and MacOS.

  Fixed. Our Cisco APs were configured with WPA2 but were using TKIP encryption only. Enabled AES, and blammo - works.